From: David Kaplan <david.kaplan@amd.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>, <x86@kernel.org>,
"H . Peter Anvin" <hpa@zytor.com>
Cc: <linux-kernel@vger.kernel.org>
Subject: [RFC PATCH 17/34] x86/bugs: Restructure srso mitigation
Date: Thu, 12 Sep 2024 14:08:40 -0500 [thread overview]
Message-ID: <20240912190857.235849-18-david.kaplan@amd.com> (raw)
In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com>
Restructure srso to use select/update/apply functions to create
consistent vulnerability handling. Like with retbleed, the command line
options directly select mitigations which can later be modified.
Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
arch/x86/kernel/cpu/bugs.c | 136 ++++++++++++++++++-------------------
1 file changed, 68 insertions(+), 68 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index ba10aa37d949..334fd2c5251d 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -84,6 +84,8 @@ static void __init srbds_select_mitigation(void);
static void __init srbds_apply_mitigation(void);
static void __init l1d_flush_select_mitigation(void);
static void __init srso_select_mitigation(void);
+static void __init srso_update_mitigation(void);
+static void __init srso_apply_mitigation(void);
static void __init gds_select_mitigation(void);
static void __init gds_apply_mitigation(void);
static void __init bhi_select_mitigation(void);
@@ -200,11 +202,6 @@ void __init cpu_select_mitigations(void)
rfds_select_mitigation();
srbds_select_mitigation();
l1d_flush_select_mitigation();
-
- /*
- * srso_select_mitigation() depends and must run after
- * retbleed_select_mitigation().
- */
srso_select_mitigation();
gds_select_mitigation();
bhi_select_mitigation();
@@ -220,6 +217,7 @@ void __init cpu_select_mitigations(void)
taa_update_mitigation();
mmio_update_mitigation();
rfds_update_mitigation();
+ srso_update_mitigation();
spectre_v1_apply_mitigation();
spectre_v2_apply_mitigation();
@@ -232,6 +230,7 @@ void __init cpu_select_mitigations(void)
mmio_apply_mitigation();
rfds_apply_mitigation();
srbds_apply_mitigation();
+ srso_apply_mitigation();
gds_apply_mitigation();
bhi_apply_mitigation();
}
@@ -2637,6 +2636,7 @@ early_param("l1tf", l1tf_cmdline);
enum srso_mitigation {
SRSO_MITIGATION_NONE,
+ SRSO_MITIGATION_AUTO,
SRSO_MITIGATION_UCODE_NEEDED,
SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED,
SRSO_MITIGATION_MICROCODE,
@@ -2645,14 +2645,6 @@ enum srso_mitigation {
SRSO_MITIGATION_IBPB_ON_VMEXIT,
};
-enum srso_mitigation_cmd {
- SRSO_CMD_OFF,
- SRSO_CMD_MICROCODE,
- SRSO_CMD_SAFE_RET,
- SRSO_CMD_IBPB,
- SRSO_CMD_IBPB_ON_VMEXIT,
-};
-
static const char * const srso_strings[] = {
[SRSO_MITIGATION_NONE] = "Vulnerable",
[SRSO_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode",
@@ -2663,8 +2655,7 @@ static const char * const srso_strings[] = {
[SRSO_MITIGATION_IBPB_ON_VMEXIT] = "Mitigation: IBPB on VMEXIT only"
};
-static enum srso_mitigation srso_mitigation __ro_after_init = SRSO_MITIGATION_NONE;
-static enum srso_mitigation_cmd srso_cmd __ro_after_init = SRSO_CMD_SAFE_RET;
+static enum srso_mitigation srso_mitigation __ro_after_init = SRSO_MITIGATION_AUTO;
static int __init srso_parse_cmdline(char *str)
{
@@ -2672,15 +2663,15 @@ static int __init srso_parse_cmdline(char *str)
return -EINVAL;
if (!strcmp(str, "off"))
- srso_cmd = SRSO_CMD_OFF;
+ srso_mitigation = SRSO_MITIGATION_NONE;
else if (!strcmp(str, "microcode"))
- srso_cmd = SRSO_CMD_MICROCODE;
+ srso_mitigation = SRSO_MITIGATION_MICROCODE;
else if (!strcmp(str, "safe-ret"))
- srso_cmd = SRSO_CMD_SAFE_RET;
+ srso_mitigation = SRSO_MITIGATION_SAFE_RET;
else if (!strcmp(str, "ibpb"))
- srso_cmd = SRSO_CMD_IBPB;
+ srso_mitigation = SRSO_MITIGATION_IBPB;
else if (!strcmp(str, "ibpb-vmexit"))
- srso_cmd = SRSO_CMD_IBPB_ON_VMEXIT;
+ srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT;
else
pr_err("Ignoring unknown SRSO option (%s).", str);
@@ -2696,12 +2687,16 @@ static void __init srso_select_mitigation(void)
if (!boot_cpu_has_bug(X86_BUG_SRSO) ||
cpu_mitigations_off() ||
- srso_cmd == SRSO_CMD_OFF) {
+ srso_mitigation == SRSO_MITIGATION_NONE) {
