From: Sean Christopherson <seanjc@google.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@kernel.org>, X86 ML <x86@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
KVM <kvm@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/bugs: KVM: Add support for SRSO_MSR_FIX
Date: Thu, 23 Jan 2025 08:25:17 -0800 [thread overview]
Message-ID: <Z5JtbZ-UIBJy2aYE@google.com> (raw)
In-Reply-To: <20250118152655.GBZ4vIP44MivU2Bv0i@fat_crate.local>
On Sat, Jan 18, 2025, Borislav Petkov wrote:
> static enum srso_mitigation srso_mitigation __ro_after_init = SRSO_MITIGATION_NONE;
> @@ -2663,6 +2665,12 @@ static void __init srso_select_mitigation(void)
Unless I'm missing something, the cpu_mitigations_off() and "srso_cmd == SRSO_CMD_OFF"
cases need to clear the feature
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 9e3ea7f1b3587..3939a8dee27d4 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2581,6 +2581,7 @@ static void __init srso_select_mitigation(void)
srso_cmd == SRSO_CMD_OFF) {
if (boot_cpu_has(X86_FEATURE_SBPB))
x86_pred_cmd = PRED_CMD_SBPB;
+ setup_clear_cpu_cap(X86_FEATURE_SRSO_BP_SPEC_REDUCE);
return;
}
There's also the Zen1/Zen2 ucode+!SMT path, which I assume is irreveleant in
practice:
if (boot_cpu_data.x86 < 0x19 && !cpu_smt_possible()) {
setup_force_cpu_cap(X86_FEATURE_SRSO_NO);
return;
}
But if we wanted to catch all paths, wrap the guts and clear the feature in the
outer layer?
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 9e3ea7f1b3587..0501e31971421 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2572,7 +2572,7 @@ early_param("spec_rstack_overflow", srso_parse_cmdline);
#define SRSO_NOTICE "WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options."
-static void __init srso_select_mitigation(void)
+static void __init __srso_select_mitigation(void)
{
bool has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE);
@@ -2692,11 +2692,15 @@ static void __init srso_select_mitigation(void)
}
out:
+ pr_info("%s\n", srso_strings[srso_mitigation]);
+}
+
+static void __init srso_select_mitigation(void)
+{
+ __srso_select_mitigation();
if (srso_mitigation != SRSO_MITIGATION_BP_SPEC_REDUCE)
setup_clear_cpu_cap(X86_FEATURE_SRSO_BP_SPEC_REDUCE);
-
- pr_info("%s\n", srso_strings[srso_mitigation]);
}
#undef pr_fmt
> ibpb_on_vmexit:
> case SRSO_CMD_IBPB_ON_VMEXIT:
> + if (boot_cpu_has(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) {
> + pr_notice("Reducing speculation to address VM/HV SRSO attack vector.\n");
> + srso_mitigation = SRSO_MITIGATION_BP_SPEC_REDUCE;
> + break;
> + }
> +
> if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) {
> if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) {
> setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
> @@ -2684,6 +2692,10 @@ static void __init srso_select_mitigation(void)
> }
>
> out:
> +
Spurious newlines.
