From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org
Cc: daniel.sneddon@linux.intel.com, tony.luck@intel.com,
linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
linux-perf-users@vger.kernel.org,
Josh Poimboeuf <jpoimboe@kernel.org>,
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Ricardo Neri <ricardo.neri-calderon@linux.intel.com>,
"Liang, Kan" <kan.liang@linux.intel.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Brice Goglin <brice.goglin@gmail.com>,
Mario Limonciello <mario.limonciello@amd.com>,
Perry Yuan <Perry.Yuan@amd.com>,
Dapeng Mi <dapeng1.mi@linux.intel.com>
Subject: [PATCH v5 9/9] x86/rfds: Exclude P-only parts from the RFDS affected list
Date: Wed, 11 Dec 2024 22:58:09 -0800 [thread overview]
Message-ID: <20241211-add-cpu-type-v5-9-2ae010f50370@linux.intel.com> (raw)
In-Reply-To: <20241211-add-cpu-type-v5-0-2ae010f50370@linux.intel.com>
RFDS only affects Atom parts. Vendor/Family/Model matching in the affected
processor table makes Alderlake and Raptorlake P-only parts affected (which
are not affected in reality). This is because the affected hybrid and
E-only parts have the same Family/Model as the unaffected P-only parts.
Match CPU-type as Atom to exclude P-only parts as RFDS affected.
Note, a guest with the same Family/Model as the affected part may not have
leaf 1A enumerated to know its CPU-type, but it should not be a problem as
guest's Family/Model can anyways be inaccurate. Moreover, RFDS_NO or
RFDS_CLEAR enumeration by the VMM decides the affected status of the guest.
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 8 --------
arch/x86/kernel/cpu/common.c | 9 +++++++--
2 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst
index 0585d02b9a6c..ad15417d39f9 100644
--- a/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst
+++ b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst
@@ -29,14 +29,6 @@ Below is the list of affected Intel processors [#f1]_:
RAPTORLAKE_S 06_BFH
=================== ============
-As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and
-RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as
-vulnerable in Linux because they share the same family/model with an affected
-part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or
-CPUID.HYBRID. This information could be used to distinguish between the
-affected and unaffected parts, but it is deemed not worth adding complexity as
-the reporting is fixed automatically when these parts enumerate RFDS_NO.
-
Mitigation
==========
Intel released a microcode update that enables software to clear sensitive
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 6c45b8bed9fc..a82d6184e1d0 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1207,6 +1207,11 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
#define VULNBL_INTEL_STEPPINGS(vfm, steppings, issues) \
X86_MATCH_VFM_STEPPINGS(INTEL_##vfm, steppings, issues)
+#define VULNBL_INTEL_TYPE(vfm, cpu_type, issues) \
+ X86_MATCH_VFM_CPU_TYPE(INTEL_##vfm, \
+ INTEL_CPU_TYPE_##cpu_type, \
+ issues)
+
#define VULNBL_AMD(family, blacklist) \
VULNBL(AMD, family, X86_MODEL_ANY, blacklist)
@@ -1255,9 +1260,9 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
VULNBL_INTEL( TIGERLAKE, GDS),
VULNBL_INTEL( LAKEFIELD, MMIO | MMIO_SBDS | RETBLEED),
VULNBL_INTEL( ROCKETLAKE, MMIO | RETBLEED | GDS),
- VULNBL_INTEL( ALDERLAKE, RFDS),
+ VULNBL_INTEL_TYPE( ALDERLAKE, ATOM, RFDS),
VULNBL_INTEL( ALDERLAKE_L, RFDS),
- VULNBL_INTEL( RAPTORLAKE, RFDS),
+ VULNBL_INTEL_TYPE( RAPTORLAKE, ATOM, RFDS),
VULNBL_INTEL( RAPTORLAKE_P, RFDS),
VULNBL_INTEL( RAPTORLAKE_S, RFDS),
VULNBL_INTEL( ATOM_GRACEMONT, RFDS),
--
2.34.1
next prev parent reply other threads:[~2024-12-12 6:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-12 6:57 [PATCH v5 0/9] Utilize cpu-type for CPU matching Pawan Gupta
2024-12-12 6:57 ` [PATCH v5 1/9] x86/cpu: Prepend 0x to the hex values in cpu_debug_show() Pawan Gupta
2025-02-27 12:55 ` [tip: x86/cpu] x86/cpu: Prefix hexadecimal values with 0x " tip-bot2 for Pawan Gupta
2024-12-12 6:57 ` [PATCH v5 2/9] cpufreq: intel_pstate: Avoid SMP calls to get cpu-type Pawan Gupta
2025-02-27 12:55 ` [tip: x86/cpu] " tip-bot2 for Pawan Gupta
2024-12-12 6:57 ` [PATCH v5 3/9] perf/x86/intel: Use cache cpu-type for hybrid PMU selection Pawan Gupta
2025-02-27 12:55 ` [tip: x86/cpu] " tip-bot2 for Pawan Gupta
2024-12-12 6:57 ` [PATCH v5 4/9] x86/cpu: Remove get_this_hybrid_cpu_*() Pawan Gupta
2025-02-27 12:55 ` [tip: x86/cpu] " tip-bot2 for Pawan Gupta
2024-12-12 6:57 ` [PATCH v5 5/9] x86/cpu: Name CPU matching macro more generically (and shorten) Pawan Gupta
2024-12-12 6:57 ` [PATCH v5 6/9] x86/cpu: Add cpu_type to struct x86_cpu_id Pawan Gupta
2024-12-12 6:57 ` [PATCH v5 7/9] x86/cpu: Update x86_match_cpu() to also use cpu-type Pawan Gupta
2024-12-12 6:58 ` [PATCH v5 8/9] x86/bugs: Declutter vulnerable CPU list Pawan Gupta
2024-12-12 6:58 ` Pawan Gupta [this message]
2025-02-27 12:40 ` [PATCH v5 0/9] Utilize cpu-type for CPU matching Ingo Molnar
2025-02-27 17:51 ` Pawan Gupta
2025-02-27 18:28 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241211-add-cpu-type-v5-9-2ae010f50370@linux.intel.com \
--to=pawan.kumar.gupta@linux.intel.com \
--cc=Perry.Yuan@amd.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=brice.goglin@gmail.com \
--cc=daniel.sneddon@linux.intel.com \
--cc=dapeng1.mi@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=jpoimboe@kernel.org \
--cc=kan.liang@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=mingo@redhat.com \
--cc=rafael@kernel.org \
--cc=ricardo.neri-calderon@linux.intel.com \
--cc=srinivas.pandruvada@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.