From: Linus Torvalds Date: Tue, 8 Aug 2023 00:03:54 +0000 (-0700) Subject: Merge tag 'gds-for-linus-2023-08-01' of git://git.kernel.org/pub/scm/linux/kernel... X-Git-Tag: v6.5-rc6~35 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=64094e7e3118aff4b0be8ff713c242303e139834;p=linux.git Merge tag 'gds-for-linus-2023-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86/gds fixes from Dave Hansen: "Mitigate Gather Data Sampling issue: - Add Base GDS mitigation - Support GDS_NO under KVM - Fix a documentation typo" * tag 'gds-for-linus-2023-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: Documentation/x86: Fix backwards on/off logic about YMM support KVM: Add GDS_NO support to KVM x86/speculation: Add Kconfig option for GDS x86/speculation: Add force option to GDS mitigation x86/speculation: Add Gather Data Sampling mitigation --- 64094e7e3118aff4b0be8ff713c242303e139834 diff --cc Documentation/admin-guide/hw-vuln/index.rst index ff4d3fa2a75c,436fac0bd9c3..a7d37e124831 --- a/Documentation/admin-guide/hw-vuln/index.rst +++ b/Documentation/admin-guide/hw-vuln/index.rst @@@ -19,4 -19,4 +19,5 @@@ are configurable at compile, boot or ru l1d_flush.rst processor_mmio_stale_data.rst cross-thread-rsb.rst + srso + gather_data_sampling.rst diff --cc arch/x86/include/asm/cpufeatures.h index 7600a8a1589f,8d6b34726033..094f88fee536 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@@ -491,7 -483,6 +491,8 @@@ #define X86_BUG_RETBLEED X86_BUG(27) /* CPU is affected by RETBleed */ #define X86_BUG_EIBRS_PBRSB X86_BUG(28) /* EIBRS is vulnerable to Post Barrier RSB Predictions */ #define X86_BUG_SMT_RSB X86_BUG(29) /* CPU is vulnerable to Cross-Thread Return Address Predictions */ + #define X86_BUG_GDS X86_BUG(30) /* CPU is affected by Gather Data Sampling */ +/* BUG word 2 */ +#define X86_BUG_SRSO X86_BUG(1*32 + 0) /* AMD SRSO bug */ #endif /* _ASM_X86_CPUFEATURES_H */ diff --cc arch/x86/kernel/cpu/bugs.c index d81f40aa843d,7985c658d129..d02f73c5339d --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@@ -47,7 -47,7 +47,8 @@@ static void __init taa_select_mitigatio static void __init mmio_select_mitigation(void); static void __init srbds_select_mitigation(void); static void __init l1d_flush_select_mitigation(void); +static void __init srso_select_mitigation(void); + static void __init gds_select_mitigation(void); /* The base value of the SPEC_CTRL MSR without task-specific bits set */ u64 x86_spec_ctrl_base; @@@ -164,7 -161,7 +165,8 @@@ void __init cpu_select_mitigations(void md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); + srso_select_mitigation(); + gds_select_mitigation(); } /* @@@ -2549,13 -2527,11 +2694,18 @@@ static ssize_t retbleed_show_state(cha return sysfs_emit(buf, "%s\n", retbleed_strings[retbleed_mitigation]); } +static ssize_t srso_show_state(char *buf) +{ + return sysfs_emit(buf, "%s%s\n", + srso_strings[srso_mitigation], + (cpu_has_ibpb_brtype_microcode() ? "" : ", no microcode")); +} + + static ssize_t gds_show_state(char *buf) + { + return sysfs_emit(buf, "%s\n", gds_strings[gds_mitigation]); + } + static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, char *buf, unsigned int bug) { @@@ -2605,9 -2581,9 +2755,12 @@@ case X86_BUG_RETBLEED: return retbleed_show_state(buf); + case X86_BUG_SRSO: + return srso_show_state(buf); + + case X86_BUG_GDS: + return gds_show_state(buf); + default: break; } @@@ -2673,8 -2649,8 +2826,13 @@@ ssize_t cpu_show_retbleed(struct devic return cpu_show_common(dev, attr, buf, X86_BUG_RETBLEED); } +ssize_t cpu_show_spec_rstack_overflow(struct device *dev, struct device_attribute *attr, char *buf) +{ + return cpu_show_common(dev, attr, buf, X86_BUG_SRSO); +} ++ + ssize_t cpu_show_gds(struct device *dev, struct device_attribute *attr, char *buf) + { + return cpu_show_common(dev, attr, buf, X86_BUG_GDS); + } #endif diff --cc arch/x86/kernel/cpu/common.c index 1d7e22836540,53224fe3ca6f..e3a65e9fc750 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@@ -1250,8 -1250,8 +1250,10 @@@ static const __initconst struct x86_cpu #define RETBLEED BIT(3) /* CPU is affected by SMT (cross-thread) return predictions */ #define SMT_RSB BIT(4) +/* CPU is affected by SRSO */ +#define SRSO BIT(5) + /* CPU is affected by GDS */ -#define GDS BIT(5) ++#define GDS BIT(6) static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS), @@@ -1409,11 -1410,16 +1413,21 @@@ static void __init cpu_set_bug_bits(str if (cpu_matches(cpu_vuln_blacklist, SMT_RSB)) setup_force_cpu_bug(X86_BUG_SMT_RSB); + if (!cpu_has(c, X86_FEATURE_SRSO_NO)) { + if (cpu_matches(cpu_vuln_blacklist, SRSO)) + setup_force_cpu_bug(X86_BUG_SRSO); + } + + /* + * Check if CPU is vulnerable to GDS. If running in a virtual machine on + * an affected processor, the VMM may have disabled the use of GATHER by + * disabling AVX2. The only way to do this in HW is to clear XCR0[2], + * which means that AVX will be disabled. + */ + if (cpu_matches(cpu_vuln_blacklist, GDS) && !(ia32_cap & ARCH_CAP_GDS_NO) && + boot_cpu_has(X86_FEATURE_AVX)) + setup_force_cpu_bug(X86_BUG_GDS); + if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) return; diff --cc drivers/base/cpu.c index f111586d1cce,0469c09e8a8c..52df435eecf8 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@@ -577,12 -577,12 +577,18 @@@ ssize_t __weak cpu_show_retbleed(struc return sysfs_emit(buf, "Not affected\n"); } +ssize_t __weak cpu_show_spec_rstack_overflow(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sysfs_emit(buf, "Not affected\n"); +} + + ssize_t __weak cpu_show_gds(struct device *dev, + struct device_attribute *attr, char *buf) + { + return sysfs_emit(buf, "Not affected\n"); + } + static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); @@@ -594,7 -594,7 +600,8 @@@ static DEVICE_ATTR(itlb_multihit, 0444 static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL); static DEVICE_ATTR(mmio_stale_data, 0444, cpu_show_mmio_stale_data, NULL); static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL); +static DEVICE_ATTR(spec_rstack_overflow, 0444, cpu_show_spec_rstack_overflow, NULL); + static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL); static struct attribute *cpu_root_vulnerabilities_attrs[] = { &dev_attr_meltdown.attr, @@@ -608,7 -608,7 +615,8 @@@ &dev_attr_srbds.attr, &dev_attr_mmio_stale_data.attr, &dev_attr_retbleed.attr, + &dev_attr_spec_rstack_overflow.attr, + &dev_attr_gather_data_sampling.attr, NULL };