Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1739716iog;
        Tue, 14 Jun 2022 12:11:33 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzKbk96Pd3HDl11cIuHR5Jm35NaWGj25UxBQ58bL7CavCv35hx46tbPzsqFRoptzMIsTujn
X-Received: by 2002:a17:907:2c43:b0:715:85cb:21a with SMTP id hf3-20020a1709072c4300b0071585cb021amr5350955ejc.541.1655233892822;
        Tue, 14 Jun 2022 12:11:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1655233892; cv=none;
        d=google.com; s=arc-20160816;
        b=0C9nOem/QFobIDwhrecE5IH/++xKC31zIHFM9cylS7RM4FbLR7R13yiFYUAsjw33Hu
         Qva31+L4ZGIfer+2m8NEHRPZROp6WJtmT7M0f4xH1xw1aoD1Yrv1S49rXHGC/2IUXE26
         PwsOmTqOn0IDCf3SRDeBuieh/Gts+WrRdwCErJiBmX88H+e74B9xZRk/b8sEWdJRJwB+
         9NvLICZL3umeWub9mVNN0yREhGp+ovwRzo4Gawg8CDTQ78RIIXKczJ8ilGLFLxdtssOA
         9sVHhH/YczkgOXkV/qVO0sSXnF68q/kYv65viET0kXwZmWNMKU0vvpSOHTZ/KsPJOPj8
         Xe6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=cxzsE5jK9RWUmtg+XDXLIIi1uab8Ad785B35ZUOrVvs=;
        b=qT1T7nrMiV/zkGPRkEIQVH44AKIkXeM234/LTdBaTKLGKq+sMd+kfrL7cRQ8aBHK6d
         l6kxA53aXrFS+yXp/q7leKNMH5iTc5cxGxkTftLU/rJVAC3fDy5sznyTnd+M82I2QYUI
         oUUpixY9M9kv9GS8GFKoYe5IQzBcCG+rL2MLu3oaVKUcgAvZlwHoiRQXFBlRvpwD4GhK
         nJGFOy8492VAewkplUS8suvI1+8yk6shXa8mjm76Ru5xk6QKbFcAf57Os6dGScm68RYK
         hfKnXBQZdS6gpsK3DpXhz/G4x0Jf+bbWfJuWNGvnXJK9gDM8txPE0w31WCFV7OLN7hxq
         5Kvw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=skk7WQDZ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id n9-20020a17090673c900b006fead2c3278si11829052ejl.192.2022.06.14.12.11.06;
        Tue, 14 Jun 2022 12:11:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=skk7WQDZ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1357556AbiFNStV (ORCPT <rfc822;adjskylinux@gmail.com>
        + 99 others); Tue, 14 Jun 2022 14:49:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46320 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1357974AbiFNSsa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 14 Jun 2022 14:48:30 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ADD194D607;
        Tue, 14 Jun 2022 11:44:47 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 36549B81AFD;
        Tue, 14 Jun 2022 18:44:46 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85F10C3411B;
        Tue, 14 Jun 2022 18:44:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1655232284;
        bh=KbDM2PpUnvupymiLnYBaEnVW4saa+eurbrjVqdYyaCI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=skk7WQDZTYHSC1hgJ4etX1Cqh8fHsYxpqHlfEuq4wNzMG8f1UOQ6tyAONZzb+4r4l
         PN5mXMx50Kg7AonunRa5uPfgEe29AJFeb9DUows8t6l/1o3oi8TrwOeOX9svcEGSUZ
         7hlDWAk1vR73kg4CI4deUclYj9BDseTrlQuiY4uM=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Borislav Petkov <bp@suse.de>
Subject: [PATCH 5.10 06/11] x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
Date:   Tue, 14 Jun 2022 20:40:28 +0200
Message-Id: <20220614183721.481711655@linuxfoundation.org>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20220614183719.878453780@linuxfoundation.org>
References: <20220614183719.878453780@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>

commit 99a83db5a605137424e1efe29dc0573d6a5b6316 upstream

When the CPU is affected by Processor MMIO Stale Data vulnerabilities,
Fill Buffer Stale Data Propagator (FBSDP) can propagate stale data out
of Fill buffer to uncore buffer when CPU goes idle. Stale data can then
be exploited with other variants using MMIO operations.

Mitigate it by clearing the Fill buffer before entering idle state.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Co-developed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kernel/cpu/bugs.c |   16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -425,6 +425,14 @@ static void __init mmio_select_mitigatio
 		static_branch_enable(&mmio_stale_data_clear);
 
 	/*
+	 * If Processor-MMIO-Stale-Data bug is present and Fill Buffer data can
+	 * be propagated to uncore buffers, clearing the Fill buffers on idle
+	 * is required irrespective of SMT state.
+	 */
+	if (!(ia32_cap & ARCH_CAP_FBSDP_NO))
+		static_branch_enable(&mds_idle_clear);
+
+	/*
 	 * Check if the system has the right microcode.
 	 *
 	 * CPU Fill buffer clear mitigation is enumerated by either an explicit
@@ -1188,6 +1196,8 @@ static void update_indir_branch_cond(voi
 /* Update the static key controlling the MDS CPU buffer clear in idle */
 static void update_mds_branch_idle(void)
 {
+	u64 ia32_cap = x86_read_arch_cap_msr();
+
 	/*
 	 * Enable the idle clearing if SMT is active on CPUs which are
 	 * affected only by MSBDS and not any other MDS variant.
@@ -1199,10 +1209,12 @@ static void update_mds_branch_idle(void)
 	if (!boot_cpu_has_bug(X86_BUG_MSBDS_ONLY))
 		return;
 
-	if (sched_smt_active())
+	if (sched_smt_active()) {
 		static_branch_enable(&mds_idle_clear);
-	else
+	} else if (mmio_mitigation == MMIO_MITIGATION_OFF ||
+		   (ia32_cap & ARCH_CAP_FBSDP_NO)) {
 		static_branch_disable(&mds_idle_clear);
+	}
 }
 
 #define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n"