Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1737008iog;
        Tue, 14 Jun 2022 12:07:43 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1vBengPAQgsT48LzkE56W5YEPhr6ZIUtLtaf/VNJx8ZpI9JdFpFcfOVxVfF3uVayV3nbqBF
X-Received: by 2002:a17:902:7083:b0:167:6549:48e9 with SMTP id z3-20020a170902708300b00167654948e9mr5703286plk.118.1655233663655;
        Tue, 14 Jun 2022 12:07:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1655233663; cv=none;
        d=google.com; s=arc-20160816;
        b=q9wECgj9kwmRJvbzah3rhL1z+9L43Em8tici6bfSQRSYOM6TfnJ25iUk80CN7V1sEc
         LvWYSK5v9qkZFRnm8WVa6zj0Gkh0+n3HJU1FiW8siQVKQA0X2gax4hrozwLA3wSjVbh0
         2hCHQxxMCuNiZygFWl67/bncv1j89KlUuB8lVzaaKCKRIAKJdxNOzjBIe4SV4XQtCXs0
         S7WyD7HdD+IV1r68TDOKXLiQh4bL7q6oij6wvy3uYC49SAyKAcTl+Ez6FIWk1fGtWUDT
         TfNFB7zon2/Ikd87hfH9zSHFWin8+9H6EDiNuFPaw1MMLo+ARWzMQU3kMUmjD0KyFZEz
         9YLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=1E7j9gP1FPCEjoXMrh05xZj96pXqBmi4pBCKYho5RdE=;
        b=pCSLbwWOv76VDAEN9wPHOX/wlbxsujDc3RTH6681hkU8geQ2by96gNY37yXaX+/gN+
         cSIVPBLaPYsgrobQ2sL1mRZ4en2nopdpxvrQP62FwVVytssqUqVekhTCXCsibUmR9N9j
         i2XfV98xCBB5ZMRpGwCusaaodXmtAux+MT+BS0UPTfiTIUlpUbeAys+s86smxq7ykc6j
         Uud3M4gt/sEg7GGHdxR4y06HtmiibTUzmQG6YMBHbEqKGqmcwOJdOcvjcsfMIqn5Jx8d
         Q0b2s0MKaMUuNTtnjJtMdmBkcI6nDkcbGOSE+NEswIDmNU7/5IXMa7xAenE+h6d+21VF
         Z6dA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="zVkfRh/C";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id s10-20020a63ff4a000000b004033091ade0si13331032pgk.480.2022.06.14.12.07.31;
        Tue, 14 Jun 2022 12:07:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="zVkfRh/C";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1357340AbiFNSqD (ORCPT <rfc822;adjskylinux@gmail.com>
        + 99 others); Tue, 14 Jun 2022 14:46:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59286 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1357602AbiFNSns (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 14 Jun 2022 14:43:48 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9F734C7A3;
        Tue, 14 Jun 2022 11:42:43 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 20B3AB81AF7;
        Tue, 14 Jun 2022 18:42:42 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 73654C3411D;
        Tue, 14 Jun 2022 18:42:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1655232160;
        bh=3dsMAznn1B6DoeOIvyo2p957q7i+qY4LOqwKuKo6vpY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=zVkfRh/CTpv9BHx9lnlh2fYPhJAQdbLpSZSZo+oxQiNF56wdESSOFZY0lcs6sCCiL
         i+k05tMcmnnyMuJ8U7UfcPAdU225lhse/W6lBmyb2tB5TBQVLRIVk0APOXqF8tvczn
         sv6TRMHM1KeVtSUPoO49fbVgGggrq3CDewdQMeSc=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Borislav Petkov <bp@suse.de>,
        Thomas Gleixner <tglx@linutronix.de>,
        Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Subject: [PATCH 4.14 17/20] x86/speculation/srbds: Update SRBDS mitigation selection
Date:   Tue, 14 Jun 2022 20:40:08 +0200
Message-Id: <20220614183727.515024248@linuxfoundation.org>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20220614183723.328825625@linuxfoundation.org>
References: <20220614183723.328825625@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>

commit 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19 upstream

Currently, Linux disables SRBDS mitigation on CPUs not affected by
MDS and have the TSX feature disabled. On such CPUs, secrets cannot
be extracted from CPU fill buffers using MDS or TAA. Without SRBDS
mitigation, Processor MMIO Stale Data vulnerabilities can be used to
extract RDRAND, RDSEED, and EGETKEY data.

Do not disable SRBDS mitigation by default when CPU is also affected by
Processor MMIO Stale Data vulnerabilities.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kernel/cpu/bugs.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -578,11 +578,13 @@ static void __init srbds_select_mitigati
 		return;
 
 	/*
-	 * Check to see if this is one of the MDS_NO systems supporting
-	 * TSX that are only exposed to SRBDS when TSX is enabled.
+	 * Check to see if this is one of the MDS_NO systems supporting TSX that
+	 * are only exposed to SRBDS when TSX is enabled or when CPU is affected
+	 * by Processor MMIO Stale Data vulnerability.
 	 */
 	ia32_cap = x86_read_arch_cap_msr();
-	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM))
+	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM) &&
+	    !boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA))
 		srbds_mitigation = SRBDS_MITIGATION_TSX_OFF;
 	else if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
 		srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR;