From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x226zY/0W0QLBjIVP31kfZ+VP54ZsVpxXU+i+nHVCGrq4kSKRZhN2t/NSiyM5XD7NCwuQhAwZ ARC-Seal: i=1; a=rsa-sha256; t=1516896889; cv=none; d=google.com; s=arc-20160816; b=dLTvTtIbyLUAMoXG5kxqp0QjtJPNJIEH2FeWu8ZDHauKSuB35hSOvg/TZbW4ZZxc/c 9bibWY+m3i3DloXSMNGvIY2rqXQz495Sb+fTaCxIuNE/wr39aEAaOTqDY/9adQS2VpmH utI09GCall6Dmc90UgcqZYXxQI1tzZ5MfZHI3ktUsmm1hJKOMx1krRfN7ANgScAz/e4j XMSiU9bygWHnd3j1BZkcD89FPudaRQZyYkNHkIrxELO5dryJ3XWwI1hFh2yCyxxXZO9k BVNs22UUsUi7zKXfzQ7zs4+wFTrp7vrib8zL2kPGNYRsJtRfn22R8RvxaFKiqHiiOmxe PRew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:dkim-signature :arc-authentication-results; bh=8ez39NjgifPVltMpnfO4P31HqtnKRLhoNxVnTdYqE7o=; b=N3cMCEJUgFXjrinhkOBZx2uug9G1Z8i9nbDiP5l9lzgtyDhZZRphilatCrI8pnQdGH oS0g0KCsedSbxk21taySZN6XXBa/JOzGljoB30+sVGLMzeXEuBvCwpD2flAZyH+K7TZC MpxvP/Kl9zOqygKlyYobdoCD5L02xJ1pORaIDypk+Ayyji82b6XLiMjQDJt0h/6MzHyG 4UGyPweG/mp3w7d9d1CyJgm44SaI2f4bYgZtqrepXqlCuaXowc2WVWxg4ysX3YfOpyR6 77Bx1t/AHjbXg9tV0rdCFqDXZzEtU/HreRzZWuETvNryHnCIoy53sBV+0fl9jnNcWbVk N+VQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=d3vGW4Y1; spf=pass (google.com: domain of prvs=556dd1d58=dwmw@amazon.com designates 207.171.184.29 as permitted sender) smtp.mailfrom=prvs=556dd1d58=dwmw@amazon.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=d3vGW4Y1; spf=pass (google.com: domain of prvs=556dd1d58=dwmw@amazon.com designates 207.171.184.29 as permitted sender) smtp.mailfrom=prvs=556dd1d58=dwmw@amazon.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk X-IronPort-AV: E=Sophos;i="5.46,412,1511827200"; d="scan'208";a="589885269" From: David Woodhouse To: arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, dave.hansen@intel.com, gnomes@lxorguk.ukuu.org.uk, ashok.raj@intel.com, mingo@kernel.org Subject: [PATCH v5 6/7] x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes Date: Thu, 25 Jan 2018 16:14:14 +0000 Message-Id: <1516896855-7642-7-git-send-email-dwmw@amazon.co.uk> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516896855-7642-1-git-send-email-dwmw@amazon.co.uk> References: <1516896855-7642-1-git-send-email-dwmw@amazon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1590581673656030797?= X-GMAIL-MSGID: =?utf-8?q?1590581673656030797?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: This doesn't refuse to load the affected microcodes; it just refuses to use the Spectre v2 mitigation features if they're detected, by clearing the appropriate feature bits. The AMD CPUID bits are handled here too, because hypervisors *may* have been exposing those bits even on Intel chips, for fine-grained control of what's available. It is non-trivial to use x86_match_cpu() for this table because that doesn't handle steppings. And the approach taken in commit bd9240a18 almost made me lose my lunch. Signed-off-by: David Woodhouse Reviewed-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/intel.c | 66 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index b720dac..125b65f 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -102,6 +102,59 @@ static void probe_xeon_phi_r3mwait(struct cpuinfo_x86 *c) ELF_HWCAP2 |= HWCAP2_RING3MWAIT; } +/* + * Early microcode releases for the Spectre v2 mitigation were broken. + * Information taken from; + * • https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf + * • https://kb.vmware.com/s/article/52345 + * • Microcode revisions observed in the wild + * • releasenote from 20180108 microcode release + */ +struct sku_microcode { + u8 model; + u8 stepping; + u32 microcode; +}; +static const struct sku_microcode spectre_bad_microcodes[] = { + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0B, 0x84 }, + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x0A, 0x84 }, + { INTEL_FAM6_KABYLAKE_DESKTOP, 0x09, 0x84 }, + { INTEL_FAM6_KABYLAKE_MOBILE, 0x0A, 0x84 }, + { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x84 }, + { INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e }, + { INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003c }, + { INTEL_FAM6_SKYLAKE_MOBILE, 0x03, 0xc2 }, + { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 }, + { INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 }, + { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x1b }, + { INTEL_FAM6_BROADWELL_XEON_D, 0x02, 0x14 }, + { INTEL_FAM6_BROADWELL_XEON_D, 0x03, 0x07000011 }, + { INTEL_FAM6_BROADWELL_X, 0x01, 0x0b000025 }, + { INTEL_FAM6_HASWELL_ULT, 0x01, 0x21 }, + { INTEL_FAM6_HASWELL_GT3E, 0x01, 0x18 }, + { INTEL_FAM6_HASWELL_CORE, 0x03, 0x23 }, + { INTEL_FAM6_HASWELL_X, 0x02, 0x3b }, + { INTEL_FAM6_HASWELL_X, 0x04, 0x10 }, + { INTEL_FAM6_IVYBRIDGE_X, 0x04, 0x42a }, + /* Updated in the 20180108 release; blacklist until we know otherwise */ + { INTEL_FAM6_ATOM_GEMINI_LAKE, 0x01, 0x22 }, + /* Observed in the wild */ + { INTEL_FAM6_SANDYBRIDGE_X, 0x06, 0x61b }, + { INTEL_FAM6_SANDYBRIDGE_X, 0x07, 0x712 }, +}; + +static bool bad_spectre_microcode(struct cpuinfo_x86 *c) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) { + if (c->x86_model == spectre_bad_microcodes[i].model && + c->x86_mask == spectre_bad_microcodes[i].stepping) + return (c->microcode <= spectre_bad_microcodes[i].microcode); + } + return false; +} + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; @@ -122,6 +175,19 @@ static void early_init_intel(struct cpuinfo_x86 *c) if (c->x86 >= 6 && !cpu_has(c, X86_FEATURE_IA64)) c->microcode = intel_get_microcode_revision(); + if ((cpu_has(c, X86_FEATURE_SPEC_CTRL) || + cpu_has(c, X86_FEATURE_STIBP) || + cpu_has(c, X86_FEATURE_AMD_SPEC_CTRL) || + cpu_has(c, X86_FEATURE_AMD_PRED_CMD) || + cpu_has(c, X86_FEATURE_AMD_STIBP)) && bad_spectre_microcode(c)) { + pr_warn("Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL\n"); + clear_cpu_cap(c, X86_FEATURE_SPEC_CTRL); + clear_cpu_cap(c, X86_FEATURE_STIBP); + clear_cpu_cap(c, X86_FEATURE_AMD_SPEC_CTRL); + clear_cpu_cap(c, X86_FEATURE_AMD_PRED_CMD); + clear_cpu_cap(c, X86_FEATURE_AMD_STIBP); + } + /* * Atom erratum AAE44/AAF40/AAG38/AAH41: * -- 2.7.4