From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pawan.kumar.gupta@linux.intel.com>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 21 Oct
  2019 20:28:15 -0000
Received: from mga07.intel.com ([134.134.136.100])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <pawan.kumar.gupta@linux.intel.com>)
	id 1iMeHl-0000jO-PH
	for speck@linutronix.de; Mon, 21 Oct 2019 22:28:14 +0200
Date: Mon, 21 Oct 2019 13:22:01 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Subject: [MODERATED] [PATCH v7 00/10] TAAv7 0
Message-ID: <cover.1571688957.git.pawan.kumar.gupta@linux.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Subject: [PATCH v7 00/10] TAAv7

Changes since v6:
- Add Michal's patch to allow tsx=on|off|auto via CONFIG
- Rebase to v5.4-rc4
- Changelog, comments and documentation update.

Changes since v5:
- Remove unsafe X86_FEATURE_RTM toggles.
- Have only boot cpu call tsx_init()
- s/read_ia32_arch_cap/x86_read_arch_cap_msr/
- Move TSX sysfs knob part to the end after documentation patch.
- Changelog, comments and documentation update.

Changes since v4:
- Simplify TSX_CTRL enumeration, set TSX_CTRL default to NOT_SUPPORTED.
- Add new patch "Export MDS_NO=0 to guests when TSX is enabled".
- Add new patch for tsx=auto which enables TSX on unaffected platforms,
  default stays tsx=off.
- Handle kexec like cases for TAA bug enumeration. Set X86_BUG_TAA when
  X86_FEATURE_RTM=1 or TSX_CTRL=1.
- TSX control sysfs file rename(s/tsx/hw_tx_mem/) and file creation changes.
- Dropped patch "x86/speculation/mds: Rename MDS buffer clear functions"
  It doesn't provide enough benefit compared to the amount of changes
  involved. Added code comment about using MDS mitigation.
- Add helper function read_ia32_arch_cap().
- Reorder mitigation checks in taa_select_mitigation().
- s/MSR_// for TSX_CTRL bit defines.
- Changelog,comments and documentation update.
- Rebase to v5.3.

Changes since v3:
- Disable tsx unconditionally, removed tsx=auto mode.
- Fix verw idle clear.
- Refactor TSX code into new tsx.c
- Use early_param for tsx cmdline parameter.
- Rename sysfs vulnerability file to tsx_async_abort.
- Rename common CPU buffer clear infrastructure (s/mds/verw)
- s/TAA_MITIGATION_VMWERV/TAA_MITIGATION_UCODE_NEEDED
- Rebased to v5.3-rc6
- Split patches.
- Changelog and documentation update.

Changes since v2:
- Rebased to v5.3-rc5
- Fix build for non-x86 targets.
- Commit log, code comments and documentation update.
- Minor code refactoring.

Changes since v1:
- Added TSX command line options added(on|off|auto). "auto" is the
  default which sets TSX state as below:
	- TSX disabled on affected platforms
	- TSX enabled on unaffected platforms
- Update commit messages and documentation.
- Add support to control TSX feature from sysfs.

This patchset adds the mitigation for TSX Async Abort (TAA) which is a
side channel vulnerability to internal buffers in some Intel processors similar
to Microachitectural Data Sampling (MDS). Transactional Synchronization
Extensions (TSX) is a feature in Intel processors that speeds up
execution of multi-threaded software through lock elision.

During TAA certain loads may speculatively pass invalid data to
dependent operations when an asynchronous abort condition is pending in
a TSX transaction.  An attacker can use TSX as a tool to extract
information from the microarchitectural buffers.  The victim data may be
placed into these buffers during normal execution which is unrelated to
any use of TSX.

Mitigation is to either clear the cpu buffers or disable TSX.

Michal Hocko (1):
  x86/tsx: Add config options to set tsx=on|off|auto

Pawan Gupta (9):
  x86/tsx: Add enumeration support for IA32_TSX_CTRL MSR
  x86: Add helper function x86_read_arch_cap_msr()
  x86/tsx: Add TSX cmdline option with TSX disabled by default
  x86/speculation/taa: Add mitigation for TSX Async Abort
  x86/speculation/taa: Add sysfs reporting for TSX Async Abort
  KVM: x86/speculation/taa: Export MDS_NO=0 to guests when TSX is
    enabled
  x86/tsx: Add "auto" option to TSX cmdline parameter
  x86/speculation/taa: Add documentation for TSX Async Abort
  x86/tsx: Add sysfs interface to control TSX

 .../ABI/testing/sysfs-devices-system-cpu      |  24 ++
 Documentation/admin-guide/hw-vuln/index.rst   |   1 +
 .../admin-guide/hw-vuln/tsx_async_abort.rst   | 282 ++++++++++++++++++
 .../admin-guide/kernel-parameters.txt         |  52 ++++
 Documentation/x86/index.rst                   |   1 +
 Documentation/x86/tsx_async_abort.rst         | 116 +++++++
 arch/x86/Kconfig                              |  45 +++
 arch/x86/include/asm/cpufeatures.h            |   1 +
 arch/x86/include/asm/msr-index.h              |   9 +
 arch/x86/include/asm/nospec-branch.h          |   4 +-
 arch/x86/include/asm/processor.h              |   7 +
 arch/x86/kernel/cpu/Makefile                  |   2 +-
 arch/x86/kernel/cpu/bugs.c                    | 169 ++++++++++-
 arch/x86/kernel/cpu/common.c                  |  32 +-
 arch/x86/kernel/cpu/cpu.h                     |  19 ++
 arch/x86/kernel/cpu/intel.c                   |  10 +
 arch/x86/kernel/cpu/tsx.c                     | 241 +++++++++++++++
 arch/x86/kvm/x86.c                            |  19 ++
 drivers/base/cpu.c                            |  41 ++-
 include/linux/cpu.h                           |   9 +
 20 files changed, 1074 insertions(+), 10 deletions(-)
 create mode 100644 Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
 create mode 100644 Documentation/x86/tsx_async_abort.rst
 create mode 100644 arch/x86/kernel/cpu/tsx.c

-- 
2.20.1