From: David Kaplan <david.kaplan@amd.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>, <x86@kernel.org>,
"H . Peter Anvin" <hpa@zytor.com>
Cc: <linux-kernel@vger.kernel.org>
Subject: [PATCH v2 03/35] x86/bugs: Add AUTO mitigations for mds/taa/mmio/rfds
Date: Tue, 5 Nov 2024 15:54:23 -0600 [thread overview]
Message-ID: <20241105215455.359471-4-david.kaplan@amd.com> (raw)
In-Reply-To: <20241105215455.359471-1-david.kaplan@amd.com>
Add AUTO mitigations for mds/taa/mmio/rfds to create consistent
vulnerability handling. These AUTO mitigations will be turned into the
appropriate default mitigations in the <vuln>_select_mitigation()
functions. In a later patch, these will be used with the new attack
vector controls to help select appropriate mitigations.
Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
arch/x86/include/asm/processor.h | 1 +
arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++----
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index c0975815980c..ea4b87b44455 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -754,6 +754,7 @@ extern enum l1tf_mitigations l1tf_mitigation;
enum mds_mitigations {
MDS_MITIGATION_OFF,
+ MDS_MITIGATION_AUTO,
MDS_MITIGATION_FULL,
MDS_MITIGATION_VMWERV,
};
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 3fd7a2ce11b5..34d55f368bff 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -234,7 +234,7 @@ static void x86_amd_ssb_disable(void)
/* Default mitigation for MDS-affected CPUs */
static enum mds_mitigations mds_mitigation __ro_after_init =
- IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_FULL : MDS_MITIGATION_OFF;
+ IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_AUTO : MDS_MITIGATION_OFF;
static bool mds_nosmt __ro_after_init = false;
static const char * const mds_strings[] = {
@@ -245,6 +245,7 @@ static const char * const mds_strings[] = {
enum taa_mitigations {
TAA_MITIGATION_OFF,
+ TAA_MITIGATION_AUTO,
TAA_MITIGATION_UCODE_NEEDED,
TAA_MITIGATION_VERW,
TAA_MITIGATION_TSX_DISABLED,
@@ -252,27 +253,29 @@ enum taa_mitigations {
/* Default mitigation for TAA-affected CPUs */
static enum taa_mitigations taa_mitigation __ro_after_init =
- IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_VERW : TAA_MITIGATION_OFF;
+ IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_AUTO : TAA_MITIGATION_OFF;
enum mmio_mitigations {
MMIO_MITIGATION_OFF,
+ MMIO_MITIGATION_AUTO,
MMIO_MITIGATION_UCODE_NEEDED,
MMIO_MITIGATION_VERW,
};
/* Default mitigation for Processor MMIO Stale Data vulnerabilities */
static enum mmio_mitigations mmio_mitigation __ro_after_init =
- IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_VERW : MMIO_MITIGATION_OFF;
+ IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_AUTO : MMIO_MITIGATION_OFF;
enum rfds_mitigations {
RFDS_MITIGATION_OFF,
+ RFDS_MITIGATION_AUTO,
RFDS_MITIGATION_VERW,
RFDS_MITIGATION_UCODE_NEEDED,
};
/* Default mitigation for Register File Data Sampling */
static enum rfds_mitigations rfds_mitigation __ro_after_init =
- IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATION_OFF;
+ IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_AUTO : RFDS_MITIGATION_OFF;
static void __init mds_select_mitigation(void)
{
@@ -281,6 +284,9 @@ static void __init mds_select_mitigation(void)
return;
}
+ if (mds_mitigation == MDS_MITIGATION_AUTO)
+ mds_mitigation = MDS_MITIGATION_FULL;
+
if (mds_mitigation == MDS_MITIGATION_FULL) {
if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
mds_mitigation = MDS_MITIGATION_VMWERV;
@@ -510,6 +516,9 @@ static void __init rfds_select_mitigation(void)
if (rfds_mitigation == RFDS_MITIGATION_OFF)
return;
+ if (rfds_mitigation == RFDS_MITIGATION_AUTO)
+ rfds_mitigation = RFDS_MITIGATION_VERW;
+
if (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR)
setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
else
@@ -1995,6 +2004,7 @@ void cpu_bugs_smt_update(void)
update_mds_branch_idle();
break;
case MDS_MITIGATION_OFF:
+ case MDS_MITIGATION_AUTO:
break;
}
@@ -2006,6 +2016,7 @@ void cpu_bugs_smt_update(void)
break;
case TAA_MITIGATION_TSX_DISABLED:
case TAA_MITIGATION_OFF:
+ case TAA_MITIGATION_AUTO:
break;
}
@@ -2016,6 +2027,7 @@ void cpu_bugs_smt_update(void)
pr_warn_once(MMIO_MSG_SMT);
break;
case MMIO_MITIGATION_OFF:
+ case MMIO_MITIGATION_AUTO:
break;
}
--
2.34.1
next prev parent reply other threads:[~2024-11-05 21:55 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-05 21:54 [PATCH v2 00/35] x86/bugs: Attack vector controls David Kaplan
2024-11-05 21:54 ` [PATCH v2 01/35] x86/bugs: Add X86_BUG_SPECTRE_V2_USER David Kaplan
2024-11-05 21:54 ` [PATCH v2 02/35] x86/bugs: Relocate mds/taa/mmio/rfds defines David Kaplan
2024-11-05 21:54 ` David Kaplan [this message]
2024-11-14 2:26 ` [PATCH v2 03/35] x86/bugs: Add AUTO mitigations for mds/taa/mmio/rfds Pawan Gupta
2024-11-14 14:59 ` Kaplan, David
2024-11-14 17:14 ` Pawan Gupta
2024-11-14 17:17 ` Kaplan, David
2024-11-05 21:54 ` [PATCH v2 04/35] x86/bugs: Restructure mds mitigation David Kaplan
2024-11-14 3:03 ` Pawan Gupta
2024-11-14 15:01 ` Kaplan, David
2024-12-10 15:24 ` Borislav Petkov
2024-11-05 21:54 ` [PATCH v2 05/35] x86/bugs: Restructure taa mitigation David Kaplan
2024-11-14 4:43 ` Pawan Gupta
2024-11-14 15:08 ` Kaplan, David
2024-11-05 21:54 ` [PATCH v2 06/35] x86/bugs: Restructure mmio mitigation David Kaplan
2024-11-14 5:03 ` Pawan Gupta
2024-11-05 21:54 ` [PATCH v2 07/35] x86/bugs: Restructure rfds mitigation David Kaplan
2024-11-14 5:55 ` Pawan Gupta
2024-11-05 21:54 ` [PATCH v2 08/35] x86/bugs: Remove md_clear_*_mitigation() David Kaplan
2024-11-05 21:54 ` [PATCH v2 09/35] x86/bugs: Restructure srbds mitigation David Kaplan
2024-11-05 21:54 ` [PATCH v2 10/35] x86/bugs: Restructure gds mitigation David Kaplan
2024-11-14 6:21 ` Pawan Gupta
2024-11-05 21:54 ` [PATCH v2 11/35] x86/bugs: Restructure spectre_v1 mitigation David Kaplan
2024-11-14 6:57 ` Pawan Gupta
2024-11-14 15:36 ` Kaplan, David
2024-11-14 15:49 ` Kaplan, David
2024-11-14 16:19 ` Borislav Petkov
2024-11-14 16:45 ` Kaplan, David
2024-11-14 23:33 ` Josh Poimboeuf
2024-12-12 10:41 ` Borislav Petkov
2024-11-14 17:41 ` Pawan Gupta
2024-11-14 17:48 ` Kaplan, David
2024-11-05 21:54 ` [PATCH v2 12/35] x86/bugs: Restructure retbleed mitigation David Kaplan
2024-11-05 21:54 ` [PATCH v2 13/35] x86/bugs: Restructure spectre_v2_user mitigation David Kaplan
2024-11-06 18:56 ` kernel test robot
2024-11-05 21:54 ` [PATCH v2 14/35] x86/bugs: Restructure bhi mitigation David Kaplan
2024-11-05 21:54 ` [PATCH v2 15/35] x86/bugs: Restructure spectre_v2 mitigation David Kaplan
2024-11-05 21:54 ` [PATCH v2 16/35] x86/bugs: Restructure ssb mitigation David Kaplan
2024-11-05 21:54 ` [PATCH v2 17/35] x86/bugs: Restructure l1tf mitigation David Kaplan
2024-11-05 21:54 ` [PATCH v2 18/35] x86/bugs: Restructure srso mitigation David Kaplan
2025-01-02 14:55 ` Borislav Petkov
2024-11-05 21:54 ` [PATCH v2 19/35] Documentation/x86: Document the new attack vector controls David Kaplan
2024-11-06 10:39 ` Borislav Petkov
2024-11-06 14:49 ` Kaplan, David
2024-11-13 3:58 ` Manwaring, Derek
2024-11-13 14:15 ` Brendan Jackman
2024-11-13 15:05 ` Kaplan, David
2024-11-13 15:31 ` Brendan Jackman
2024-11-13 16:00 ` Kaplan, David
2024-11-13 16:19 ` Brendan Jackman
2024-11-14 9:32 ` Brendan Jackman
2024-11-22 16:15 ` Manwaring, Derek
2024-11-22 16:36 ` Brendan Jackman
2024-11-22 17:23 ` Kaplan, David
2024-11-20 0:14 ` Manwaring, Derek
2024-11-13 14:49 ` Kaplan, David
2024-11-13 14:15 ` Brendan Jackman
2024-11-13 15:42 ` Kaplan, David
2024-11-05 21:54 ` [PATCH v2 20/35] x86/bugs: Define attack vectors David Kaplan
2025-01-03 15:19 ` Borislav Petkov
2025-01-03 15:29 ` Kaplan, David
2025-01-03 15:51 ` Borislav Petkov
2024-11-05 21:54 ` [PATCH v2 21/35] x86/bugs: Determine relevant vulnerabilities based on attack vector controls David Kaplan
2024-11-05 21:54 ` [PATCH v2 22/35] x86/bugs: Add attack vector controls for mds David Kaplan
2024-11-05 21:54 ` [PATCH v2 23/35] x86/bugs: Add attack vector controls for taa David Kaplan
2024-11-05 21:54 ` [PATCH v2 24/35] x86/bugs: Add attack vector controls for mmio David Kaplan
2024-11-05 21:54 ` [PATCH v2 25/35] x86/bugs: Add attack vector controls for rfds David Kaplan
2024-11-05 21:54 ` [PATCH v2 26/35] x86/bugs: Add attack vector controls for srbds David Kaplan
2024-11-05 21:54 ` [PATCH v2 27/35] x86/bugs: Add attack vector controls for gds David Kaplan
2024-11-05 21:54 ` [PATCH v2 28/35] x86/bugs: Add attack vector controls for spectre_v1 David Kaplan
2024-11-05 21:54 ` [PATCH v2 29/35] x86/bugs: Add attack vector controls for retbleed David Kaplan
2024-11-05 21:54 ` [PATCH v2 30/35] x86/bugs: Add attack vector controls for spectre_v2_user David Kaplan
2024-11-05 21:54 ` [PATCH v2 31/35] x86/bugs: Add attack vector controls for bhi David Kaplan
2024-11-05 21:54 ` [PATCH v2 32/35] x86/bugs: Add attack vector controls for spectre_v2 David Kaplan
2024-11-05 21:54 ` [PATCH v2 33/35] x86/bugs: Add attack vector controls for l1tf David Kaplan
2024-11-05 21:54 ` [PATCH v2 34/35] x86/bugs: Add attack vector controls for srso David Kaplan
2024-11-05 21:54 ` [PATCH v2 35/35] x86/pti: Add attack vector controls for pti David Kaplan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241105215455.359471-4-david.kaplan@amd.com \
--to=david.kaplan@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox