From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 12 Mar 2024 16:31:39 +0000 (-0700)
Subject: Merge tag 'rfds-for-linus-2024-03-11' of git://git.kernel.org/pub/scm/linux/kernel... 
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=0e33cf955f07e3991e45109cb3e29fbc9ca51d06;p=users%2Fjedix%2Flinux-maple.git

Merge tag 'rfds-for-linus-2024-03-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 RFDS mitigation from Dave Hansen:
 "RFDS is a CPU vulnerability that may allow a malicious userspace to
  infer stale register values from kernel space. Kernel registers can
  have all kinds of secrets in them so the mitigation is basically to
  wait until the kernel is about to return to userspace and has user
  values in the registers. At that point there is little chance of
  kernel secrets ending up in the registers and the microarchitectural
  state can be cleared.

  This leverages some recent robustness fixes for the existing MDS
  vulnerability. Both MDS and RFDS use the VERW instruction for
  mitigation"

* tag 'rfds-for-linus-2024-03-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
  x86/rfds: Mitigate Register File Data Sampling (RFDS)
  Documentation/hw-vuln: Add documentation for RFDS
  x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
---

0e33cf955f07e3991e45109cb3e29fbc9ca51d06
diff --cc Documentation/admin-guide/kernel-parameters.txt
index 77c3d1a7f116,73062d47a462..825398d66c69
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@@ -3394,8 -3418,8 +3414,9 @@@
  					       nospectre_bhb [ARM64]
  					       nospectre_v1 [X86,PPC]
  					       nospectre_v2 [X86,PPC,S390,ARM64]
+ 					       reg_file_data_sampling=off [X86]
  					       retbleed=off [X86]
 +					       spec_rstack_overflow=off [X86]
  					       spec_store_bypass_disable=off [X86,PPC]
  					       spectre_v2_user=off [X86]
  					       srbds=off [X86,INTEL]
diff --cc arch/x86/kernel/cpu/bugs.c
index 4dd00066c12a,01ac18f56147..e7ba936d798b
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@@ -2846,9 -2922,9 +2923,14 @@@ ssize_t cpu_show_gds(struct device *dev
  {
  	return cpu_show_common(dev, attr, buf, X86_BUG_GDS);
  }
+ 
+ ssize_t cpu_show_reg_file_data_sampling(struct device *dev, struct device_attribute *attr, char *buf)
+ {
+ 	return cpu_show_common(dev, attr, buf, X86_BUG_RFDS);
+ }
  #endif
 +
 +void __warn_thunk(void)
 +{
 +	WARN_ONCE(1, "Unpatched return thunk in use. This should not happen!\n");
 +}