if (boot_cpu_has(X86_FEATURE_SBPB))
x86_pred_cmd = PRED_CMD_SBPB;
return;
}
+ /* Default mitigation */
+ if (srso_mitigation == SRSO_MITIGATION_AUTO)
+ srso_mitigation = SRSO_MITIGATION_SAFE_RET;
+
if (has_microcode) {
/*
* Zen1/2 with SMT off aren't vulnerable after the right
@@ -2713,29 +2708,59 @@ static void __init srso_select_mitigation(void)
setup_force_cpu_cap(X86_FEATURE_SRSO_NO);
return;
}
-
- if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
- srso_mitigation = SRSO_MITIGATION_IBPB;
- goto out;
- }
} else {
pr_warn("IBPB-extending microcode not applied!\n");
pr_warn(SRSO_NOTICE);
- /* may be overwritten by SRSO_CMD_SAFE_RET below */
- srso_mitigation = SRSO_MITIGATION_UCODE_NEEDED;
+ /* Fall-back to Safe-RET */
+ srso_mitigation = SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED;
}
- switch (srso_cmd) {
- case SRSO_CMD_MICROCODE:
- if (has_microcode) {
- srso_mitigation = SRSO_MITIGATION_MICROCODE;
- pr_warn(SRSO_NOTICE);
- }
+ switch (srso_mitigation) {
+ case SRSO_MITIGATION_MICROCODE:
+ pr_warn(SRSO_NOTICE);
+ break;
+
+ case SRSO_MITIGATION_SAFE_RET:
+ case SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED:
+ if (!IS_ENABLED(CONFIG_MITIGATION_SRSO))
+ pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
break;
- case SRSO_CMD_SAFE_RET:
- if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) {
+ case SRSO_MITIGATION_IBPB:
+ if (!IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY))
+ pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
+ break;
+
+ case SRSO_MITIGATION_IBPB_ON_VMEXIT:
+ if (!IS_ENABLED(CONFIG_MITIGATION_SRSO))
+ pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
+ break;
+ default:
+ break;
+ }
+}
+
+static void __init srso_update_mitigation(void)
+{
+ /* If retbleed is using IBPB, that works for SRSO as well */
+ if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB)
+ srso_mitigation = SRSO_MITIGATION_IBPB;
+
+ pr_info("%s\n", srso_strings[srso_mitigation]);
+}
+
+static void __init srso_apply_mitigation(void)
+{
+ if (!boot_cpu_has_bug(X86_BUG_SRSO) ||
+ srso_mitigation == SRSO_MITIGATION_NONE) {
+ if (boot_cpu_has(X86_FEATURE_SBPB))
+ x86_pred_cmd = PRED_CMD_SBPB;
+ return;
+ }
+ switch (srso_mitigation) {
+ case SRSO_MITIGATION_SAFE_RET:
+ case SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED:
/*
* Enable the return thunk for generated code
* like ftrace, static_call, etc.
@@ -2750,42 +2775,17 @@ static void __init srso_select_mitigation(void)
setup_force_cpu_cap(X86_FEATURE_SRSO);
x86_return_thunk = srso_return_thunk;
}
- if (has_microcode)
- srso_mitigation = SRSO_MITIGATION_SAFE_RET;
- else
- srso_mitigation = SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED;
- } else {
- pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
- }
- break;
-
- case SRSO_CMD_IBPB:
- if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
- if (has_microcode) {
- setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
- srso_mitigation = SRSO_MITIGATION_IBPB;
- }
- } else {
- pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
- }
- break;
-
- case SRSO_CMD_IBPB_ON_VMEXIT:
- if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) {
- if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) {
- setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
- srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT;
- }
- } else {
- pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
- }
break;
+ case SRSO_MITIGATION_IBPB:
+ setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
+ break;
+ case SRSO_MITIGATION_IBPB_ON_VMEXIT:
+ setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
+ break;
default:
- break;
+ break;
}
-out:
- pr_info("%s\n", srso_strings[srso_mitigation]);
}
#undef pr_fmt
--
2.34.1
next prev parent reply other threads:[~2024-09-12 19:09 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-12 19:08 [RFC PATCH 00/34] x86/bugs: Attack vector controls David Kaplan
2024-09-12 19:08 ` [RFC PATCH 01/34] x86/bugs: Relocate mds/taa/mmio/rfds defines David Kaplan
2024-10-24 13:07 ` Borislav Petkov
2024-09-12 19:08 ` [RFC PATCH 02/34] x86/bugs: Add AUTO mitigations for mds/taa/mmio/rfds David Kaplan
2024-09-12 19:08 ` [RFC PATCH 03/34] x86/bugs: Restructure mds mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 04/34] x86/bugs: Restructure taa mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 05/34] x86/bugs: Restructure mmio mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 06/34] x86/bugs: Restructure rfds mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 07/34] x86/bugs: Remove md_clear_*_mitigation() David Kaplan
2024-10-08 8:40 ` Nikolay Borisov
2024-09-12 19:08 ` [RFC PATCH 08/34] x86/bugs: Restructure srbds mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 09/34] x86/bugs: Restructure gds mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 10/34] x86/bugs: Restructure spectre_v1 mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation David Kaplan
2024-10-08 8:32 ` Nikolay Borisov
2024-10-08 14:28 ` Kaplan, David
2024-09-12 19:08 ` [RFC PATCH 12/34] x86/bugs: Restructure spectre_v2_user mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation David Kaplan
2024-10-08 12:41 ` Nikolay Borisov
2024-10-08 14:25 ` Kaplan, David
2024-09-12 19:08 ` [RFC PATCH 14/34] x86/bugs: Restructure spectre_v2 mitigation David Kaplan
2024-09-12 19:08 ` [RFC PATCH 15/34] x86/bugs: Restructure ssb mitigation David Kaplan
2024-10-08 15:21 ` Nikolay Borisov
2024-09-12 19:08 ` [RFC PATCH 16/34] x86/bugs: Restructure l1tf mitigation David Kaplan
2024-09-12 19:08 ` David Kaplan [this message]
2024-09-12 19:08 ` [RFC PATCH 18/34] Documentation/x86: Document the new attack vector controls David Kaplan
2024-10-01 0:43 ` Manwaring, Derek
2024-10-01 1:53 ` Kaplan, David
2024-10-01 22:21 ` Manwaring, Derek
2024-09-12 19:08 ` [RFC PATCH 19/34] x86/bugs: Define attack vectors David Kaplan
2024-09-12 19:08 ` [RFC PATCH 20/34] x86/bugs: Determine relevant vulnerabilities based on attack vector controls David Kaplan
2024-09-12 19:08 ` [RFC PATCH 21/34] x86/bugs: Add attack vector controls for mds David Kaplan
2024-10-01 0:50 ` Manwaring, Derek
2024-10-01 1:58 ` Kaplan, David
2024-10-01 22:37 ` Manwaring, Derek
2024-10-02 14:28 ` Kaplan, David
2024-10-02 20:11 ` Manwaring, Derek
2024-10-02 20:26 ` Kaplan, David
2024-10-02 15:50 ` Pawan Gupta
2024-10-02 19:40 ` Manwaring, Derek
2024-09-12 19:08 ` [RFC PATCH 22/34] x86/bugs: Add attack vector controls for taa David Kaplan
2024-09-12 19:08 ` [RFC PATCH 23/34] x86/bugs: Add attack vector controls for mmio David Kaplan
2024-09-12 19:08 ` [RFC PATCH 24/34] x86/bugs: Add attack vector controls for rfds David Kaplan
2024-09-12 19:08 ` [RFC PATCH 25/34] x86/bugs: Add attack vector controls for srbds David Kaplan
2024-09-12 19:08 ` [RFC PATCH 26/34] x86/bugs: Add attack vector controls for gds David Kaplan
2024-09-12 19:08 ` [RFC PATCH 27/34] x86/bugs: Add attack vector controls for spectre_v1 David Kaplan
2024-09-12 19:37 ` Dave Hansen
2024-09-12 19:57 ` Kaplan, David
2024-09-12 20:16 ` Dave Hansen
2024-09-12 21:15 ` Kaplan, David
2024-10-01 0:39 ` Manwaring, Derek
2024-10-01 1:46 ` Kaplan, David
2024-10-01 22:18 ` Manwaring, Derek
2024-09-13 14:20 ` Borislav Petkov
2024-09-12 19:08 ` [RFC PATCH 28/34] x86/bugs: Add attack vector controls for retbleed David Kaplan
2024-09-12 19:08 ` [RFC PATCH 29/34] x86/bugs: Add attack vector controls for spectre_v2_user David Kaplan
2024-09-12 19:08 ` [RFC PATCH 30/34] x86/bugs: Add attack vector controls for bhi David Kaplan
2024-09-12 19:08 ` [RFC PATCH 31/34] x86/bugs: Add attack vector controls for spectre_v2 David Kaplan
2024-09-12 19:08 ` [RFC PATCH 32/34] x86/bugs: Add attack vector controls for l1tf David Kaplan
2024-09-12 19:08 ` [RFC PATCH 33/34] x86/bugs: Add attack vector controls for srso David Kaplan
2024-09-12 19:08 ` [RFC PATCH 34/34] x86/pti: Add attack vector controls for pti David Kaplan
2024-09-17 17:04 ` [RFC PATCH 00/34] x86/bugs: Attack vector controls Pawan Gupta
2024-09-18 6:29 ` Kaplan, David
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240912190857.235849-18-david.kaplan@amd.com \
--to=david.kaplan@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox