Received: by 10.223.176.46 with SMTP id f43csp992544wra; Wed, 24 Jan 2018 08:59:01 -0800 (PST) X-Google-Smtp-Source: AH8x225tALHEb/37sza281b0TpkxjtxI1XxlkUKHipA/q7AzJQHSqtI+rN5nJYKKY6LsolO3AFyu X-Received: by 2002:a17:902:a582:: with SMTP id az2-v6mr1685941plb.17.1516813141142; Wed, 24 Jan 2018 08:59:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516813141; cv=none; d=google.com; s=arc-20160816; b=i6Pq4q0V7nqOxp30pY0RAl8hzTyXLvtB3MQVFDGvUlBxjqe0NCktwbGjojLl5r2jVY Lhpo1TZf2AyVlGQs7OxclM1vZ3kavvWENvkOersV9QHxscWP3qSF6NZDadEELvDVj1MU 7gsug8Gf2+oWB99/jcWxbsXA9gCcqSNG3vKgn360ddW6n8pN3zAWaIKUxuTVo0bTnao+ wQRnEJNaFwe9wdd9QSzEnKmFthJVUU9APCes0VXAMaYjFl7QbOw/EwI2TZ6HKIWKOOi/ zEKcu/OHEPI7FwCzK6Lzn/s8xq+5K/6hbLilsM1ustptccbttnC/gl4/aIFc2cY1FEBi MqZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-authentication-results; bh=nCJ/BOKOQ/u8UxRHctSIca/I5oAm16oaPZ0u4ArtHd0=; b=PW/0RMDGrbEWIaV+8gyr5yZW0b7Xt1X5fDiikc7OQTRuNlXQiiQNAR1bHJkGR91Vbi NCGYfK+2dUCGefeZI40kedxy+/vEwjoACi+wei16Vj2vrQdO9OUo+cuWgntmMPW6V8uV AEhJMm6gRSaq4+wuQh/WvW6AryNJPvonqRa5jM9RteocT1GScu39ObSu3K4/xjRjNern St1B8KWNQsuRfieyXhkR99LYCKCUt4CdFcQmA8viHhn+Q1IRh3VB1qZuUswe35s8mC1D ArJORTp3BMSKuDkFUcM6LIQUFoFO1J414HQV7IyS2Hiwl9xqN6DjzDFL07XEyn8sMnrL AMwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=U5iXUd8V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j12si355977pga.150.2018.01.24.08.58.47; Wed, 24 Jan 2018 08:59:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=U5iXUd8V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934406AbeAXQ6H (ORCPT + 99 others); Wed, 24 Jan 2018 11:58:07 -0500 Received: from smtp-fw-6001.amazon.com ([52.95.48.154]:49835 "EHLO smtp-fw-6001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934356AbeAXQ5g (ORCPT ); Wed, 24 Jan 2018 11:57:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazon201209; t=1516813056; x=1548349056; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=nCJ/BOKOQ/u8UxRHctSIca/I5oAm16oaPZ0u4ArtHd0=; b=U5iXUd8VUYgNqxpAltFwFNMvRclrcwf8KYJhrBt0to+GsVYOKLVNirC/ w3vEWNRhGbc4FBkDvp9gRdtSapWtFPaZn36w0/ln+1AVXkghZnkpX2Re+ 0cc55PZf1ZYlpN0S1OV5Wia8X09yzM7M0FJdYKRJmCU6mKw0bimjdOPVE o=; X-IronPort-AV: E=Sophos;i="5.46,408,1511827200"; d="scan'208";a="328948757" Received: from iad6-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1a-807d4a99.us-east-1.amazon.com) ([10.124.125.6]) by smtp-border-fw-out-6001.iad6.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 24 Jan 2018 16:57:30 +0000 Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146]) by email-inbound-relay-1a-807d4a99.us-east-1.amazon.com (8.14.7/8.14.7) with ESMTP id w0OGvMic082901 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Jan 2018 16:57:25 GMT Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (localhost [127.0.0.1]) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w0OGvKA4011195; Wed, 24 Jan 2018 16:57:21 GMT Received: (from dwmw@localhost) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Submit) id w0OGvK0N011193; Wed, 24 Jan 2018 16:57:20 GMT From: David Woodhouse To: arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, dave.hansen@intel.com, gnomes@lxorguk.ukuu.org.uk Subject: [PATCH v3 6/6] x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2 microcodes Date: Wed, 24 Jan 2018 16:57:05 +0000 Message-Id: <1516813025-10794-7-git-send-email-dwmw@amazon.co.uk> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516813025-10794-1-git-send-email-dwmw@amazon.co.uk> References: <1516813025-10794-1-git-send-email-dwmw@amazon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We don't refuse to load the affected microcodes; just refuse to use SPEC_CTRL if they're detected. AMD has a feature bit for "PRED_CMD only", which Intel didn't do. When disabling SPEC_CTRL we can actually turn on that AMD bit to allow IBPB to still be used. We handle the