x86/speculation/mds: fix microcode late loading

In the microcode late loading case we have to:
- clear the CPU bugs related to MDS to be re-evaluated
- add proper evaluation of the MDS state and enable mitigation if necessary.

If the user has enforced off or idle mitigation, we keep it. Also if the
microcode fixes the MDS bug, mitigation will be turned off.

Orabug: 29526900
CVE: CVE-2018-12126
CVE: CVE-2018-12130
CVE: CVE-2018-12127

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
index 0f4f01a55f140f964d1b48467fee6999b0e36e63..2a9a64c0976cea364aec6821419f8b0db67b8167 100644 (file)
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -1508,6 +1508,60 @@ void microcode_late_select_mitigation(void)
                if (boot_cpu_has(X86_FEATURE_IBRS))
                        microcode_had_ibrs = true;
        }
+
+#undef pr_fmt
+#define pr_fmt(fmt)    "MDS late loading: " fmt
+       /*
+        * If the CPU does not have the X86_BUG_MDS bug means that the microcode
+        * solved this issue and we just turn off mds_mitigation.
+        * If the CPU has X86_BUG_MDS bug, we check to see if the microcode has
+        * added X86_FEATURE_MD_CLEAR.
+        */
+       if (boot_cpu_has_bug(X86_BUG_MDS)) {
+               /*
+                * If mds_mitigation is off, it means that the user selected
+                * this using cmdline option and we do not do anything.
+                */
+               if (mds_mitigation == MDS_MITIGATION_OFF)
+                       goto out_bug_mds;
+
+               /*
+                * If mds_mitigation is idle, it means that the user selected
+                * this using cmdline option and we just update_mds_branch_idle.
+                */
+               if (mds_mitigation == MDS_MITIGATION_IDLE) {
+                       update_mds_branch_idle();
+                       goto out_bug_mds;
+               }
+
+               /*
+                * If we have MDS_MITIGATION_VMWERV, jump back to
+                * MDS_MITIGATION_FULL and re-assess.
+                */
+               if (mds_mitigation == MDS_MITIGATION_VMWERV)
+                       mds_mitigation = MDS_MITIGATION_FULL;
+
+               if (cpu_has(&cpu_data(smp_processor_id()), X86_FEATURE_MD_CLEAR) &&
+                   !static_cpu_has(X86_FEATURE_MD_CLEAR)) {
+                       setup_force_cpu_cap(X86_FEATURE_MD_CLEAR);
+               }
+
+               if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
+                       mds_mitigation = MDS_MITIGATION_VMWERV;
+
+               static_branch_enable(&mds_user_clear);
+
+               update_mds_branch_idle();
+
+out_bug_mds:
+               pr_info("%s\n", mds_strings[mds_mitigation]);
+       } else if (mds_mitigation != MDS_MITIGATION_OFF) {
+               mds_mitigation = MDS_MITIGATION_OFF;
+               static_branch_disable(&mds_user_clear);
+               static_branch_disable(&mds_idle_clear);
+
+               pr_info("Not affected\n");
+       }
 }
 
 static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,

diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index b81dadfd22149ebe82478573d8108b4e3d9f072e..7ffbd73d3e4d1896133478d9498bb913f72673ce 100644 (file)
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -176,6 +176,8 @@ static void microcode_late_eval_cpuid(void *arg)
                setup_clear_cpu_cap(X86_BUG_SPEC_STORE_BYPASS);
                setup_clear_cpu_cap(X86_BUG_CPU_MELTDOWN);
                setup_clear_cpu_cap(X86_BUG_L1TF);
+               setup_clear_cpu_cap(X86_BUG_MDS);
+               setup_clear_cpu_cap(X86_BUG_MSBDS_ONLY);
                cpu_set_bug_bits(&cpu_data(smp_processor_id()));
 
                /* If CPU is not susceptible to L1TF, clean-up the L1TF_PTEINV cap. */