Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp2688068rda; Wed, 25 Oct 2023 09:29:36 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGRlXDafK4HtWzEUpbbSJE5/76t3ZKZ185aJxAQxtaXNvinO/4WbW8zhv8/Ite30zm08sKY X-Received: by 2002:a05:6808:90:b0:3b2:dd87:fc with SMTP id s16-20020a056808009000b003b2dd8700fcmr17597789oic.2.1698251376726; Wed, 25 Oct 2023 09:29:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698251376; cv=none; d=google.com; s=arc-20160816; b=RxfOVAU7hYeeg1id0ybilL1RQUeUiZOvU0VrQJl5dF0rbXpLl67tf+csbovj/8ioUn LLgwpVBW9fo66gauhXjuy12N55zAv5uSD4aVQHbGU+6r/zrljpiGNT7QF//+rN8Q+fMu p+gY1jniZJPOdKu+NN3DDYetoKZEVJaVL+ItOvO+aOYLfULIK3/SWuRz0+H+c2NZp/+t Cpterx3FqpyReG9h1g4KfIca8LElDIVSt7J2TmsBIp7+ECBTAd11Mj7wlwblQ48LbgQ7 EqCzxfxyp1a7/cQ4UdLDjamiv1E9UhEFtLkqMIvPGrftuTKJbmkrbCMViE2SWbJJHa+P LA6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=kzIIbpM/lGaNPwGgBvLHHReLteMt+1blH/cRpMaaFNs=; fh=CLzv7aa1b60xRcJ5OWRAlP/Llgj6QuNmWWUC2CwvGHQ=; b=GgJ7PQSDCfwoi9+EdJ/5ZLEuRTzVtMmsEgd0S7ThHN0xScMt/aM9mCe6FufQLNsyn2 AxqshzsQPl3sPHrlGZQ1ttp80x3WjcWgTzaEhDMcgRa3CFVFMmYaoI2qUkTBF0/bG3XG 5c8Z5zjz36MgbDQzf0MxDAYo+78F7fEYl3oBoD4ymZ4P58IdUDrjpaMZazLJ9cyAIrE5 CodaxrbrVsPkLPLJKYm/5qLrlnuUA6GHaJmeyEsbgb5SR9bgKSpsCaFcWOm3dMtfJHcp z/cXyW45UdqeF16d+LvO3h67Pe9oazyD7z9UmtWMF/L/8uuw2CbIZJA3olwGIDmnw+r/ 6Wkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vJBS0L4R; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id e71-20020a25694a000000b00d9abd69772bsi4756513ybc.124.2023.10.25.09.29.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 09:29:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vJBS0L4R; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 90C1C8132A58; Wed, 25 Oct 2023 09:29:31 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232748AbjJYQ3R (ORCPT + 99 others); Wed, 25 Oct 2023 12:29:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38460 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232262AbjJYQ3N (ORCPT ); Wed, 25 Oct 2023 12:29:13 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FDD510E for ; Wed, 25 Oct 2023 09:29:09 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A95FC433C8; Wed, 25 Oct 2023 16:29:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1698251348; bh=N32nvEq5O286yd+ttiB1pgrNAbStdRL1vSHhePO5p0I=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=vJBS0L4RzSG8tAourCAatHd0t27wxqx8mQnqr4y5By27WRVpfn2BXehziF2KmREXj MZVZH4vcriS6lBRTmcAEdbAGQDfnxFuCBS8M24OFi/Ogy5higVYOFHSC9GXqpaCguA 0q51N8GaqwijL9vxlmuTJFpmvucCIFb3pAgfJw3qkji4L7ydB/b43Y1IM+yc23t5II RT8T65Rb5Xd32zOPveTOLhmwHWJtdtRgokcEpn6jXvtqdkOS4ohIC1/V/2fwtfHVO/ 15nJLKdow1zhWjhWyq34r6zEpNPnAhswfBgZ1k4a0YnvzkT1bqJTcN/cUF7S7m8YgQ XmS2nlmzDc8Yw== Date: Wed, 25 Oct 2023 09:29:06 -0700 From: Josh Poimboeuf To: Breno Leitao Cc: mingo@redhat.com, tglx@linutronix.de, bp@alien8.de, Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Pawan Gupta , leit@meta.com, "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" Subject: Re: [PATCH v5 12/12] x86/bugs: Add a separate config for missing mitigation Message-ID: <20231025162906.abnyb7xum7cpjwxy@treble> References: <20231019181158.1982205-1-leitao@debian.org> <20231019181158.1982205-13-leitao@debian.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20231019181158.1982205-13-leitao@debian.org> X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 25 Oct 2023 09:29:31 -0700 (PDT) On Thu, Oct 19, 2023 at 11:11:58AM -0700, Breno Leitao wrote: > Currently, the CONFIG_SPECULATION_MITIGATIONS is halfway populated, > where some mitigations have entries in Kconfig, and they could be > modified, while others mitigations do not have Kconfig entries, and > could not be controlled at build time. > > Create an entry for each CPU mitigation under > CONFIG_SPECULATION_MITIGATIONS. This allow users to enable or disable > them at compilation time. > > Signed-off-by: Breno Leitao We also probably need a CONFIG_MITIGATION_MELTDOWN. > --- > arch/x86/Kconfig | 93 ++++++++++++++++++++++++++++++++++++++ > arch/x86/kernel/cpu/bugs.c | 39 ++++++++++------ > 2 files changed, 117 insertions(+), 15 deletions(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index a5cada7443ea..ccdcb1dcdc0c 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2591,6 +2591,99 @@ config MITIGATION_GDS_FORCE > > If in doubt, say N. > > +config MITIGATION_MDS > + bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug" > + depends on CPU_SUP_INTEL > + default y > + help > + Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is > + a hardware vulnerability which allows unprivileged speculative access > + to data which is available in various CPU internal buffer. Deeper buffers > + technical information is available in the MDS specific x86 architecture > + section: Documentation/arch/x86/mds.rst. I believe the high-level document is actually Documentation/admin-guide/hw-vuln/mds.rst. > +config MITIGATION_TAA > + bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug" > + depends on CPU_SUP_INTEL > + default y > + help > + Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware > + vulnerability that allows unprivileged speculative access to data > + which is available in various CPU internal buffers by using > + asynchronous aborts within an Intel TSX transactional region. Refer to Documentation/admin-guide/hw-vuln/tsx_async_abort.rst > +config MITIGATION_MMIO_STALE_DATA > + bool "Mitigate MMIO Stale Data hardware bug" > + depends on CPU_SUP_INTEL > + default y > + help > + Enable mitigation for MMIO Stale Data hardware bugs. Processor MMIO > + Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) > + vulnerabilities that can expose data. The vulnerabilities require the > + attacker to have access to MMIO. Refer to Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst > +config MITIGATION_L1TF > + bool "Mitigate L1 Terminal Fault (L1TF) hardware bug" depends on CPU_SUP_INTEL > + default y > + help > + Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a > + hardware vulnerability which allows unprivileged speculative access to data > + which is available in the Level 1 Data Cache when the page table > + entry controlling the virtual address. -EGRAMMAR Also refer to Documentation/admin-guide/hw-vuln/l1tf.rst > +config MITIGATION_RETBLEED > + bool "Mitigate RETBleed hardware bug" depends on CPU_SUP_INTEL || (CPU_SUP_AMD && MITIGATION_UNRET_ENTRY) > +config MITIGATION_SPECTRE_V1 > + bool "Mitigate SPECTRE V1 hardware bug" > + default y > + help > + Enable mitigation for Spectre V1 (Bounds Check Bypass). Spectre V1 is a > + class of side channel attacks that takes advantage of speculative > + execution that bypasses conditional branch instructions used for > + memory access bounds check. Refer to Documentation/admin-guide/hw-vuln/spectre.rst > +config MITIGATION_SPECTRE_V2 > + bool "Mitigate SPECTRE V2 hardware bug" > + default y > + help > + Enable mitigation for Spectre V2 (Branch Target Injection). Spectre > + V2 is a class of side channel attacks that takes advantage of > + indirect branch predictors inside the processor. In Spectre variant 2 > + attacks, the attacker can steer speculative indirect branches in the > + victim to gadget code by poisoning the branch target buffer of a CPU > + used for predicting indirect branch addresses. Refer to Documentation/admin-guide/hw-vuln/spectre.rst > +config MITIGATION_SRBDS > + bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug" > + depends on CPU_SUP_INTEL > + default y > + help > + Enable mitigation for Special Register Buffer Data Sampling (SRBDS). > + SRBDS is a hardware vulnerability that allows Microarchitectural Data > + Sampling (MDS) techniques to infer values returned from special > + register accesses. An unprivileged user can extract values returned > + from RDRAND and RDSEED executed on another core or sibling thread > + using MDS techniques. Refer to Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst > + cmd = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE; > if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") || > cpu_mitigations_off()) > return SPECTRE_V2_CMD_NONE; I'm thinking CONFIG_MITIGATION_SPECTRE_V2 should also affect whether the spectre v2 user mitigation gets enabled. -- Josh