[PATCH v2 1/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Waiman Long <longman@redhat.com>
To: Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"H. Peter Anvin" <hpa@zytor.com>,
	x86@kernel.org
Cc: linux-kernel@vger.kernel.org,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
	Mark Gross <mgross@linux.intel.com>,
	Tony Luck <tony.luck@intel.com>, Waiman Long <longman@redhat.com>
Subject: [PATCH v2 1/2] x86/speculation: Fix incorrect MDS/TAA mitigation status
Date: Fri, 15 Nov 2019 11:14:44 -0500	[thread overview]
Message-ID: <20191115161445.30809-2-longman@redhat.com> (raw)
In-Reply-To: <20191115161445.30809-1-longman@redhat.com>

For MDS vulnerable processors with TSX support, enabling either MDS or
TAA mitigations will enable the use of VERW to flush internal processor
buffers at the right code path. IOW, they are either both mitigated
or both not. However, if the command line options are inconsistent,
the vulnerabilites sysfs files may not report the mitigation status
correctly.

For example, with only the "mds=off" option:

  vulnerabilities/mds:Vulnerable; SMT vulnerable
  vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT vulnerable

The mds vulnerabilities file has wrong status in this case. Similarly,
the taa vulnerability file will be wrong with mds mitigation on, but
taa off.

Change taa_select_mitigation() to sync up the two mitigation status
and have them turned off if both "mds=off" and "tsx_async_abort=off"
are present.

Both hw-vuln/mds.rst and hw-vuln/tsx_async_abort.rst are updated
to emphasize the fact that both "mds=off" and "tsx_async_abort=off"
have to be specified together for processors that are affected by both
TAA and MDS to be effective. As kernel-parameter.txt references both
documents above, it is not necessary to update it.

Signed-off-by: Waiman Long <longman@redhat.com>
---
 Documentation/admin-guide/hw-vuln/mds.rst       |  6 +++++-
 .../admin-guide/hw-vuln/tsx_async_abort.rst     |  5 ++++-
 arch/x86/kernel/cpu/bugs.c                      | 17 +++++++++++++++--
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
index e3a796c0d3a2..8e5212fedac3 100644
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -265,7 +265,11 @@ time with the option "mds=". The valid arguments for this option are:
 
   ============  =============================================================
 
-Not specifying this option is equivalent to "mds=full".
+Not specifying this option is equivalent to "mds=full". For
+processors that are affected by both TAA (TSX Asynchronous Abort)
+and MDS, specifying just "mds=off" without an accompanying
+"tsx_async_abort=off" will have no effect as the same mitigation is
+used for both vulnerabilities.
 
 
 Mitigation selection guide
diff --git a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
index fddbd7579c53..af6865b822d2 100644
--- a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
+++ b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
@@ -174,7 +174,10 @@ the option "tsx_async_abort=". The valid arguments for this option are:
                 CPU is not vulnerable to cross-thread TAA attacks.
   ============  =============================================================
 
-Not specifying this option is equivalent to "tsx_async_abort=full".
+Not specifying this option is equivalent to "tsx_async_abort=full". For
+processors that are affected by both TAA and MDS, specifying just
+"tsx_async_abort=off" without an accompanying "mds=off" will have no
+effect as the same mitigation is used for both vulnerabilities.
 
 The kernel command line also allows to control the TSX feature using the
 parameter "tsx=" on CPUs which support TSX control. MSR_IA32_TSX_CTRL is used
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 4c7b0fa15a19..cb513eaa0df1 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -304,8 +304,12 @@ static void __init taa_select_mitigation(void)
 		return;
 	}
 
-	/* TAA mitigation is turned off on the cmdline (tsx_async_abort=off) */
-	if (taa_mitigation == TAA_MITIGATION_OFF)
+	/*
+	 * TAA mitigation via VERW is turned off if both
+	 * tsx_async_abort=off and mds=off are specified.
+	 */
+	if (taa_mitigation == TAA_MITIGATION_OFF &&
+	    mds_mitigation == MDS_MITIGATION_OFF)
 		goto out;
 
 	if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
@@ -339,6 +343,15 @@ static void __init taa_select_mitigation(void)
 	if (taa_nosmt || cpu_mitigations_auto_nosmt())
 		cpu_smt_disable(false);
 
+	/*
+	 * Update MDS mitigation, if necessary, as the mds_user_clear is
+	 * now enabled for TAA mitigation.
+	 */
+	if (mds_mitigation == MDS_MITIGATION_OFF &&
+	    boot_cpu_has_bug(X86_BUG_MDS)) {
+		mds_mitigation = MDS_MITIGATION_FULL;
+		mds_select_mitigation();
+	}
 out:
 	pr_info("%s\n", taa_strings[taa_mitigation]);
 }
-- 
2.18.1

next prev parent reply	other threads:[~2019-11-15 16:16 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-15 16:14 [PATCH v2 0/2] x86/speculation: Fix incorrect MDS/TAA mitigation status Waiman Long
2019-11-15 16:14 ` Waiman Long [this message]
2019-11-15 17:09   ` [PATCH v2 1/2] " Boris Petkov
2019-11-15 19:35     ` Thomas Gleixner
2019-11-15 20:21       ` Boris Petkov
2019-11-18  1:17         ` Waiman Long
2019-11-16 12:25   ` [tip: x86/pti] " tip-bot2 for Waiman Long
2019-11-15 16:14 ` [PATCH v2 2/2] x86/speculation: Fix redundant MDS mitigation message Waiman Long
2019-11-16 12:25   ` [tip: x86/pti] " tip-bot2 for Waiman Long
2019-11-16 14:24     ` Borislav Petkov
2019-11-18  1:22       ` Waiman Long
2019-11-16 14:38   ` tip-bot2 for Waiman Long
2019-11-15 16:17 ` [PATCH v2 0/2] x86/speculation: Fix incorrect MDS/TAA mitigation status Waiman Long

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e3a796c0d3a dfblob:8e5212fedac dfblob:fddbd7579c5
dfblob:af6865b822d dfblob:4c7b0fa15a1 dfblob:cb513eaa0df )
 OR (
bs:"[PATCH v2 1/2] x86/speculation: Fix incorrect MDS/TAA mitigation status" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191115161445.30809-2-longman@redhat.com \
    --to=longman@redhat.com \
    --cc=bp@alien8.de \
    --cc=gregkh@linuxfoundation.org \
    --cc=hpa@zytor.com \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mgross@linux.intel.com \
    --cc=mingo@redhat.com \
    --cc=pawan.kumar.gupta@linux.intel.com \
    --cc=tglx@linutronix.de \
    --cc=tony.luck@intel.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox