Received: by 2002:a25:1104:0:0:0:0:0 with SMTP id 4csp122304ybr;
        Fri, 22 May 2020 02:35:24 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxTfYItUfqr0qchRaO9zGVJ999zIXDoObN9dZzgXgSk3SUTzlK/J+q45zCJp+2CpE6nj1FL
X-Received: by 2002:a17:906:29d9:: with SMTP id y25mr6960909eje.198.1590140123925;
        Fri, 22 May 2020 02:35:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1590140123; cv=none;
        d=google.com; s=arc-20160816;
        b=f1N6CogFjqtjpvOGMD5lGuMe/fKhUyEZzeRTYT80cH9Rd/Q/JV7wbcsjBbrL+p28sv
         hau1viVR57c5+uvfm7Mpf81kQudio8g/1z4D25bvChkhq34YWFXMfiy2fqAvror6289d
         7970Pb7i6NUxJvCrTLl5Kol73tm5ibhikgSXzUdIZBptp+Aj0c9wk8jByrKcmhDeS7xC
         hxqQkAW+qkwbJdfcs5gWWWqHlyzAubZDRvSekE0QzXPTgMt+9Cs/Pz4bW5YcSZ5BSMoH
         S6jgdLP4wq13iKx88rR8a3HtLMSZMPEo30eoImivdq2hp6gsJ8MVGagSb76pWc3SJgy4
         9oeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :robot-unsubscribe:robot-id:message-id:mime-version:references
         :in-reply-to:cc:subject:to:reply-to:from:date;
        bh=AMhdcMV7L8rNdXkjy43Zr9qZ+K5X//GMUHri3B2HZNw=;
        b=b0wHJX/vkTRiPCQheyVQc5+UVdhCkaZKNGyjXlCVFJ6S57eV9uzk5HSFC2igxT6Kb+
         clLDFvVlC0lVq9izc3SEoh5DKOEwgnjXZN6vh+hWMkQs/ZEDWSlyhFRO9QezzvcW/Cw/
         AcuF4WA1Qm+Pev/vJ2c42rP3k6MYP0g33o6P+E0mXBW/cV+Dhtmm2Qx4UfzQGknPrWbm
         CdykfF9sx6qNoyEhOqULSE3VD+ahBSL+CJK1cdGN0JIhrDVIMkttH9wyige+WWo1I70W
         vfI8ivWJ90IdpW9E7pdgS8SsaO6TY5bkxQFPSnX+2nohN19Cn+Kl+UGB3iSZHNK0mwTy
         B4qw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id df5si4565272edb.44.2020.05.22.02.35.00;
        Fri, 22 May 2020 02:35:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729884AbgEVJdS (ORCPT <rfc822;proy.cse@gmail.com> + 99 others);
        Fri, 22 May 2020 05:33:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35914 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729521AbgEVJc7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 22 May 2020 05:32:59 -0400
Received: from Galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55AA4C08C5C0;
        Fri, 22 May 2020 02:32:59 -0700 (PDT)
Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tip-bot2@linutronix.de>)
        id 1jc42x-0001OM-1M; Fri, 22 May 2020 11:32:55 +0200
Received: from [127.0.1.1] (localhost [IPv6:::1])
        by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id 8D1681C0095;
        Fri, 22 May 2020 11:32:54 +0200 (CEST)
Date:   Fri, 22 May 2020 09:32:54 -0000
From:   "tip-bot2 for Balbir Singh" <tip-bot2@linutronix.de>
Reply-to: linux-kernel@vger.kernel.org
To:     linux-tip-commits@vger.kernel.org
Subject: [tip: x86/mm] Documentation: Add L1D flushing Documentation
Cc:     Balbir Singh <sblbir@amazon.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Kees Cook <keescook@chromium.org>, x86 <x86@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
In-Reply-To: <20200516103430.26527-4-sblbir@amazon.com>
References: <20200516103430.26527-4-sblbir@amazon.com>
MIME-Version: 1.0
Message-ID: <159013997442.17951.16582260930766939987.tip-bot2@tip-bot2>
X-Mailer: tip-git-log-daemon
Robot-ID: <tip-bot2.linutronix.de>
Robot-Unsubscribe: Contact <mailto:tglx@linutronix.de> to get blacklisted from these emails
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The following commit has been merged into the x86/mm branch of tip:

Commit-ID:     0fcfdf55db9e1ecf85edd6aa8d0bc78a448cb96a
Gitweb:        https://git.kernel.org/tip/0fcfdf55db9e1ecf85edd6aa8d0bc78a448cb96a
Author:        Balbir Singh <sblbir@amazon.com>
AuthorDate:    Sat, 16 May 2020 20:34:30 +10:00
Committer:     Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Fri, 22 May 2020 11:30:08 +02:00

Documentation: Add L1D flushing Documentation

Add documentation of l1d flushing, explain the need for the
feature and how it can be used.

[tglx: Reword the documentation]

Signed-off-by: Balbir Singh <sblbir@amazon.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20200516103430.26527-4-sblbir@amazon.com
---
 Documentation/admin-guide/hw-vuln/index.rst     |  1 +-
 Documentation/admin-guide/hw-vuln/l1d_flush.rst | 51 ++++++++++++++++-
 Documentation/userspace-api/spec_ctrl.rst       |  7 ++-
 3 files changed, 59 insertions(+)
 create mode 100644 Documentation/admin-guide/hw-vuln/l1d_flush.rst

diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst
index 0795e3c..35633b2 100644
--- a/Documentation/admin-guide/hw-vuln/index.rst
+++ b/Documentation/admin-guide/hw-vuln/index.rst
@@ -14,3 +14,4 @@ are configurable at compile, boot or run time.
    mds
    tsx_async_abort
    multihit.rst
+   l1d_flush
diff --git a/Documentation/admin-guide/hw-vuln/l1d_flush.rst b/Documentation/admin-guide/hw-vuln/l1d_flush.rst
new file mode 100644
index 0000000..530a1e0
--- /dev/null
+++ b/Documentation/admin-guide/hw-vuln/l1d_flush.rst
@@ -0,0 +1,51 @@
+L1D Flushing for the paranoid
+=============================
+
+With an increasing number of vulnerabilities being reported around data
+leaks from the Level 1 Data cache (L1D) the kernel provides an opt-in
+mechanism to flush the L1D cache on context switch.
+
+This mechanism can be used to address e.g. CVE-2020-0550. For paranoid
+applications the mechanism keeps them safe from any yet to be discovered
+vulnerabilities, related to leaks from the L1D cache.
+
+
+Related CVEs
+------------
+At the present moment, the following CVEs can be addressed by this
+mechanism
+
+    =============       ========================     ==================
+    CVE-2020-0550       Improper Data Forwarding     OS related aspects
+    =============       ========================     ==================
+
+Usage Guidelines
+----------------
+
+Please see document: :ref:`Documentation/userspace-api/spec_ctrl.rst` for
+details.
+
+**NOTE**: The feature is disabled by default, applications need to
+specifically opt into the feature to enable it.
+
+Mitigation
+----------
+
+When PR_SET_L1D_FLUSH is enabled for a task a flush of the L1D cache is
+performed when the task is scheduled out and the incoming task belongs to a
+different process and therefore to a different address space.
+
+If the underlying CPU supports L1D flushing in hardware, the hardware
+mechanism is used, otherwise a software fallback, similar to the L1TF
+mitigation, is invoked.
+
+Limitations
+-----------
+
+The mechanism does not mitigate L1D data leaks between tasks belonging to
+different processes which are concurrently executing on sibling threads of
+a physical CPU core when SMT is enabled on the system.
+
+This can be addressed by controlled placement of processes on physical CPU
+cores or by disabling SMT. See the relevant chapter in the L1TF mitigation
+document: :ref:`Documentation/admin-guide/hw-vuln/l1tf.rst <smt_control>`.
diff --git a/Documentation/userspace-api/spec_ctrl.rst b/Documentation/userspace-api/spec_ctrl.rst
index 7ddd8f6..b40afe9 100644
--- a/Documentation/userspace-api/spec_ctrl.rst
+++ b/Documentation/userspace-api/spec_ctrl.rst
@@ -106,3 +106,10 @@ Speculation misfeature controls
    * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
    * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0);
    * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);
+
+- PR_SPEC_L1D_FLUSH_OUT: Flush L1D Cache on context switch out of the task
+
+  Invocations:
+   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, 0, 0, 0);
+   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, PR_SPEC_ENABLE, 0, 0);
+   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH_OUT, PR_SPEC_DISABLE, 0, 0);