> + if (srso_mitigation != SRSO_MITIGATION_BP_SPEC_REDUCE)
> + setup_clear_cpu_cap(X86_FEATURE_SRSO_BP_SPEC_REDUCE);
> +
> pr_info("%s\n", srso_strings[srso_mitigation]);
> }
next prev parent reply other threads:[~2025-01-23 16:25 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-02 12:04 [PATCH v2 0/4] x86/bugs: Adjust SRSO mitigation to new features Borislav Petkov
2024-12-02 12:04 ` [PATCH v2 1/4] x86/bugs: Add SRSO_USER_KERNEL_NO support Borislav Petkov
2024-12-10 6:53 ` Josh Poimboeuf
2024-12-10 15:37 ` Borislav Petkov
2024-12-11 7:53 ` Josh Poimboeuf
2024-12-11 20:38 ` Borislav Petkov
2024-12-11 22:35 ` Sean Christopherson
2024-12-16 17:21 ` Borislav Petkov
2024-12-30 17:02 ` [tip: x86/bugs] " tip-bot2 for Borislav Petkov (AMD)
2024-12-02 12:04 ` [PATCH v2 2/4] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace Borislav Petkov
2024-12-30 17:02 ` [tip: x86/bugs] " tip-bot2 for Borislav Petkov (AMD)
2024-12-02 12:04 ` [PATCH v2 3/4] x86/bugs: KVM: Add support for SRSO_MSR_FIX Borislav Petkov
2024-12-11 22:27 ` Sean Christopherson
2024-12-16 17:31 ` Borislav Petkov
2024-12-16 18:51 ` Sean Christopherson
2024-12-17 9:34 ` Borislav Petkov
2024-12-30 11:14 ` Borislav Petkov
2025-01-08 13:38 ` Sean Christopherson
2025-01-08 15:49 ` Borislav Petkov
2025-01-08 17:18 ` Sean Christopherson
2025-01-08 18:14 ` Borislav Petkov
2025-01-08 18:37 ` Jim Mattson
2025-01-08 19:14 ` Borislav Petkov
2025-01-08 19:43 ` Jim Mattson
2025-01-08 19:45 ` Borislav Petkov
2025-01-11 12:52 ` [PATCH] " Borislav Petkov
2025-01-17 18:56 ` Sean Christopherson
2025-01-18 15:26 ` Borislav Petkov
2025-01-23 16:25 ` Sean Christopherson [this message]
2025-01-23 17:01 ` Borislav Petkov
2025-01-23 18:04 ` Sean Christopherson
2025-01-24 12:58 ` Borislav Petkov
2025-02-11 19:19 ` Jim Mattson
2025-02-11 20:51 ` Borislav Petkov
2025-02-13 10:53 ` Patrick Bellasi
2025-02-13 13:44 ` Patrick Bellasi
2025-02-13 14:28 ` Borislav Petkov
2025-02-13 17:50 ` Patrick Bellasi
2025-02-14 20:10 ` Borislav Petkov
2025-02-15 0:57 ` Yosry Ahmed
2025-02-15 9:15 ` Borislav Petkov
2025-02-17 5:47 ` Yosry Ahmed
2025-02-17 15:26 ` Borislav Petkov
2025-02-15 12:53 ` Borislav Petkov
2025-02-17 5:59 ` Yosry Ahmed
2025-02-17 16:07 ` Borislav Petkov
2025-02-17 19:56 ` Yosry Ahmed
2025-02-17 20:20 ` Borislav Petkov
2025-02-17 20:32 ` Yosry Ahmed
2025-02-18 11:13 ` [PATCH final?] " Borislav Petkov
2025-02-18 14:42 ` Patrick Bellasi
2025-02-18 15:34 ` Borislav Petkov
2025-04-29 13:25 ` x86/bugs: KVM: Add support for SRSO_MSR_FIX, back for moar Borislav Petkov
2025-04-30 23:33 ` Sean Christopherson
2025-05-01 0:42 ` Michael Larabel
2025-05-01 8:19 ` Borislav Petkov
2025-05-01 16:56 ` Sean Christopherson
2025-05-05 15:25 ` Borislav Petkov
2025-05-05 15:40 ` Kaplan, David
2025-05-05 15:47 ` Borislav Petkov
2025-05-05 16:30 ` Sean Christopherson
2025-05-05 16:42 ` Kaplan, David
2025-05-05 18:03 ` Sean Christopherson
2025-05-05 18:25 ` Kaplan, David
2024-12-02 12:04 ` [PATCH v2 4/4] Documentation/kernel-parameters: Fix a typo in kvm.enable_virt_at_load text Borislav Petkov
2024-12-30 17:21 ` [tip: x86/cleanups] " tip-bot2 for Borislav Petkov (AMD)
2024-12-03 14:30 ` [PATCH v2 0/4] x86/bugs: Adjust SRSO mitigation to new features Nikolay Borisov
2025-02-26 14:32 ` [tip: x86/bugs] x86/bugs: KVM: Add support for SRSO_MSR_FIX tip-bot2 for Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z5JtbZ-UIBJy2aYE@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=bp@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).