[PATCH v2 0/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

[PATCH v2 0/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

[Waiman Long]

 v2:
  - Update the documentation files accordingly
  - Add an optional second patch to defer printing of MDS mitigation.

As MDS and TAA mitigations can be inter-related, setting command
line option for one without a matching other may cause one of their
vulnerabilities files to report their status incorrectly. This patch
makes sure that both vulnerabilities files will report consistent
status correctly.

Waiman Long (2):
  x86/speculation: Fix incorrect MDS/TAA mitigation status
  x86/speculation: Fix redundant MDS mitigation message

 Documentation/admin-guide/hw-vuln/mds.rst     |  6 ++++-
 .../admin-guide/hw-vuln/tsx_async_abort.rst   |  5 +++-
 arch/x86/kernel/cpu/bugs.c                    | 27 +++++++++++++++++--
 3 files changed, 34 insertions(+), 4 deletions(-)

-- 
2.18.1

[PATCH v2 1/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

[Waiman Long]

For MDS vulnerable processors with TSX support, enabling either MDS or
TAA mitigations will enable the use of VERW to flush internal processor
buffers at the right code path. IOW, they are either both mitigated
or both not. However, if the command line options are inconsistent,
the vulnerabilites sysfs files may not report the mitigation status
correctly.

For example, with only the "mds=off" option:

  vulnerabilities/mds:Vulnerable; SMT vulnerable
  vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT vulnerable

The mds vulnerabilities file has wrong status in this case. Similarly,
the taa vulnerability file will be wrong with mds mitigation on, but
taa off.

Change taa_select_mitigation() to sync up the two mitigation status
and have them turned off if both "mds=off" and "tsx_async_abort=off"
are present.

Both hw-vuln/mds.rst and hw-vuln/tsx_async_abort.rst are updated
to emphasize the fact that both "mds=off" and "tsx_async_abort=off"
have to be specified together for processors that are affected by both
TAA and MDS to be effective. As kernel-parameter.txt references both
documents above, it is not necessary to update it.

Signed-off-by: Waiman Long <longman@redhat.com>
---
 Documentation/admin-guide/hw-vuln/mds.rst       |  6 +++++-
 .../admin-guide/hw-vuln/tsx_async_abort.rst     |  5 ++++-
 arch/x86/kernel/cpu/bugs.c                      | 17 +++++++++++++++--
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
index e3a796c0d3a2..8e5212fedac3 100644
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -265,7 +265,11 @@ time with the option "mds=". The valid arguments for this option are:
 
   ============  =============================================================
 
-Not specifying this option is equivalent to "mds=full".
+Not specifying this option is equivalent to "mds=full". For
+processors that are affected by both TAA (TSX Asynchronous Abort)
+and MDS, specifying just "mds=off" without an accompanying
+"tsx_async_abort=off" will have no effect as the same mitigation is
+used for both vulnerabilities.
 
 
 Mitigation selection guide
diff --git a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
index fddbd7579c53..af6865b822d2 100644
--- a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
+++ b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
@@ -174,7 +174,10 @@ the option "tsx_async_abort=". The valid arguments for this option are:
                 CPU is not vulnerable to cross-thread TAA attacks.
   ============  =============================================================
 
-Not specifying this option is equivalent to "tsx_async_abort=full".
+Not specifying this option is equivalent to "tsx_async_abort=full". For
+processors that are affected by both TAA and MDS, specifying just
+"tsx_async_abort=off" without an accompanying "mds=off" will have no
+effect as the same mitigation is used for both vulnerabilities.
 
 The kernel command line also allows to control the TSX feature using the
 parameter "tsx=" on CPUs which support TSX control. MSR_IA32_TSX_CTRL is used
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 4c7b0fa15a19..cb513eaa0df1 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -304,8 +304,12 @@ static void __init taa_select_mitigation(void)
 		return;
 	}
 
-	/* TAA mitigation is turned off on the cmdline (tsx_async_abort=off) */
-	if (taa_mitigation == TAA_MITIGATION_OFF)
+	/*
+	 * TAA mitigation via VERW is turned off if both
+	 * tsx_async_abort=off and mds=off are specified.
+	 */
+	if (taa_mitigation == TAA_MITIGATION_OFF &&
+	    mds_mitigation == MDS_MITIGATION_OFF)
 		goto out;
 
 	if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
@@ -339,6 +343,15 @@ static void __init taa_select_mitigation(void)
 	if (taa_nosmt || cpu_mitigations_auto_nosmt())
 		cpu_smt_disable(false);
 