other AMD bits here too, because hypervisors *may* have been exposing those bits even on Intel chips, for fine-grained control of what's available. Signed-off-by: David Woodhouse --- arch/x86/kernel/cpu/intel.c | 76 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index b720dac..f5c7f61 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -102,6 +102,64 @@ static void probe_xeon_phi_r3mwait(struct cpuinfo_x86 *c) ELF_HWCAP2 |= HWCAP2_RING3MWAIT; } +/* + * Early microcode releases for the Spectre v2 mitigation were broken. + * Information taken from; + * • https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf + * • https://kb.vmware.com/s/article/52345 + * • Microcode revisions observed in the wild + * • releasenote from 20180108 microcode release + */ +struct sku_microcode { + u8 model; + u8 stepping; + u32 microcode; +}; +static const struct sku_microcode spectre_bad_microcodes[] = { + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0B, 0x80 }, + /* Corrected typo in Intel doc */ + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0A, 0x80 }, + { INTEL_FAM6_KABYLAKE_MOBILE, 0x0A, 0x80 }, + { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x80 }, + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x09, 0x80 }, + { INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003C }, + { INTEL_FAM6_SKYLAKE_MOBILE, 0x03, 0x000000C2 }, + { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0x000000C2 }, + { INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 }, + { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x0000001B }, + { INTEL_FAM6_HASWELL_ULT, 0x01, 0x21 }, + { INTEL_FAM6_HASWELL_GT3E, 0x01, 0x18 }, + { INTEL_FAM6_HASWELL_CORE, 0x03, 0x23 }, + { INTEL_FAM6_IVYBRIDGE_X, 0x04, 0x42a }, + { INTEL_FAM6_HASWELL_X, 0x02, 0x3b }, + { INTEL_FAM6_HASWELL_X, 0x04, 0x10 }, + { INTEL_FAM6_HASWELL_CORE, 0x03, 0x23 }, + { INTEL_FAM6_BROADWELL_XEON_D, 0x02, 0x14 }, + { INTEL_FAM6_BROADWELL_XEON_D, 0x03, 0x7000011 }, + { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x0000001B }, + { INTEL_FAM6_BROADWELL_X, 0x01, 0x0b000025 }, + /* Dropped repeat of KBL Desktop 906E9, 0x80 */ + { INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e }, + /* Dropped repeat of SKX 50654, 0x200003c */ + /* Updated in the 20180108 release; blacklist until we know otherwise */ + { INTEL_FAM6_ATOM_GEMINI_LAKE, 0x01, 0x22 }, + /* Observed in the wild */ + { INTEL_FAM6_SANDYBRIDGE_X, 0x06, 0x61b }, + { INTEL_FAM6_SANDYBRIDGE_X, 0x07, 0x712 }, +}; + +static bool bad_spectre_microcode(struct cpuinfo_x86 *c) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) { + if (c->x86_model == spectre_bad_microcodes[i].model && + c->x86_mask == spectre_bad_microcodes[i].stepping) + return (c->microcode <= spectre_bad_microcodes[i].microcode); + } + return false; +} + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; @@ -122,6 +180,24 @@ static void early_init_intel(struct cpuinfo_x86 *c) if (c->x86 >= 6 && !cpu_has(c, X86_FEATURE_IA64)) c->microcode = intel_get_microcode_revision(); + if ((cpu_has(c, X86_FEATURE_SPEC_CTRL) || + cpu_has(c, X86_FEATURE_STIBP) || + cpu_has(c, X86_FEATURE_AMD_SPEC_CTRL) || + cpu_has(c, X86_FEATURE_AMD_STIBP)) && bad_spectre_microcode(c)) { + pr_warn("Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL\n"); + /* + * Intel's X86_FEATURE_SPEC_CTRL says both MSRs are available. + * We can't leave that set, but we can turn on the AMD bit + * which advertises PRED_CMD alone. IBPB is believed to be OK. + */ + if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) + set_cpu_cap(c, X86_FEATURE_AMD_PRED_CMD); + clear_cpu_cap(c, X86_FEATURE_SPEC_CTRL); + clear_cpu_cap(c, X86_FEATURE_STIBP); + clear_cpu_cap(c, X86_FEATURE_AMD_SPEC_CTRL); + clear_cpu_cap(c, X86_FEATURE_AMD_STIBP); + } + /* * Atom erratum AAE44/AAF40/AAG38/AAH41: * -- 2.7.4