From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Borislav Petkov <bp@suse.de>,
Thomas Gleixner <tglx@linutronix.de>,
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Subject: [PATCH 4.14 18/20] x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
Date: Tue, 14 Jun 2022 20:40:09 +0200 [thread overview]
Message-ID: <20220614183727.731711129@linuxfoundation.org> (raw)
In-Reply-To: <20220614183723.328825625@linuxfoundation.org>
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit a992b8a4682f119ae035a01b40d4d0665c4a2875 upstream
The Shared Buffers Data Sampling (SBDS) variant of Processor MMIO Stale
Data vulnerabilities may expose RDRAND, RDSEED and SGX EGETKEY data.
Mitigation for this is added by a microcode update.
As some of the implications of SBDS are similar to SRBDS, SRBDS mitigation
infrastructure can be leveraged by SBDS. Set X86_BUG_SRBDS and use SRBDS
mitigation.
Mitigation is enabled by default; use srbds=off to opt-out. Mitigation
status can be checked from below file:
/sys/devices/system/cpu/vulnerabilities/srbds
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[cascardo: adjust for processor model names]
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/common.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -972,6 +972,8 @@ static const __initconst struct x86_cpu_
#define SRBDS BIT(0)
/* CPU is affected by X86_BUG_MMIO_STALE_DATA */
#define MMIO BIT(1)
+/* CPU is affected by Shared Buffers Data Sampling (SBDS), a variant of X86_BUG_MMIO_STALE_DATA */
+#define MMIO_SBDS BIT(2)
static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS),
@@ -993,16 +995,17 @@ static const struct x86_cpu_id cpu_vuln_
VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE, X86_STEPPINGS(0x0, 0x8), SRBDS),
VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x9, 0xD), SRBDS | MMIO),
VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x0, 0x8), SRBDS),
- VULNBL_INTEL_STEPPINGS(ICELAKE_MOBILE, X86_STEPPINGS(0x5, 0x5), MMIO),
+ VULNBL_INTEL_STEPPINGS(ICELAKE_MOBILE, X86_STEPPINGS(0x5, 0x5), MMIO | MMIO_SBDS),
VULNBL_INTEL_STEPPINGS(ICELAKE_XEON_D, X86_STEPPINGS(0x1, 0x1), MMIO),
VULNBL_INTEL_STEPPINGS(ICELAKE_X, X86_STEPPINGS(0x4, 0x6), MMIO),
- VULNBL_INTEL_STEPPINGS(COMETLAKE, BIT(2) | BIT(3) | BIT(5), MMIO),
- VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x0, 0x1), MMIO),
- VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPINGS(0x1, 0x1), MMIO),
+ VULNBL_INTEL_STEPPINGS(COMETLAKE, BIT(2) | BIT(3) | BIT(5), MMIO | MMIO_SBDS),
+ VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x1, 0x1), MMIO | MMIO_SBDS),
+ VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x0, 0x0), MMIO),
+ VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPINGS(0x1, 0x1), MMIO | MMIO_SBDS),
VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPINGS(0x1, 0x1), MMIO),
- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPINGS(0x1, 0x1), MMIO),
+ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPINGS(0x1, 0x1), MMIO | MMIO_SBDS),
VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_X, X86_STEPPING_ANY, MMIO),
- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPINGS(0x0, 0x0), MMIO),
+ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPINGS(0x0, 0x0), MMIO | MMIO_SBDS),
{}
};
@@ -1081,10 +1084,14 @@ static void __init cpu_set_bug_bits(stru
/*
* SRBDS affects CPUs which support RDRAND or RDSEED and are listed
* in the vulnerability blacklist.
+ *
+ * Some of the implications and mitigation of Shared Buffers Data
+ * Sampling (SBDS) are similar to SRBDS. Give SBDS same treatment as
+ * SRBDS.
*/
if ((cpu_has(c, X86_FEATURE_RDRAND) ||
cpu_has(c, X86_FEATURE_RDSEED)) &&
- cpu_matches(cpu_vuln_blacklist, SRBDS))
+ cpu_matches(cpu_vuln_blacklist, SRBDS | MMIO_SBDS))
setup_force_cpu_bug(X86_BUG_SRBDS);
/*
next prev parent reply other threads:[~2022-06-14 18:45 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-14 18:39 [PATCH 4.14 00/20] 4.14.284-rc1 review Greg Kroah-Hartman
2022-06-14 18:39 ` [PATCH 4.14 01/20] x86/cpu: Add Elkhart Lake to Intel family Greg Kroah-Hartman
2022-06-14 18:39 ` [PATCH 4.14 02/20] cpu/speculation: Add prototype for cpu_show_srbds() Greg Kroah-Hartman
2022-06-14 18:39 ` [PATCH 4.14 03/20] x86/cpu: Add Jasper Lake to Intel family Greg Kroah-Hartman
2022-06-14 18:39 ` [PATCH 4.14 04/20] x86/cpu: Add Cannonlake " Greg Kroah-Hartman
2022-06-14 18:39 ` [PATCH 4.14 05/20] x86/CPU: Add Icelake model number Greg Kroah-Hartman
2022-06-14 18:39 ` [PATCH 4.14 06/20] x86/CPU: Add more Icelake model numbers Greg Kroah-Hartman
2022-06-14 18:39 ` [PATCH 4.14 07/20] x86/cpu: Add Comet Lake to the Intel CPU models header Greg Kroah-Hartman
2022-06-14 18:39 ` [PATCH 4.14 08/20] x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 09/20] x86/cpu: Add another Alder Lake CPU to the Intel family Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 10/20] Documentation: Add documentation for Processor MMIO Stale Data Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 11/20] x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 12/20] x86/speculation: Add a common function for MD_CLEAR mitigation update Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 13/20] x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 14/20] x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 15/20] x86/speculation/mmio: Enable CPU Fill buffer clearing on idle Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 16/20] x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 17/20] x86/speculation/srbds: Update SRBDS mitigation selection Greg Kroah-Hartman
2022-06-14 18:40 ` Greg Kroah-Hartman [this message]
2022-06-14 18:40 ` [PATCH 4.14 19/20] KVM: x86/speculation: Disable Fill buffer clear within guests Greg Kroah-Hartman
2022-06-14 18:40 ` [PATCH 4.14 20/20] x86/speculation/mmio: Print SMT warning Greg Kroah-Hartman
2022-06-15 17:58 ` [PATCH 4.14 00/20] 4.14.284-rc1 review Naresh Kamboju
2022-06-15 22:01 ` Guenter Roeck
2022-06-16 8:28 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220614183727.731711129@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@suse.de \
--cc=cascardo@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox