Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1739716iog; Tue, 14 Jun 2022 12:11:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzKbk96Pd3HDl11cIuHR5Jm35NaWGj25UxBQ58bL7CavCv35hx46tbPzsqFRoptzMIsTujn X-Received: by 2002:a17:907:2c43:b0:715:85cb:21a with SMTP id hf3-20020a1709072c4300b0071585cb021amr5350955ejc.541.1655233892822; Tue, 14 Jun 2022 12:11:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655233892; cv=none; d=google.com; s=arc-20160816; b=0C9nOem/QFobIDwhrecE5IH/++xKC31zIHFM9cylS7RM4FbLR7R13yiFYUAsjw33Hu Qva31+L4ZGIfer+2m8NEHRPZROp6WJtmT7M0f4xH1xw1aoD1Yrv1S49rXHGC/2IUXE26 PwsOmTqOn0IDCf3SRDeBuieh/Gts+WrRdwCErJiBmX88H+e74B9xZRk/b8sEWdJRJwB+ 9NvLICZL3umeWub9mVNN0yREhGp+ovwRzo4Gawg8CDTQ78RIIXKczJ8ilGLFLxdtssOA 9sVHhH/YczkgOXkV/qVO0sSXnF68q/kYv65viET0kXwZmWNMKU0vvpSOHTZ/KsPJOPj8 Xe6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cxzsE5jK9RWUmtg+XDXLIIi1uab8Ad785B35ZUOrVvs=; b=qT1T7nrMiV/zkGPRkEIQVH44AKIkXeM234/LTdBaTKLGKq+sMd+kfrL7cRQ8aBHK6d l6kxA53aXrFS+yXp/q7leKNMH5iTc5cxGxkTftLU/rJVAC3fDy5sznyTnd+M82I2QYUI oUUpixY9M9kv9GS8GFKoYe5IQzBcCG+rL2MLu3oaVKUcgAvZlwHoiRQXFBlRvpwD4GhK nJGFOy8492VAewkplUS8suvI1+8yk6shXa8mjm76Ru5xk6QKbFcAf57Os6dGScm68RYK hfKnXBQZdS6gpsK3DpXhz/G4x0Jf+bbWfJuWNGvnXJK9gDM8txPE0w31WCFV7OLN7hxq 5Kvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=skk7WQDZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n9-20020a17090673c900b006fead2c3278si11829052ejl.192.2022.06.14.12.11.06; Tue, 14 Jun 2022 12:11:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=skk7WQDZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357556AbiFNStV (ORCPT + 99 others); Tue, 14 Jun 2022 14:49:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46320 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1357974AbiFNSsa (ORCPT ); Tue, 14 Jun 2022 14:48:30 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ADD194D607; Tue, 14 Jun 2022 11:44:47 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 36549B81AFD; Tue, 14 Jun 2022 18:44:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85F10C3411B; Tue, 14 Jun 2022 18:44:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1655232284; bh=KbDM2PpUnvupymiLnYBaEnVW4saa+eurbrjVqdYyaCI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=skk7WQDZTYHSC1hgJ4etX1Cqh8fHsYxpqHlfEuq4wNzMG8f1UOQ6tyAONZzb+4r4l PN5mXMx50Kg7AonunRa5uPfgEe29AJFeb9DUows8t6l/1o3oi8TrwOeOX9svcEGSUZ 7hlDWAk1vR73kg4CI4deUclYj9BDseTrlQuiY4uM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pawan Gupta , Thomas Gleixner , Josh Poimboeuf , Borislav Petkov Subject: [PATCH 5.10 06/11] x86/speculation/mmio: Enable CPU Fill buffer clearing on idle Date: Tue, 14 Jun 2022 20:40:28 +0200 Message-Id: <20220614183721.481711655@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220614183719.878453780@linuxfoundation.org> References: <20220614183719.878453780@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pawan Gupta commit 99a83db5a605137424e1efe29dc0573d6a5b6316 upstream When the CPU is affected by Processor MMIO Stale Data vulnerabilities, Fill Buffer Stale Data Propagator (FBSDP) can propagate stale data out of Fill buffer to uncore buffer when CPU goes idle. Stale data can then be exploited with other variants using MMIO operations. Mitigate it by clearing the Fill buffer before entering idle state. Signed-off-by: Pawan Gupta Signed-off-by: Thomas Gleixner Co-developed-by: Josh Poimboeuf Signed-off-by: Josh Poimboeuf Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/bugs.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -425,6 +425,14 @@ static void __init mmio_select_mitigatio static_branch_enable(&mmio_stale_data_clear); /* + * If Processor-MMIO-Stale-Data bug is present and Fill Buffer data can + * be propagated to uncore buffers, clearing the Fill buffers on idle + * is required irrespective of SMT state. + */ + if (!(ia32_cap & ARCH_CAP_FBSDP_NO)) + static_branch_enable(&mds_idle_clear); + + /* * Check if the system has the right microcode. * * CPU Fill buffer clear mitigation is enumerated by either an explicit @@ -1188,6 +1196,8 @@ static void update_indir_branch_cond(voi /* Update the static key controlling the MDS CPU buffer clear in idle */ static void update_mds_branch_idle(void) { + u64 ia32_cap = x86_read_arch_cap_msr(); + /* * Enable the idle clearing if SMT is active on CPUs which are * affected only by MSBDS and not any other MDS variant. @@ -1199,10 +1209,12 @@ static void update_mds_branch_idle(void) if (!boot_cpu_has_bug(X86_BUG_MSBDS_ONLY)) return; - if (sched_smt_active()) + if (sched_smt_active()) { static_branch_enable(&mds_idle_clear); - else + } else if (mmio_mitigation == MMIO_MITIGATION_OFF || + (ia32_cap & ARCH_CAP_FBSDP_NO)) { static_branch_disable(&mds_idle_clear); + } } #define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n"