[MODERATED] [PATCH v4 00/10] [PATCH v4] Patches known as SSB or MDD

[MODERATED] [PATCH v4 00/10] [PATCH v4] Patches known as SSB or MDD

[konrad.wilk]

Since v3
- Fixed it per Boris's review.
- Added Tim's comments.

 
Couple of things:

- Creating an bug on bugzilla.kernel.org and putting in
https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Branch-Target-Injection-Mitigation.pdf
https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

  I can do it now, but not exactly sure what I should put in the bug.

  We could upstream the first three patches right now as they are not
  security related, as cleanups?

- Testing shows now (see 'rds' and 'spec_store_bypass'):

processor       : 39
vendor_id       : GenuineIntel
cpu family      : 6
model           : 79
model name      : Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz
stepping        : 1
microcode       : 0xb00002d
cpu MHz         : 2430.874
cache size      : 25600 KB
physical id     : 1
siblings        : 20
core id         : 12
cpu cores       : 10
apicid          : 57
initial apicid  : 57
fpu             : yes
fpu_exception   : yes
cpuid level     : 20
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single pti intel_ppin tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm rdt_a rdseed adx smap intel_pt xsaveopt cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local ibpb ibrs stibp dtherm ida arat pln pts rds
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass
bogomips        : 4402.99
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 48 bits virtual
power management:


- Hadn't tested KVM/QEMU yet. Will do that on Wednesday.
  I am AFK tomorrow (Tuesday).


Things folks already know, but just in case you are new:

- The titles are obfuscated as Subject: are not encrypted. Nor are the
   MIME attachment file names.

- The cover letter subject is also mangled as I can't say spec_store_bypass_disable
  in the title.

- The Suggested-by and Reviewed-by have an XX in front of them so that
  git send-email does not include the CC on the mailbox file.

Here is the diffstat including the non-scrambled names of the patches.

 Documentation/admin-guide/kernel-parameters.txt |  32 ++++
 arch/x86/include/asm/cpufeatures.h              |   3 +
 arch/x86/include/asm/msr-index.h                |   1 +
 arch/x86/include/asm/nospec-branch.h            |  41 ++++-
 arch/x86/kernel/cpu/amd.c                       |  13 ++
 arch/x86/kernel/cpu/bugs.c                      | 216 ++++++++++++++++++++++--
 arch/x86/kernel/cpu/common.c                    |  43 +++--
 arch/x86/kernel/cpu/intel.c                     |   7 +
 arch/x86/kvm/cpuid.c                            |   2 +-
 arch/x86/kvm/svm.c                              |   6 +-
 arch/x86/kvm/vmx.c                              |  14 +-
 drivers/base/cpu.c                              |   8 +
 include/linux/cpu.h                             |   2 +
 13 files changed, 346 insertions(+), 42 deletions(-)

Konrad Rzeszutek Wilk (9):
      x86/bugs: Concentrate bug detection into a separate function
      x86/bugs: Concentrate bug reporting into a separate function
      x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits.
      KVM/SVM/VMX/x86/spectre_v2: Support the combination of guest IBRS and ours.
      x86/bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS
      x86/spec_store_bypass_disable: Provide boot parameters for the mitigation
      x86/spec_store_bypass_disable/Intel: set proper CPU features and latch mitigation.
      x86/spec_store_bypass_disable/AMD: Add support to disable it on Fam[15,16,17]h if requested.
      x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest

[MODERATED] Re: [PATCH v4 00/10] [PATCH v4] Patches known as SSB or MDD

[Konrad Rzeszutek Wilk]

[-- Attachment #1: Type: text/plain, Size: 172 bytes --]

> Here is the diffstat including the non-scrambled names of the patches.

And attached is the tarball.

26ea0e9fc945157e358b8d3370dde809  spec_store_bypass_disable.v4.tgz


[-- Attachment #2: spec_store_bypass_disable.v4.tgz --]
[-- Type: application/gzip, Size: 12964 bytes --]

[MODERATED] Re: [PATCH v4 00/10] [PATCH v4] Patches known as SSB or MDD

[Jon Masters]

[-- Attachment #1: Type: text/plain, Size: 351 bytes --]

On 04/23/2018 11:40 PM, speck for Konrad Rzeszutek Wilk wrote:
>> Here is the diffstat including the non-scrambled names of the patches.
> 
> And attached is the tarball.
> 
> 26ea0e9fc945157e358b8d3370dde809  spec_store_bypass_disable.v4.tgz

Thanks. Just brewing coffee...


-- 
Computer Architect | Sent from my Fedora powered laptop

[MODERATED] Re: [PATCH v4 00/10] [PATCH v4] Patches known as SSB or MDD

[Borislav Petkov]

On Mon, Apr 23, 2018 at 11:16:01PM -0400, speck for konrad.wilk_at_oracle.com wrote:
> Since v3
> - Fixed it per Boris's review.
> - Added Tim's comments.
> 
>  
> Couple of things:
> 
> - Creating an bug on bugzilla.kernel.org and putting in
> https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Branch-Target-Injection-Mitigation.pdf
> https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
> 
>   I can do it now, but not exactly sure what I should put in the bug.

Just put some blurb along the lines of "for future reference". You can
always add more comments to the bugzilla entry later, after the whole
shit becomes public.

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
-- 

[MODERATED] Re: [PATCH v4 00/10] [PATCH v4] Patches known as SSB or MDD

[Jon Masters]

[-- Attachment #1: Type: text/plain, Size: 577 bytes --]

On 04/24/2018 12:16 AM, speck for Jon Masters wrote:
> On 04/23/2018 11:40 PM, speck for Konrad Rzeszutek Wilk wrote:
>>> Here is the diffstat including the non-scrambled names of the patches.
>>
>> And attached is the tarball.
>>
>> 26ea0e9fc945157e358b8d3370dde809  spec_store_bypass_disable.v4.tgz
> 
> Thanks. Just brewing coffee...

Forgot to say, these booted on on Coffeelake with updated ucode.

Waiting to test on EPYC.

I've pinged Arm and IBM for updates on their mitigations.

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop