From: Thomas Gleixner Date: Thu, 28 Mar 2019 17:57:21 +0000 (-0400) Subject: x86/speculation/mds: Add mitigation control for MDS X-Git-Tag: v4.1.12-124.31.3~189 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=b139b02175b56919bf25ca81dae21175c9f1b71e;p=users%2Fjedix%2Flinux-maple.git x86/speculation/mds: Add mitigation control for MDS commit bc1241700acd82ec69fde98c5763ce51086269f8 upstream Now that the mitigations are in place, add a command line parameter to control the mitigation, a mitigation selector function and a SMT update mechanism. This is the minimal straight forward initial implementation which just provides an always on/off mode. The command line parameter is: mds=[full|off] This is consistent with the existing mitigations for other speculative hardware vulnerabilities. The idle invocation is dynamically updated according to the SMT state of the system similar to the dynamic update of the STIBP mitigation. The idle mitigation is limited to CPUs which are only affected by MSBDS and not any other variant, because the other variants cannot be mitigated on SMT enabled systems. Signed-off-by: Thomas Gleixner Reviewed-by: Borislav Petkov Reviewed-by: Jon Masters Tested-by: Jon Masters (cherry picked from commit 4cad86e4abd472f637038e0ad70a70d0d7333f83) Orabug: 29526900 CVE: CVE-2018-12126 CVE: CVE-2018-12130 CVE: CVE-2018-12127 Signed-off-by: Kanth Ghatraju Reviewed-by: Mihai Carabas Reviewed-by: Boris Ostrovsky Conflicts: The changes to arch/x86/kernel/cpu/bugs.c instead need to be made to arch/x86/kernel/cpu/bugs_64.c. --- diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 640931e9df5f..91c5d98efdcb 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -2049,6 +2049,28 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Format: , Specifies range of consoles to be captured by the MDA. + mds= [X86,INTEL] + Control mitigation for the Micro-architectural Data + Sampling (MDS) vulnerability. + + Certain CPUs are vulnerable to an exploit against CPU + internal buffers which can forward information to a + disclosure gadget under certain conditions. + + In vulnerable processors, the speculatively + forwarded data can be used in a cache side channel + attack, to access data to which the attacker does + not have direct access. + + This parameter controls the MDS mitigation. The + options are: + + full - Enable MDS mitigation on vulnerable CPUs + off - Unconditionally disable MDS mitigation + + Not specifying this option is equivalent to + mds=full. + mem=nn[KMG] [KNL,BOOT] Force usage of a specific amount of memory Amount of memory to be used when the kernel is not able to see the whole system memory or for test. diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index c64a698b5e42..fe7e5df41236 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -1021,4 +1021,9 @@ enum l1tf_mitigations { extern enum l1tf_mitigations l1tf_mitigation; +enum mds_mitigations { + MDS_MITIGATION_OFF, + MDS_MITIGATION_FULL, +}; + #endif /* _ASM_X86_PROCESSOR_H */ diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c index 4094ed7e15da..afc91d319b22 100644 --- a/arch/x86/kernel/cpu/bugs_64.c +++ b/arch/x86/kernel/cpu/bugs_64.c @@ -135,6 +135,7 @@ static void __init spectre_v2_select_mitigation(void); static enum ssb_mitigation __init ssb_select_mitigation(void); static void __init ssb_init(void); static void __init l1tf_select_mitigation(void); +static void __init mds_select_mitigation(void); static enum ssb_mitigation ssb_mode = SPEC_STORE_BYPASS_NONE; @@ -226,6 +227,8 @@ void __init check_bugs(void) l1tf_select_mitigation(); + mds_select_mitigation(); + alternative_instructions(); /* @@ -1281,6 +1284,64 @@ static void __init l1tf_select_mitigation(void) setup_force_cpu_cap(X86_FEATURE_L1TF_PTEINV); } +#undef pr_fmt +#define pr_fmt(fmt) "MDS: " fmt + +/* Default mitigation for L1TF-affected CPUs */ +static enum mds_mitigations mds_mitigation __read_mostly = MDS_MITIGATION_FULL; + +static const char * const mds_strings[] = { + [MDS_MITIGATION_OFF] = "Vulnerable", + [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers" +}; + +static void update_mds_branch_idle(void) +{ + /* + * Enable the idle clearing on CPUs which are affected only by + * MDBDS and not any other MDS variant. The other variants cannot + * be mitigated when SMT is enabled, so clearing the buffers on + * idle would be a window dressing exercise. + */ + if (!boot_cpu_has(X86_BUG_MSBDS_ONLY)) + return; + + if (cpu_smt_control == CPU_SMT_ENABLED) + static_branch_enable(&mds_idle_clear); + else + static_branch_disable(&mds_idle_clear); +} + +static void mds_select_mitigation(void) +{ + char arg[12]; + int ret; + + if (!boot_cpu_has_bug(X86_BUG_MDS)) { + mds_mitigation = MDS_MITIGATION_OFF; + return; + } + + ret = cmdline_find_option(boot_command_line, "mds", arg, + sizeof(arg)); + if (ret > 0) { + if (match_option(arg, ret, "off")) + mds_mitigation = MDS_MITIGATION_OFF; + else if (!match_option(arg, ret, "full")) + pr_warn("mds: unknown option %s\n", arg); + } + + if (mds_mitigation == MDS_MITIGATION_FULL) { + if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) { + static_branch_enable(&mds_user_clear); + update_mds_branch_idle(); + } else { + mds_mitigation = MDS_MITIGATION_OFF; + } + } + pr_info("%s\n", mds_strings[mds_mitigation]); +} + #undef pr_fmt #ifdef CONFIG_SYSFS