releases/4.19.43/0007-x86-speculation-mds-Add-BUG_MSBDS_ONLY.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From c64842ae1e064b7136575f499a6b101761abc168 Mon Sep 17 00:00:00 2001
 From: Thomas Gleixner <tglx@linutronix.de>
 Date: Fri, 1 Mar 2019 20:21:08 +0100
 Subject: [PATCH 07/30] x86/speculation/mds: Add BUG_MSBDS_ONLY

 commit e261f209c3666e842fd645a1e31f001c3a26def9 upstream

 This bug bit is set on CPUs which are only affected by Microarchitectural
 Store Buffer Data Sampling (MSBDS) and not by any other MDS variant.

 This is important because the Store Buffers are partitioned between
 Hyper-Threads so cross thread forwarding is not possible. But if a thread
 enters or exits a sleep state the store buffer is repartitioned which can
 expose data from one thread to the other. This transition can be mitigated.

 That means that for CPUs which are only affected by MSBDS SMT can be
 enabled, if the CPU is not affected by other SMT sensitive vulnerabilities,
 e.g. L1TF. The XEON PHI variants fall into that category. Also the
 Silvermont/Airmont ATOMs, but for them it's not really relevant as they do
 not support SMT, but mark them for completeness sake.

 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
 Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
 Reviewed-by: Jon Masters <jcm@redhat.com>
 Tested-by: Jon Masters <jcm@redhat.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  arch/x86/include/asm/cpufeatures.h |  1 +
  arch/x86/kernel/cpu/common.c       | 20 ++++++++++++--------
  2 files changed, 13 insertions(+), 8 deletions(-)

 diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
 index 1dc7b8129b55..69037da75ea0 100644
 --- a/arch/x86/include/asm/cpufeatures.h
 +++ b/arch/x86/include/asm/cpufeatures.h
 @@ -380,5 +380,6 @@
  #define X86_BUG_SPEC_STORE_BYPASS	X86_BUG(17) /* CPU is affected by speculative store bypass attack */
  #define X86_BUG_L1TF			X86_BUG(18) /* CPU is affected by L1 Terminal Fault */
  #define X86_BUG_MDS			X86_BUG(19) /* CPU is affected by Microarchitectural data sampling */
 +#define X86_BUG_MSBDS_ONLY		X86_BUG(20) /* CPU is only affected by the  MSDBS variant of BUG_MDS */

  #endif /* _ASM_X86_CPUFEATURES_H */
 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
 index 0ea1e4bc3e20..1073118b9bf0 100644
 --- a/arch/x86/kernel/cpu/common.c
 +++ b/arch/x86/kernel/cpu/common.c
 @@ -953,6 +953,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
  #define NO_SSB		BIT(2)
  #define NO_L1TF		BIT(3)
  #define NO_MDS		BIT(4)
 +#define MSBDS_ONLY	BIT(5)

  #define VULNWL(_vendor, _family, _model, _whitelist)	\
  	{ X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
 @@ -976,16 +977,16 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
  	VULNWL_INTEL(ATOM_BONNELL,		NO_SPECULATION),
  	VULNWL_INTEL(ATOM_BONNELL_MID,		NO_SPECULATION),

 -	VULNWL_INTEL(ATOM_SILVERMONT,		NO_SSB | NO_L1TF),
 -	VULNWL_INTEL(ATOM_SILVERMONT_X,		NO_SSB | NO_L1TF),
 -	VULNWL_INTEL(ATOM_SILVERMONT_MID,	NO_SSB | NO_L1TF),
 -	VULNWL_INTEL(ATOM_AIRMONT,		NO_SSB | NO_L1TF),
 -	VULNWL_INTEL(XEON_PHI_KNL,		NO_SSB | NO_L1TF),
 -	VULNWL_INTEL(XEON_PHI_KNM,		NO_SSB | NO_L1TF),
 +	VULNWL_INTEL(ATOM_SILVERMONT,		NO_SSB | NO_L1TF | MSBDS_ONLY),
 +	VULNWL_INTEL(ATOM_SILVERMONT_X,		NO_SSB | NO_L1TF | MSBDS_ONLY),
 +	VULNWL_INTEL(ATOM_SILVERMONT_MID,	NO_SSB | NO_L1TF | MSBDS_ONLY),
 +	VULNWL_INTEL(ATOM_AIRMONT,		NO_SSB | NO_L1TF | MSBDS_ONLY),
 +	VULNWL_INTEL(XEON_PHI_KNL,		NO_SSB | NO_L1TF | MSBDS_ONLY),
 +	VULNWL_INTEL(XEON_PHI_KNM,		NO_SSB | NO_L1TF | MSBDS_ONLY),

  	VULNWL_INTEL(CORE_YONAH,		NO_SSB),

 -	VULNWL_INTEL(ATOM_AIRMONT_MID,		NO_L1TF),
 +	VULNWL_INTEL(ATOM_AIRMONT_MID,		NO_L1TF | MSBDS_ONLY),

  	VULNWL_INTEL(ATOM_GOLDMONT,		NO_MDS | NO_L1TF),
  	VULNWL_INTEL(ATOM_GOLDMONT_X,		NO_MDS | NO_L1TF),
 @@ -1029,8 +1030,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
  	if (ia32_cap & ARCH_CAP_IBRS_ALL)
  		setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);

 -	if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO))
 +	if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO)) {
  		setup_force_cpu_bug(X86_BUG_MDS);
 +		if (cpu_matches(MSBDS_ONLY))
 +			setup_force_cpu_bug(X86_BUG_MSBDS_ONLY);
 +	}

  	if (cpu_matches(NO_MELTDOWN))
  		return;
 --
 2.21.0
	From c64842ae1e064b7136575f499a6b101761abc168 Mon Sep 17 00:00:00 2001
	From: Thomas Gleixner <tglx@linutronix.de>
	Date: Fri, 1 Mar 2019 20:21:08 +0100
	Subject: [PATCH 07/30] x86/speculation/mds: Add BUG_MSBDS_ONLY

	commit e261f209c3666e842fd645a1e31f001c3a26def9 upstream

	This bug bit is set on CPUs which are only affected by Microarchitectural
	Store Buffer Data Sampling (MSBDS) and not by any other MDS variant.

	This is important because the Store Buffers are partitioned between
	Hyper-Threads so cross thread forwarding is not possible. But if a thread
	enters or exits a sleep state the store buffer is repartitioned which can
	expose data from one thread to the other. This transition can be mitigated.

	That means that for CPUs which are only affected by MSBDS SMT can be
	enabled, if the CPU is not affected by other SMT sensitive vulnerabilities,
	e.g. L1TF. The XEON PHI variants fall into that category. Also the
	Silvermont/Airmont ATOMs, but for them it's not really relevant as they do
	not support SMT, but mark them for completeness sake.

	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
	Reviewed-by: Jon Masters <jcm@redhat.com>
	Tested-by: Jon Masters <jcm@redhat.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	arch/x86/include/asm/cpufeatures.h \| 1 +
	arch/x86/kernel/cpu/common.c \| 20 ++++++++++++--------
	2 files changed, 13 insertions(+), 8 deletions(-)

	diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
	index 1dc7b8129b55..69037da75ea0 100644
	--- a/arch/x86/include/asm/cpufeatures.h
	+++ b/arch/x86/include/asm/cpufeatures.h
	@@ -380,5 +380,6 @@
	#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(17) /* CPU is affected by speculative store bypass attack */
	#define X86_BUG_L1TF X86_BUG(18) /* CPU is affected by L1 Terminal Fault */
	#define X86_BUG_MDS X86_BUG(19) /* CPU is affected by Microarchitectural data sampling */
	+#define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */

	#endif /* _ASM_X86_CPUFEATURES_H */
	diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
	index 0ea1e4bc3e20..1073118b9bf0 100644
	--- a/arch/x86/kernel/cpu/common.c
	+++ b/arch/x86/kernel/cpu/common.c
	@@ -953,6 +953,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
	#define NO_SSB BIT(2)
	#define NO_L1TF BIT(3)
	#define NO_MDS BIT(4)
	+#define MSBDS_ONLY BIT(5)

	#define VULNWL(_vendor, _family, _model, _whitelist) \
	{ X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
	@@ -976,16 +977,16 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
	VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION),
	VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION),

	- VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB \| NO_L1TF),
	- VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB \| NO_L1TF),
	- VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB \| NO_L1TF),
	- VULNWL_INTEL(ATOM_AIRMONT, NO_SSB \| NO_L1TF),
	- VULNWL_INTEL(XEON_PHI_KNL, NO_SSB \| NO_L1TF),
	- VULNWL_INTEL(XEON_PHI_KNM, NO_SSB \| NO_L1TF),
	+ VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB \| NO_L1TF \| MSBDS_ONLY),
	+ VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB \| NO_L1TF \| MSBDS_ONLY),
	+ VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB \| NO_L1TF \| MSBDS_ONLY),
	+ VULNWL_INTEL(ATOM_AIRMONT, NO_SSB \| NO_L1TF \| MSBDS_ONLY),
	+ VULNWL_INTEL(XEON_PHI_KNL, NO_SSB \| NO_L1TF \| MSBDS_ONLY),
	+ VULNWL_INTEL(XEON_PHI_KNM, NO_SSB \| NO_L1TF \| MSBDS_ONLY),

	VULNWL_INTEL(CORE_YONAH, NO_SSB),

	- VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF),
	+ VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF \| MSBDS_ONLY),

	VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS \| NO_L1TF),
	VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS \| NO_L1TF),
	@@ -1029,8 +1030,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
	if (ia32_cap & ARCH_CAP_IBRS_ALL)
	setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);

	- if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO))
	+ if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO)) {
	setup_force_cpu_bug(X86_BUG_MDS);
	+ if (cpu_matches(MSBDS_ONLY))
	+ setup_force_cpu_bug(X86_BUG_MSBDS_ONLY);
	+ }

	if (cpu_matches(NO_MELTDOWN))
	return;
	--
	2.21.0