+	/*
+	 * Update MDS mitigation, if necessary, as the mds_user_clear is
+	 * now enabled for TAA mitigation.
+	 */
+	if (mds_mitigation == MDS_MITIGATION_OFF &&
+	    boot_cpu_has_bug(X86_BUG_MDS)) {
+		mds_mitigation = MDS_MITIGATION_FULL;
+		mds_select_mitigation();
+	}
 out:
 	pr_info("%s\n", taa_strings[taa_mitigation]);
 }
-- 
2.18.1

Re: [PATCH v2 1/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

[Boris Petkov]

On November 15, 2019 5:14:44 PM GMT+01:00, Waiman Long <longman@redhat.com> wrote:
>For MDS vulnerable processors with TSX support, enabling either MDS or
>TAA mitigations will enable the use of VERW to flush internal processor
>buffers at the right code path. IOW, they are either both mitigated
>or both not. However, if the command line options are inconsistent,
>the vulnerabilites sysfs files may not report the mitigation status
>correctly.
>
>For example, with only the "mds=off" option:
>
>  vulnerabilities/mds:Vulnerable; SMT vulnerable
>vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT
>vulnerable
>
>The mds vulnerabilities file has wrong status in this case. Similarly,
>the taa vulnerability file will be wrong with mds mitigation on, but
>taa off.
>
>Change taa_select_mitigation() to sync up the two mitigation status
>and have them turned off if both "mds=off" and "tsx_async_abort=off"
>are present.
>
>Both hw-vuln/mds.rst and hw-vuln/tsx_async_abort.rst are updated
>to emphasize the fact that both "mds=off" and "tsx_async_abort=off"
>have to be specified together for processors that are affected by both
>TAA and MDS to be effective. As kernel-parameter.txt references both
>documents above, it is not necessary to update it.

What about kernel-parameters.txt?

-- 
Sent from a small device: formatting sux and brevity is inevitable.

Re: [PATCH v2 1/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

[Thomas Gleixner]

On Fri, 15 Nov 2019, Boris Petkov wrote:

> On November 15, 2019 5:14:44 PM GMT+01:00, Waiman Long <longman@redhat.com> wrote:
> >For MDS vulnerable processors with TSX support, enabling either MDS or
> >TAA mitigations will enable the use of VERW to flush internal processor
> >buffers at the right code path. IOW, they are either both mitigated
> >or both not. However, if the command line options are inconsistent,
> >the vulnerabilites sysfs files may not report the mitigation status
> >correctly.
> >
> >For example, with only the "mds=off" option:
> >
> >  vulnerabilities/mds:Vulnerable; SMT vulnerable
> >vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT
> >vulnerable
> >
> >The mds vulnerabilities file has wrong status in this case. Similarly,
> >the taa vulnerability file will be wrong with mds mitigation on, but
> >taa off.
> >
> >Change taa_select_mitigation() to sync up the two mitigation status
> >and have them turned off if both "mds=off" and "tsx_async_abort=off"
> >are present.
> >
> >Both hw-vuln/mds.rst and hw-vuln/tsx_async_abort.rst are updated
> >to emphasize the fact that both "mds=off" and "tsx_async_abort=off"
> >have to be specified together for processors that are affected by both
> >TAA and MDS to be effective. As kernel-parameter.txt references both
> >documents above, it is not necessary to update it.
> 
> What about kernel-parameters.txt?

See the last sentence of the paragraph you replied to :)

But serioulsy, yes we should mention the interaction in
kernel-parameters.txt as well. Something like:

	off        - Unconditionally disable MDS mitigation.
+		     On TAA affected machines, mds=off can be prevented
+		     by an active TAA mitigation as both vulnerabilities
+		     are mitigated with the same mechanism.

and the other way round for TAA.

Thanks,

	tglx

Re: [PATCH v2 1/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

[Boris Petkov]

On November 15, 2019 8:35:54 PM GMT+01:00, Thomas Gleixner <tglx@linutronix.de> wrote:
>See the last sentence of the paragraph you replied to :)

Proves even more that this should be documented in *all* places that talk about TAA cmdline options and we should not rely on references but write stuff out everywhere so that people can see it directly.

>But serioulsy, yes we should mention the interaction in
>kernel-parameters.txt as well. Something like:
>
>	off        - Unconditionally disable MDS mitigation.
>+		     On TAA affected machines, mds=off can be prevented
>+		     by an active TAA mitigation as both vulnerabilities
>+		     are mitigated with the same mechanism.
>
>and the other way round for TAA.

Ack.

Thx.

-- 
Sent from a small device: formatting sux and brevity is inevitable.

Re: [PATCH v2 1/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

[Waiman Long]

On 11/15/19 3:21 PM, Boris Petkov wrote:
> On November 15, 2019 8:35:54 PM GMT+01:00, Thomas Gleixner <tglx@linutronix.de> wrote:
>> See the last sentence of the paragraph you replied to :)
> Proves even more that this should be documented in *all* places that talk about TAA cmdline options and we should not rely on references but write stuff out everywhere so that people can see it directly.
>
>> But serioulsy, yes we should mention the interaction in
>> kernel-parameters.txt as well. Something like:
>>
>> 	off        - Unconditionally disable MDS mitigation.
>> +		     On TAA affected machines, mds=off can be prevented
>> +		     by an active TAA mitigation as both vulnerabilities
>> +		     are mitigated with the same mechanism.
>>
>> and the other way round for TAA.
> Ack.
>
Sorry for late reply as I am out on Friday afternoon. On hindsight, I
should have added relevant description to kernel-parameters.txt as it is
the mostly read kernel document.

Acked-by: Waiman Long <longman@redhat.com>

Thanks,
Longman

[tip: x86/pti] x86/speculation: Fix incorrect MDS/TAA mitigation status

[tip-bot2 for Waiman Long]

The following commit has been merged into the x86/pti branch of tip:

Commit-ID:     64870ed1b12e235cfca3f6c6da75b542c973ff78
Gitweb:        https://git.kernel.org/tip/64870ed1b12e235cfca3f6c6da75b542c973ff78
Author:        Waiman Long <longman@redhat.com>
AuthorDate:    Fri, 15 Nov 2019 11:14:44 -05:00
Committer:     Borislav Petkov <bp@suse.de>
CommitterDate: Sat, 16 Nov 2019 13:17:49 +01:00

x86/speculation: Fix incorrect MDS/TAA mitigation status

For MDS vulnerable processors with TSX support, enabling either MDS or
TAA mitigations will enable the use of VERW to flush internal processor
buffers at the right code path. IOW, they are either both mitigated
or both not. However, if the command line options are inconsistent,
the vulnerabilites sysfs files may not report the mitigation status
correctly.

For example, with only the "mds=off" option:

  vulnerabilities/mds:Vulnerable; SMT vulnerable
  vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT vulnerable

The mds vulnerabilities file has wrong status in this case. Similarly,
the taa vulnerability file will be wrong with mds mitigation on, but
taa off.

Change taa_select_mitigation() to sync up the two mitigation status
and have them turned off if both "mds=off" and "tsx_async_abort=off"
are present.

Update documentation to emphasize the fact that both "mds=off" and
"tsx_async_abort=off" have to be specified together for processors that
are affected by both TAA and MDS to be effective.

 [ bp: Massage and add kernel-parameters.txt change too. ]

Fixes: 1b42f017415b ("x86/speculation/taa: Add mitigation for TSX Async Abort")
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: linux-doc@vger.kernel.org
Cc: Mark Gross <mgross@linux.intel.com>
Cc: <stable@vger.kernel.org>
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20191115161445.30809-2-longman@redhat.com
---
 Documentation/admin-guide/hw-vuln/mds.rst             |  7 ++--
 Documentation/admin-guide/hw-vuln/tsx_async_abort.rst |  5 ++-
 Documentation/admin-guide/kernel-parameters.txt       | 11 ++++++-
 arch/x86/kernel/cpu/bugs.c                            | 17 ++++++++--
 4 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
index e3a796c..2d19c9f 100644
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -265,8 +265,11 @@ time with the option "mds=". The valid arguments for this option are:
 
   ============  =============================================================
 
-Not specifying this option is equivalent to "mds=full".
-
+Not specifying this option is equivalent to "mds=full". For processors
+that are affected by both TAA (TSX Asynchronous Abort) and MDS,
+specifying just "mds=off" without an accompanying "tsx_async_abort=off"
+will have no effect as the same mitigation is used for both
+vulnerabilities.
 
 Mitigation selection guide
 --------------------------
diff --git a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
index fddbd75..af6865b 100644
--- a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
+++ b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
@@ -174,7 +174,10 @@ the option "tsx_async_abort=". The valid arguments for this option are:
                 CPU is not vulnerable to cross-thread TAA attacks.
   ============  =============================================================
 
-Not specifying this option is equivalent to "tsx_async_abort=full".
+Not specifying this option is equivalent to "tsx_async_abort=full". For
+processors that are affected by both TAA and MDS, specifying just
+"tsx_async_abort=off" without an accompanying "mds=off" will have no
+effect as the same mitigation is used for both vulnerabilities.
 
 The kernel command line also allows to control the TSX feature using the
 parameter "tsx=" on CPUs which support TSX control. MSR_IA32_TSX_CTRL is used
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 8dee8f6..9983ac7 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2473,6 +2473,12 @@
 				     SMT on vulnerable CPUs
 			off        - Unconditionally disable MDS mitigation
 
+			On TAA-affected machines, mds=off can be prevented by
+			an active TAA mitigation as both vulnerabilities are
+			mitigated with the same mechanism so in order to disable
+			this mitigation, you need to specify tsx_async_abort=off
+			too.
+
 			Not specifying this option is equivalent to
 			mds=full.
 
@@ -4931,6 +4937,11 @@
 				     vulnerable to cross-thread TAA attacks.
 			off        - Unconditionally disable TAA mitigation
 
+			On MDS-affected machines, tsx_async_abort=off can be
+			prevented by an active MDS mitigation as both vulnerabilities
+			are mitigated with the same mechanism so in order to disable
+			this mitigation, you need to specify mds=off too.
+
 			Not specifying this option is equivalent to
 			tsx_async_abort=full.  On CPUs which are MDS affected
 			and deploy MDS mitigation, TAA mitigation is not
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 4c7b0fa..cb513ea 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -304,8 +304,12 @@ static void __init taa_select_mitigation(void)
 		return;
 	}
 
-	/* TAA mitigation is turned off on the cmdline (tsx_async_abort=off) */
-	if (taa_mitigation == TAA_MITIGATION_OFF)
+	/*
+	 * TAA mitigation via VERW is turned off if both
+	 * tsx_async_abort=off and mds=off are specified.
+	 */
+	if (taa_mitigation == TAA_MITIGATION_OFF &&
+	    mds_mitigation == MDS_MITIGATION_OFF)
 		goto out;
 
 	if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
@@ -339,6 +343,15 @@ static void __init taa_select_mitigation(void)
 	if (taa_nosmt || cpu_mitigations_auto_nosmt())
 		cpu_smt_disable(false);
 
+	/*
+	 * Update MDS mitigation, if necessary, as the mds_user_clear is
+	 * now enabled for TAA mitigation.
+	 */
+	if (mds_mitigation == MDS_MITIGATION_OFF &&
+	    boot_cpu_has_bug(X86_BUG_MDS)) {
+		mds_mitigation = MDS_MITIGATION_FULL;
+		mds_select_mitigation();
+	}
 out:
 	pr_info("%s\n", taa_strings[taa_mitigation]);
 }

[PATCH v2 2/2] x86/speculation: Fix redundant MDS mitigation message

[Waiman Long]

Since MDS and TAA mitigations are inter-related for processors that are
affected by both vulnerabilities, the followiing confusing messages can
be printed in the kernel log:

  MDS: Vulnerable
  MDS: Mitigation: Clear CPU buffers

To avoid the first incorrect message, the printing of MDS mitigation
is now deferred after the TAA mitigation selection has been done.
However, that has the side effect of printing TAA mitigation first
before MDS mitigation.

Suggested-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Waiman Long <longman@redhat.com>
---
 arch/x86/kernel/cpu/bugs.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index cb513eaa0df1..5966a52b359f 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -39,6 +39,7 @@ static void __init spectre_v2_select_mitigation(void);
 static void __init ssb_select_mitigation(void);
 static void __init l1tf_select_mitigation(void);
 static void __init mds_select_mitigation(void);
+static void __init mds_print_mitigation(void);
 static void __init taa_select_mitigation(void);
 
 /* The base value of the SPEC_CTRL MSR that always has to be preserved. */
@@ -108,6 +109,12 @@ void __init check_bugs(void)
 	mds_select_mitigation();
 	taa_select_mitigation();
 
+	/*
+	 * As MDS and TAA mitigations are inter-related, defer printing MDS
+	 * mitigation until after TAA mitigation selection is done.
+	 */
+	mds_print_mitigation();
+
 	arch_smt_update();
 
 #ifdef CONFIG_X86_32
@@ -245,7 +252,10 @@ static void __init mds_select_mitigation(void)
 		    (mds_nosmt || cpu_mitigations_auto_nosmt()))
 			cpu_smt_disable(false);
 	}
+}
 
+static void __init mds_print_mitigation(void)
+{
 	pr_info("%s\n", mds_strings[mds_mitigation]);
 }
 
-- 
2.18.1

[tip: x86/pti] x86/speculation: Fix redundant MDS mitigation message

[tip-bot2 for Waiman Long]

The following commit has been merged into the x86/pti branch of tip:

Commit-ID:     4bef279da30f0766615e680d519909da735758ca
Gitweb:        https://git.kernel.org/tip/4bef279da30f0766615e680d519909da735758ca
Author:        Waiman Long <longman@redhat.com>
AuthorDate:    Fri, 15 Nov 2019 11:14:45 -05:00
Committer:     Borislav Petkov <bp@suse.de>
CommitterDate: Sat, 16 Nov 2019 13:19:58 +01:00

x86/speculation: Fix redundant MDS mitigation message

Since MDS and TAA mitigations are inter-related for processors that are
affected by both vulnerabilities, the followiing confusing messages can
be printed in the kernel log:

  MDS: Vulnerable
  MDS: Mitigation: Clear CPU buffers

To avoid the first incorrect message, defer the printing of MDS
mitigation after the TAA mitigation selection has been done. However,
that has the side effect of printing TAA mitigation first before MDS
mitigation.

 [ bp: Massage. ]

Suggested-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Mark Gross <mgross@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20191115161445.30809-3-longman@redhat.com
---
 arch/x86/kernel/cpu/bugs.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index cb513ea..cb2fbd9 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -39,6 +39,7 @@ static void __init spectre_v2_select_mitigation(void);
 static void __init ssb_select_mitigation(void);
 static void __init l1tf_select_mitigation(void);
 static void __init mds_select_mitigation(void);
+static void __init mds_print_mitigation(void);
 static void __init taa_select_mitigation(void);
 
 /* The base value of the SPEC_CTRL MSR that always has to be preserved. */
@@ -108,6 +109,12 @@ void __init check_bugs(void)
 	mds_select_mitigation();
 	taa_select_mitigation();
 
+	/*
+	 * As MDS and TAA mitigations are inter-related, print MDS
+	 * mitigation until after TAA mitigation selection is done.
+	 */
+	mds_print_mitigation();
+
 	arch_smt_update();
 
 #ifdef CONFIG_X86_32
@@ -245,7 +252,10 @@ static void __init mds_select_mitigation(void)
 		    (mds_nosmt || cpu_mitigations_auto_nosmt()))
 			cpu_smt_disable(false);
 	}
+}
 
+static void __init mds_print_mitigation(void)
+{
 	pr_info("%s\n", mds_strings[mds_mitigation]);
 }
 

Re: [tip: x86/pti] x86/speculation: Fix redundant MDS mitigation message

[Borislav Petkov]

On Sat, Nov 16, 2019 at 12:25:19PM -0000, tip-bot2 for Waiman Long wrote:
> +static void __init mds_print_mitigation(void)
> +{
>  	pr_info("%s\n", mds_strings[mds_mitigation]);
>  }

Almost. This causes

MDS: Vulnerable

to be printed on an in-order 32-bit Atom here, which is wrong. I've
fixed it up to:

---
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index cb2fbd93ef4d..8bf64899f56a 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -256,6 +256,9 @@ static void __init mds_select_mitigation(void)
 
 static void __init mds_print_mitigation(void)
 {
+	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off())
+		return;
+
 	pr_info("%s\n", mds_strings[mds_mitigation]);
 }
 

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [tip: x86/pti] x86/speculation: Fix redundant MDS mitigation message

[Waiman Long]

On 11/16/19 9:24 AM, Borislav Petkov wrote:
> On Sat, Nov 16, 2019 at 12:25:19PM -0000, tip-bot2 for Waiman Long wrote:
>> +static void __init mds_print_mitigation(void)
>> +{
>>  	pr_info("%s\n", mds_strings[mds_mitigation]);
>>  }
> Almost. This causes
>
> MDS: Vulnerable
>
> to be printed on an in-order 32-bit Atom here, which is wrong. I've
> fixed it up to:
>
> ---
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index cb2fbd93ef4d..8bf64899f56a 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -256,6 +256,9 @@ static void __init mds_select_mitigation(void)
>  
>  static void __init mds_print_mitigation(void)
>  {
> +	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off())
> +		return;
> +
>  	pr_info("%s\n", mds_strings[mds_mitigation]);
>  }
>  
>
You are right. I missed that.

Thanks for fixing it.

Cheers,
Longman

[tip: x86/pti] x86/speculation: Fix redundant MDS mitigation message

[tip-bot2 for Waiman Long]

The following commit has been merged into the x86/pti branch of tip:

Commit-ID:     cd5a2aa89e847bdda7b62029d94e95488d73f6b2
Gitweb:        https://git.kernel.org/tip/cd5a2aa89e847bdda7b62029d94e95488d73f6b2
Author:        Waiman Long <longman@redhat.com>
AuthorDate:    Fri, 15 Nov 2019 11:14:45 -05:00
Committer:     Borislav Petkov <bp@suse.de>
CommitterDate: Sat, 16 Nov 2019 15:24:56 +01:00

x86/speculation: Fix redundant MDS mitigation message

Since MDS and TAA mitigations are inter-related for processors that are
affected by both vulnerabilities, the followiing confusing messages can
be printed in the kernel log:

  MDS: Vulnerable
  MDS: Mitigation: Clear CPU buffers

To avoid the first incorrect message, defer the printing of MDS
mitigation after the TAA mitigation selection has been done. However,
that has the side effect of printing TAA mitigation first before MDS
mitigation.

 [ bp: Check box is affected/mitigations are disabled first before
   printing and massage. ]

Suggested-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Mark Gross <mgross@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20191115161445.30809-3-longman@redhat.com
---
 arch/x86/kernel/cpu/bugs.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index cb513ea..8bf6489 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -39,6 +39,7 @@ static void __init spectre_v2_select_mitigation(void);
 static void __init ssb_select_mitigation(void);
 static void __init l1tf_select_mitigation(void);
 static void __init mds_select_mitigation(void);
+static void __init mds_print_mitigation(void);
 static void __init taa_select_mitigation(void);
 
 /* The base value of the SPEC_CTRL MSR that always has to be preserved. */
@@ -108,6 +109,12 @@ void __init check_bugs(void)
 	mds_select_mitigation();
 	taa_select_mitigation();
 
+	/*
+	 * As MDS and TAA mitigations are inter-related, print MDS
+	 * mitigation until after TAA mitigation selection is done.
+	 */
+	mds_print_mitigation();
+
 	arch_smt_update();
 
 #ifdef CONFIG_X86_32
@@ -245,6 +252,12 @@ static void __init mds_select_mitigation(void)
 		    (mds_nosmt || cpu_mitigations_auto_nosmt()))
 			cpu_smt_disable(false);
 	}
+}
+
+static void __init mds_print_mitigation(void)
+{
+	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off())
+		return;
 
 	pr_info("%s\n", mds_strings[mds_mitigation]);
 }

Re: [PATCH v2 0/2] x86/speculation: Fix incorrect MDS/TAA mitigation status

[Waiman Long]

On 11/15/19 11:14 AM, Waiman Long wrote:
>  v2:
>   - Update the documentation files accordingly
>   - Add an optional second patch to defer printing of MDS mitigation.

Note that I consider the 2nd patch as optional. What is important is the
first one.

Cheers,
Longman