LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, Denis Kirjanov <kda@linux-powerpc.org>,
"Andi Kleen" <ak@linux.intel.com>, "Borislav Petkov" <bp@suse.de>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Jon Masters" <jcm@redhat.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Frederic Weisbecker" <frederic@kernel.org>
Subject: [PATCH 3.16 63/86] x86/speculation/mds: Add basic bug infrastructure for MDS
Date: Thu, 16 May 2019 16:55:33 +0100 [thread overview]
Message-ID: <lsq.1558022133.140207505@decadent.org.uk> (raw)
In-Reply-To: <lsq.1558022132.52852998@decadent.org.uk>
3.16.68-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Andi Kleen <ak@linux.intel.com>
commit ed5194c2732c8084af9fd159c146ea92bf137128 upstream.
Microarchitectural Data Sampling (MDS), is a class of side channel attacks
on internal buffers in Intel CPUs. The variants are:
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a
dependent load (store-to-load forwarding) as an optimization. The forward
can also happen to a faulting or assisting load operation for a different
memory address, which can be exploited under certain conditions. Store
buffers are partitioned between Hyper-Threads so cross thread forwarding is
not possible. But if a thread enters or exits a sleep state the store
buffer is repartitioned which can expose data from one thread to the other.
MFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage
L1 miss situations and to hold data which is returned or sent in response
to a memory or I/O operation. Fill buffers can forward data to a load
operation and also write data to the cache. When the fill buffer is
deallocated it can retain the stale data of the preceding operations which
can then be forwarded to a faulting or assisting load operation, which can
be exploited under certain conditions. Fill buffers are shared between
Hyper-Threads so cross thread leakage is possible.
MLDPS leaks Load Port Data. Load ports are used to perform load operations
from memory or I/O. The received data is then forwarded to the register
file or a subsequent operation. In some implementations the Load Port can
contain stale data from a previous operation which can be forwarded to
faulting or assisting loads under certain conditions, which again can be
exploited eventually. Load ports are shared between Hyper-Threads so cross
thread leakage is possible.
All variants have the same mitigation for single CPU thread case (SMT off),
so the kernel can treat them as one MDS issue.
Add the basic infrastructure to detect if the current CPU is affected by
MDS.
[ tglx: Rewrote changelog ]
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
[bwh: Backported to 3.16:
- Use CPU feature word 10 and next available bug flag
- Adjust filename, context, indentation]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/include/asm/cpufeatures.h | 2 ++
arch/x86/include/uapi/asm/msr-index.h | 5 +++++
arch/x86/kernel/cpu/common.c | 23 +++++++++++++++--------
3 files changed, 22 insertions(+), 8 deletions(-)
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -243,6 +243,7 @@
#define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */
/* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 10 */
+#define X86_FEATURE_MD_CLEAR (10*32+10) /* VERW clears CPU buffers */
#define X86_FEATURE_SPEC_CTRL (10*32+26) /* "" Speculation Control (IBRS + IBPB) */
#define X86_FEATURE_INTEL_STIBP (10*32+27) /* "" Single Thread Indirect Branch Predictors */
#define X86_FEATURE_ARCH_CAPABILITIES (10*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
@@ -271,5 +272,6 @@
#define X86_BUG_SPECTRE_V2 X86_BUG(7) /* CPU is affected by Spectre variant 2 attack with indirect branches */
#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(8) /* CPU is affected by speculative store bypass attack */
#define X86_BUG_L1TF X86_BUG(9) /* CPU is affected by L1 Terminal Fault */
+#define X86_BUG_MDS X86_BUG(10) /* CPU is affected by Microarchitectural data sampling */
#endif /* _ASM_X86_CPUFEATURES_H */
--- a/arch/x86/include/uapi/asm/msr-index.h
+++ b/arch/x86/include/uapi/asm/msr-index.h
@@ -65,6 +65,11 @@
* attack, so no Speculative Store Bypass
* control required.
*/
+#define ARCH_CAP_MDS_NO (1UL << 5) /*
+ * Not susceptible to
+ * Microarchitectural Data
+ * Sampling (MDS) vulnerabilities.
+ */
#define MSR_IA32_BBL_CR_CTL 0x00000119
#define MSR_IA32_BBL_CR_CTL3 0x0000011e
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -811,6 +811,7 @@ static void identify_cpu_without_cpuid(s
#define NO_MELTDOWN BIT(1)
#define NO_SSB BIT(2)
#define NO_L1TF BIT(3)
+#define NO_MDS BIT(4)
#define VULNWL(_vendor, _family, _model, _whitelist) \
{ X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
@@ -827,6 +828,7 @@ static const __initconst struct x86_cpu_
VULNWL(INTEL, 5, X86_MODEL_ANY, NO_SPECULATION),
VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION),
+ /* Intel Family 6 */
VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION),
VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION),
VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION),
@@ -843,17 +845,19 @@ static const __initconst struct x86_cpu_
VULNWL_INTEL(CORE_YONAH, NO_SSB),
VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF),
- VULNWL_INTEL(ATOM_GOLDMONT, NO_L1TF),
- VULNWL_INTEL(ATOM_GOLDMONT_X, NO_L1TF),
- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_L1TF),
-
- VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF),
- VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF),
- VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF),
- VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF),
+
+ VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF),
+ VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF),
+ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF),
+
+ /* AMD Family 0xf - 0x12 */
+ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS),
+ VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS),
+ VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS),
+ VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS),
/* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
- VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF),
+ VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS),
{}
};
@@ -884,6 +888,9 @@ static void __init cpu_set_bug_bits(stru
if (ia32_cap & ARCH_CAP_IBRS_ALL)
setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
+ if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO))
+ setup_force_cpu_bug(X86_BUG_MDS);
+
if (cpu_matches(NO_MELTDOWN))
return;
next prev parent reply other threads:[~2019-05-16 15:59 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-16 15:55 [PATCH 3.16 00/86] 3.16.68-rc1 review Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 04/86] MIPS: jump_label.c: Correct the span of the J instruction Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 01/86] x86/cpufeature: Add bug flags to /proc/cpuinfo Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 08/86] jump_label: Allow asm/jump_label.h to be included in assembly Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 07/86] s390/jump label: use different nop instruction Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 10/86] module, jump_label: Fix module locking Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 02/86] module: add within_module() function Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 03/86] jump_label: Fix small typos in the documentation Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 09/86] jump_label: Allow jump labels to be used in assembly Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 05/86] MIPS: jump_label.c: Handle the microMIPS J instruction encoding Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 06/86] s390/jump label: add sanity checks Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 75/86] x86/speculation: Move arch_smt_update() call to after mitigation decisions Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 43/86] x86/speculation: Rework SMT state change Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 78/86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 68/86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 32/86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Ben Hutchings
2019-05-16 15:55 ` Ben Hutchings [this message]
2019-05-16 15:55 ` [PATCH 3.16 34/86] x86/speculation: Update the TIF_SSBD comment Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 64/86] x86/speculation/mds: Add BUG_MSBDS_ONLY Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 79/86] cpu/speculation: Add 'mitigations=' cmdline option Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 66/86] x86/speculation/mds: Add mds_clear_cpu_buffers() Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 76/86] x86/speculation/mds: Add SMT warning message Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 21/86] x86/asm: Error out if asm/jump_label.h is included inappropriately Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 51/86] x86/speculation: Avoid __switch_to_xtra() calls Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 45/86] x86/speculation: Mark string arrays const correctly Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 41/86] x86/Kconfig: Select SCHED_SMT if SMP enabled Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 14/86] locking/static_keys: Rework update logic Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 77/86] x86/speculation/mds: Fix comment Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 27/86] x86/speculation: Support Enhanced IBRS on future CPUs Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 38/86] x86/speculation: Disable STIBP when enhanced IBRS is in use Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 31/86] x86/speculation: Apply IBPB more strictly to avoid cross-process data leak Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 33/86] x86/speculation: Propagate information about RSB filling mitigation to sysfs Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 70/86] x86/speculation/l1tf: Document l1tf in sysfs Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 16/86] jump label, locking/static_keys: Update docs Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 81/86] x86/speculation/mds: Add 'mitigations=' support for MDS Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 44/86] x86/speculation: Reorder the spec_v2 code Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 60/86] kvm: x86: Report STIBP on GET_SUPPORTED_CPUID Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 35/86] x86/speculation: Clean up spectre_v2_parse_cmdline() Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 18/86] locking/static_keys: Fix a silly typo Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 80/86] x86/speculation: Support 'mitigations=' cmdline option Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 40/86] x86/speculation: Reorganize speculation control MSRs update Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 30/86] x86/cpu: Sanitize FAM6_ATOM naming Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 58/86] x86/speculation: Add seccomp Spectre v2 user space protection mode Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 39/86] x86/speculation: Rename SSBD update functions Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 50/86] x86/process: Consolidate and simplify switch_to_xtra() code Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 37/86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 82/86] x86/mds: Add MDSUM variant to the MDS documentation Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 36/86] x86/speculation: Remove unnecessary ret variable in cpu_show_common() Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 52/86] x86/speculation: Prepare for conditional IBPB in switch_mm() Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 54/86] x86/speculation: Prepare arch_smt_update() for PRCTL mode Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 69/86] x86/speculation/mds: Add mitigation control for MDS Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 28/86] x86/speculation: Simplify the CPU bug detection logic Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 71/86] x86/speculation/mds: Add sysfs reporting for MDS Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 57/86] x86/speculation: Enable prctl mode for spectre_v2_user Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 86/86] x86/bugs: Change L1TF mitigation string to match upstream Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 59/86] x86/speculation: Provide IBPB always command line options Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 48/86] x86/speculation: Add command line control for indirect branch speculation Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 83/86] Documentation: Correct the possible MDS sysfs values Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 23/86] x86/headers: Don't include asm/processor.h in asm/atomic.h Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 22/86] x86/asm: Add asm macros for static keys/jump labels Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 29/86] x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 74/86] Documentation: Add MDS vulnerability documentation Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 24/86] x86/cpufeature: Carve out X86_FEATURE_* Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 62/86] x86/speculation: Consolidate CPU whitelists Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 73/86] Documentation: Move L1TF to separate directory Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 19/86] locking/static_keys: Fix up the static keys documentation Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 15/86] locking/static_keys: Add a new static_key interface Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 49/86] x86/speculation: Prepare for per task indirect branch speculation control Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 46/86] x86/speculataion: Mark command line parser data __initdata Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 53/86] x86/speculation: Split out TIF update Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 11/86] jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 85/86] x86/cpu/bugs: Use __initconst for 'const' init data Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 13/86] jump_label: Add jump_entry_key() helper Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 61/86] x86/msr-index: Cleanup bit defines Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 55/86] x86/speculation: Prevent stale SPEC_CTRL msr content Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 84/86] x86/speculation/mds: Fix documentation typo Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 67/86] x86/speculation/mds: Clear CPU buffers on exit to user Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 65/86] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 56/86] x86/speculation: Add prctl() control for indirect branch speculation Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 12/86] jump_label, locking/static_keys: Rename JUMP_LABEL_TYPE_* and related helpers to the static_key* pattern Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 47/86] x86/speculation: Unify conditional spectre v2 print functions Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 26/86] locking/static_keys: Provide DECLARE and well as DEFINE macros Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 25/86] locking/static_key: Fix concurrent static_key_slow_inc() Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 17/86] jump_label/x86: Work around asm build bug on older/backported GCCs Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 20/86] jump_label: make static_key_enabled() work on static_key_true/false types too Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 72/86] x86/speculation/mds: Add mitigation mode VMWERV Ben Hutchings
2019-05-16 15:55 ` [PATCH 3.16 42/86] sched: Add sched_smt_active() Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1558022133.140207505@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=bp@suse.de \
--cc=frederic@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=jcm@redhat.com \
--cc=kda@linux-powerpc.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).