From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2057.outbound.protection.outlook.com [40.107.92.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B120B19EEBF for ; Wed, 8 Jan 2025 20:25:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.57 ARC-Seal:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367942; cv=fail; b=NR8MhkWUs+Jn3o7MwmURS1gJbWn6rFL65+OL72lFyE5ffsV42Zb2IDuAy/9MJng8GC8ovcoquCdpJkluZelqOuCSh12yfzps+aAB0PdRiQ2RSLDKB2Z1d/P7HZNfv/eViCkjc2P+FalFRNb5PJkDDYJnajDv8UmbY/3wdTc+Uws= ARC-Message-Signature:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367942; c=relaxed/simple; bh=xtghotazccDaO58FyV/7a5pKdPptjIvw0qT65U7AP5A=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=TDUxiDIkxNUqrBF+H1Tf56LslIR9Sq2QuXyPJQ3pRpgX57Rn8l4gRwvTbaqOnv9Eu+pbglvmscquoJ63O4v6v73VxrU7lo6w5pvnxwcuuiHAw6WlmZZB1ahlwmKGzsvWsuDXzdeOcYmHAD1b22UpkUEUCuoBvwXpkICHB4sN/Jc= ARC-Authentication-Results:i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tJCLHcoE; arc=fail smtp.client-ip=40.107.92.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tJCLHcoE" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AQQJYb3aEe3isqe42m3obFqdiXT9b3VmWIyCEgxIQ3umWbsTLAGU+tlKfoS0FNULoZw7WzlbyBAWY2+dhVoO56qm0+TmThca7ygJRCZFl/PFQyk/RlR9Y4w8v/bPHw+I4PSry2HdY0sVecgONyIg9HljVDC5RWrmA95rGV9nv4V0r01l/qrkVwFw+h/wlZDmB0Vqj/C+AsT0ZQ9coL0t8dvQ9HDUpTONLF0I6CdJlewzIJwh2B3SRR36QcAoPf0+ACAwdml3o49bdthqhHEU1DoW7Z/Q/+UjX6hnZRwOKFoCmlnVbE+RazPb8ClHxhg6xJ/h0A26HmhUOREwU2/MBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CIM7B8c0I2cF5Q0L8pfZ62X0oJu66Gmaco1iEBWYX2s=; b=UBAJP0geIO6m6J3kDy2iOoXEVjmUk/NRKbP1SIXny/fSRYcmfcJCRGtbQlDn51gHEdZ0LGmozGgzHOw4CwSdCJPpqcPpm4USAnnOXyaPvY+kFJpVqx7Z2XjE4yRAM8iEx414OqhQfrh5P8BN5PU8cLY7mumWfcmgejWlw6rQDuqOxcRsByJ6ii7jcrEF9/Y6dHkcHh6PRZTN9D7aBh9zBd/0o8TrUZd7yyr+ZNwyUpIAiQgg5BZ1PgVgmFlLkJ9dIxtsP1ejTKKr7UQRKiirEZhlB/eK0EldOAidSrBR2xdhyoXrAf7LtmE22bv9dzwN7HMlZK0W+/iUjm7ctnYHkg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CIM7B8c0I2cF5Q0L8pfZ62X0oJu66Gmaco1iEBWYX2s=; b=tJCLHcoE8a6m2kJIQ+xp/lWV7M8QvxilbaecpcgiSGGvRnHULtkFtsBKMKfzpyyf0CF+ZwkKYptuC7XHN/cCmArsmx0UwAhOrqvwhNffD49J5kKI7W/VLXhIdUXkIZCsAfa5yrBaNA8pzBVORBcPHjQQCQSq+gqtUZDuz6hI3g0= Received: from BL0PR02CA0105.namprd02.prod.outlook.com (2603:10b6:208:51::46) by MN2PR12MB4389.namprd12.prod.outlook.com (2603:10b6:208:262::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:36 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::4d) by BL0PR02CA0105.outlook.office365.com (2603:10b6:208:51::46) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.22 via Frontend Transport; Wed, 8 Jan 2025 20:25:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:36 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:35 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 00/35] x86/bugs: Attack vector controls Date: Wed, 8 Jan 2025 14:24:40 -0600 Message-ID: <20250108202515.385902-1-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|MN2PR12MB4389:EE_ X-MS-Office365-Filtering-Correlation-Id: 0e69e81a-0961-4e83-7a38-08dd30229c24 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?+CdvUjNYysASOE2Nru1g8o8AecNoeY/lZi8SigQ7/iwT3FClO00uiKLHlYv0?= =?us-ascii?Q?bsjLPKfnxqM/SPS7S0PvktytYxl/4oNWxWXqaUPIvd4OKeZebohGSanhlBo/?= =?us-ascii?Q?sMNW4HM1xqs1yyZeDY+iM1I6mD3nAJ0DBMKYe8Xfy1/Os21Kv558JWGSXM3P?= =?us-ascii?Q?PCOuRXtZgOrK9gYuuIAudOGKJVGeKxO+MzPLA1xwb5fbUYNUXzeBnkA8mfsu?= =?us-ascii?Q?fQjVA/ubDFXPr69Nwct/fxHwOQNfbFVDnt6J6YYRzkrKKFbm06du/CvbzYb0?= =?us-ascii?Q?7mrNqnrcJrdjw9AILqs5NMi0Qpm0C69FI+Fe1V377QW0D4tuwVFFlFt+D0d2?= =?us-ascii?Q?T1lpEcty+49bWgYkJBYsZyhr7FGHt2MVc4WQsF0sPwsGZeT2CpBM2PlKJxdy?= =?us-ascii?Q?8mxE4VsdS2IhIwWSMkb/ExiOxvY8244xPonr/2eMeun++Dywwi1Gh58HMvEs?= =?us-ascii?Q?BhNO3rx8L4iHN+EUjs/BuCu6iNV4OSDvGvPzpnD5BMzbgo8miWEWuCzxYed6?= =?us-ascii?Q?7+B+hScLOjcJmZcRF136xwvstZT/KrdaO5VpO0DBUj88K+2sFCMR2+BweTUt?= =?us-ascii?Q?ulyrDOXWgtYyWFQ8ecZ6caIC8TZNMRNaFon7aU2Ok2MQm6j6AykTN2RxkO+k?= =?us-ascii?Q?hm32Qautd6A5fReNViw3Z2EkAS3EeivNBqDySehY0mUEr86+LkHsoOY5ZxDy?= =?us-ascii?Q?0yporhUWwti8U5brOnHrPxBmGDYKVJy07m/8e0d5ftC0z9966AMr+grkEflU?= =?us-ascii?Q?gxqrh9ewvTaVcOa45JaVwFiTI31TTCFc7ks+tM6u6HrpbtK9uEbTiS1rIgm5?= =?us-ascii?Q?Nm4pckuvSHDd2gsiEpjw/2l6EZB/Gi6TqNgQ7URobtwXEQORZDEFKRFFxYYy?= =?us-ascii?Q?xVW6UqvR7lmxFn13NiJ8dtZasBSVGGaC3CeWJgX/92ux0XcFpZ5iWh6xO2xi?= =?us-ascii?Q?3wfNBbX1fWugVPfANP11Jj4cro2OqVxOgQwVD7v9eYuQ3v5d/ivAQV8QET5m?= =?us-ascii?Q?Sb0rBpf8aW9aCo/QDlCypf4rOsL1CgNqZgGyZFcopVVC1h1N0k/0foWGDD41?= =?us-ascii?Q?0ByG9HGnon/GeHZiplfx5m1hVp1A1VFnkJOIybDe0HnVO6CagJQzHGPJXRKR?= =?us-ascii?Q?n6QiBwElmP760nXSfw6bnQlSt3M5rIaIcfOAs4IFQyXNUpmTUpLn+1Fq6FeC?= =?us-ascii?Q?mhDn8nFZzZLyAjpD3z/Guu/k3rcakeYvk8yIur3oibzZfSiAc6GzoCpCui4O?= =?us-ascii?Q?VQHhj/QCBluxSa+1zWQ2kD0H1BMnBfDGLiw+B6BXgaWiNC9POUnBoSVq2nF3?= =?us-ascii?Q?dGTkJQZKaZeBApYHJZybm6CKm5Jb5YfkF4cb5+rmLaex/Xmf1X5aMlj2XG1i?= =?us-ascii?Q?x1+bwo/mfXTT5QO4yiG/7/5Ds5OEVPHm6Og+SCRS//iNIf9PgXVDi97kT9gI?= =?us-ascii?Q?wW72rESsfyiMG9bi59homigw2h4fsh7StBPMfNm34RLFX5RfqUGv4J8OEtJA?= =?us-ascii?Q?bzp7cO6pqDLMmN8=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:36.1729 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0e69e81a-0961-4e83-7a38-08dd30229c24 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4389 This series restructures arch/x86/kernel/cpu/bugs.c and proposes new command line options to make it easier to control which CPU mitigations are applied. These options select relevant mitigations based on chosen attack vectors, which are hopefully easier for users to understand. There are two parts to this patch series: The first 18 patches restructure the existing mitigation selection logic to use a uniform set of functions. First, the "select" function is called for each mitigation to select an appropriate mitigation. Unless a mitigation is explicitly selected or disabled with a command line option, the default mitigation is AUTO and the "select" function will then choose the best mitigation. After the "select" function is called for each mitigation, some mitigations define an "update" function which can be used to update the selection, based on the choices made by other mitigations. Finally, the "apply" function is called which enables the chosen mitigation. This structure simplifies the mitigation control logic, especially when there are dependencies between multiple vulnerabilities. It also prepares the code for the second set of patches. The rest of the patches define new "attack vector" command line options to make it easier to select appropriate mitigations based on the usage of the system. While many users may not be intimately familiar with the details of these CPU vulnerabilities, they are likely better able to understand the intended usage of their system. As a result, unneeded mitigations may be disabled, allowing users to recoup more performance. New documentation is included with recommendations on what to consider when choosing which attack vectors to enable/disable. Note that this patch series does not change any of the existing mitigation defaults. Changes in v3: - Moved command line options to be x86-only - Fix bugs related to ucode detection for taa/mmio/rfds - Various clean up Changes in v2: - Removed new enum, just use X86_BUG* to identify vulnerabilities - Mitigate gds if cross-thread protection is selected as pointed out by Andrew Cooper - Simplifications around verw-based mitigation handling - Various bug fixes David Kaplan (35): x86/bugs: Add X86_BUG_SPECTRE_V2_USER x86/bugs: Relocate mds/taa/mmio/rfds defines x86/bugs: Add AUTO mitigations for mds/taa/mmio/rfds x86/bugs: Restructure mds mitigation x86/bugs: Restructure taa mitigation x86/bugs: Restructure mmio mitigation x86/bugs: Restructure rfds mitigation x86/bugs: Remove md_clear_*_mitigation() x86/bugs: Restructure srbds mitigation x86/bugs: Restructure gds mitigation x86/bugs: Restructure spectre_v1 mitigation x86/bugs: Restructure retbleed mitigation x86/bugs: Restructure spectre_v2_user mitigation x86/bugs: Restructure bhi mitigation x86/bugs: Restructure spectre_v2 mitigation x86/bugs: Restructure ssb mitigation x86/bugs: Restructure l1tf mitigation x86/bugs: Restructure srso mitigation Documentation/x86: Document the new attack vector controls x86/bugs: Define attack vectors x86/bugs: Determine relevant vulnerabilities based on attack vector controls. x86/bugs: Add attack vector controls for mds x86/bugs: Add attack vector controls for taa x86/bugs: Add attack vector controls for mmio x86/bugs: Add attack vector controls for rfds x86/bugs: Add attack vector controls for srbds x86/bugs: Add attack vector controls for gds x86/bugs: Add attack vector controls for spectre_v1 x86/bugs: Add attack vector controls for retbleed x86/bugs: Add attack vector controls for spectre_v2_user x86/bugs: Add attack vector controls for bhi x86/bugs: Add attack vector controls for spectre_v2 x86/bugs: Add attack vector controls for l1tf x86/bugs: Add attack vector controls for srso x86/pti: Add attack vector controls for pti .../hw-vuln/attack_vector_controls.rst | 172 +++ Documentation/admin-guide/hw-vuln/index.rst | 1 + arch/x86/include/asm/bugs.h | 11 + arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/processor.h | 2 + arch/x86/kernel/cpu/bugs.c | 1329 +++++++++++------ arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kvm/vmx/vmx.c | 2 + arch/x86/mm/pti.c | 4 +- 9 files changed, 1034 insertions(+), 492 deletions(-) create mode 100644 Documentation/admin-guide/hw-vuln/attack_vector_controls.rst -- 2.34.1