historical-speck.lore.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Thomas Gleixner <tglx@linutronix.de>
To: speck@linutronix.de
Subject: Re: [PATCH 3/4] V7 more sampling fun 3
Date: Tue, 14 Apr 2020 12:58:10 +0200	[thread overview]
Message-ID: <87mu7enxkt.fsf@nanos.tec.linutronix.de> (raw)
In-Reply-To: =?utf-8?q?=3C8fbdbe0dbc619f8c9d5f4cf7a1d2d4c8642f2ff3=2E15868?= =?utf-8?q?01416=2Egit=2Emgross=40linux=2Eintel=2Ecom=3E?=

Mark,

speck for mark gross <speck@linutronix.de> writes:
> +static void __init srbds_select_mitigation(void)
> +{
> +	u64 ia32_cap;
> +
> +	if (!boot_cpu_has_bug(X86_BUG_SRBDS))
> +		return;
> +	/*
> +	 * Check to see if this is one of the MDS_NO systems supporting
> +	 * TSX that are only exposed to SRBDS when TSX is enabled.
> +	 */
> +	ia32_cap = x86_read_arch_cap_msr();
> +	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM)) {

This does not work for the CPUs which have the IF_TSX thing because your
setup magic does not set X86_BUG_SRBDS for those.... See below.

> +		srbds_mitigation = SRBDS_MITIGATION_NOT_AFFECTED_TSX_OFF;
> +		goto out;
> +	}
> +
> +	if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
> +		srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR;
> +		goto out;
> +	}
> +
> +	if (!boot_cpu_has(X86_FEATURE_SRBDS_CTRL)) {
> +		srbds_mitigation = SRBDS_MITIGATION_UCODE_NEEDED;
> +		goto out;
> +	}
> +
> +	if (cpu_mitigations_off() || srbds_off) {
> +		if (srbds_mitigation != SRBDS_MITIGATION_NOT_AFFECTED_TSX_OFF)

That's pointless. You already jumped over this part in case of TSX off.

> +			srbds_mitigation = SRBDS_MITIGATION_OFF;
> +	}

The whole goto stuff can be completely avoided.

	if (!boot_cpu_has_bug(X86_BUG_SRBDS))
		return;

	if (boot_cpu_has(X86_BUG_SRBDS_IF_TSX) && !boot_cpu_has(X86_FEATURE_RTM)))
        	srbds_mitigation = SRBDS_MITIGATION_NOT_AFFECTED_TSX_OFF;
        else if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
		srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR;
	else if (!boot_cpu_has(X86_FEATURE_SRBDS_CTRL))
		srbds_mitigation = SRBDS_MITIGATION_UCODE_NEEDED;
	else if (cpu_mitigations_off() || srbds_off)
		srbds_mitigation = SRBDS_MITIGATION_OFF;

> +out:
> +	update_srbds_msr();
> +	pr_info("%s\n", srbds_strings[srbds_mitigation]);
> +}

> +#define SRBDS		BIT(0)
> +#define SRBDS_IF_TSX	BIT(1)
> +
> +static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
> +	VULNBL_INTEL_STEPPING(IVYBRIDGE,	X86_STEPPING_ANY,		SRBDS),
> +	VULNBL_INTEL_STEPPING(HASWELL,		X86_STEPPING_ANY,		SRBDS),
> +	VULNBL_INTEL_STEPPING(HASWELL_L,	X86_STEPPING_ANY,		SRBDS),
> +	VULNBL_INTEL_STEPPING(HASWELL_G,	X86_STEPPING_ANY,		SRBDS),
> +	VULNBL_INTEL_STEPPING(BROADWELL_G,	X86_STEPPING_ANY,		SRBDS),
> +	VULNBL_INTEL_STEPPING(BROADWELL,	X86_STEPPING_ANY,		SRBDS),
> +	VULNBL_INTEL_STEPPING(SKYLAKE_L,	X86_STEPPING_ANY,		SRBDS),
> +	VULNBL_INTEL_STEPPING(SKYLAKE,		X86_STEPPING_ANY,		SRBDS),
> +	VULNBL_INTEL_STEPPING(KABYLAKE_L,	X86_STEPPINGS(0, 0xA),		SRBDS),
> +	VULNBL_INTEL_STEPPING(KABYLAKE_L,	X86_STEPPINGS(0xB, 0xC),	SRBDS_IF_TSX),
> +	VULNBL_INTEL_STEPPING(KABYLAKE,		X86_STEPPINGS(0, 0xB),		SRBDS),
> +	VULNBL_INTEL_STEPPING(KABYLAKE,		X86_STEPPINGS(0xC, 0xD),	SRBDS_IF_TSX),
> +	{}
> +};
> +
>  static bool __init cpu_matches(unsigned long which, const struct x86_cpu_id *table)
>  {
>  	const struct x86_cpu_id *m = x86_match_cpu(table);
> @@ -1142,6 +1166,34 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
>  	     (ia32_cap & ARCH_CAP_TSX_CTRL_MSR)))
>  		setup_force_cpu_bug(X86_BUG_TAA);
>  
> +	if (cpu_matches(SRBDS|SRBDS_IF_TSX, cpu_vuln_blacklist)) {
> +		/*
> +		 * Some parts on the list don't have RDRAND or RDSEED. Make sure
> +		 * they show as "Not affected".
> +		 */
> +		if (!cpu_has(c, X86_FEATURE_RDRAND) &&
> +		    !cpu_has(c, X86_FEATURE_RDSEED))
> +			goto srbds_not_affected;
> +		/*
> +		 * Parts in the blacklist that enumerate MDS_NO are only
> +		 * vulneralbe if TSX can be used.  To handle cases where TSX
> +		 * gets fused off check to see if TSX is fused off and thus not
> +		 * affected.
> +		 *
> +		 * When running with up to day microcode TSX_CTRL is only
> +		 * enumerated on parts where TSX fused on.
> +		 * When running with microcode not supporting TSX_CTRL we check
> +		 * for RTM
> +		 */
> +		if ((ia32_cap & ARCH_CAP_MDS_NO) &&
> +		    !((ia32_cap & ARCH_CAP_TSX_CTRL_MSR) ||
> +		      cpu_has(c, X86_FEATURE_RTM)))

So you added SRBDS_IF_TSX and then you check for both and still have
that check for _all_ CPUs. Also the TSX_CTRL_MSR part is weird. That's
completely irrelevant. The only interesting part is X86_FEATURE_RTM.

What you really want is:

	VULNBL_INTEL_STEPPING(KABYLAKE_L,	X86_STEPPINGS(0xB, 0xC),	SRBDS | SRBDS_IF_TSX),
	VULNBL_INTEL_STEPPING(KABYLAKE,		X86_STEPPINGS(0, 0xB),		SRBDS),
	VULNBL_INTEL_STEPPING(KABYLAKE,		X86_STEPPINGS(0xC, 0xD),	SRBDS | SRBDS_IF_TSX),

	/*
	 * CPUs which have neither RDRAND nor RDSEED are not affected.
	 */
	if (cpu_has(c, X86_FEATURE_RDRAND) || cpu_has(c, X86_FEATURE_RDSEED)) {
		if (cpu_matches(SRBDS, cpu_vuln_blacklist)) {
			setup_force_cpu_bug(X86_BUG_SRBDS);
			/* These CPUs are only vulnerable when TSX is usable. */
	                if (cpu_matches(SRBDS_IF_TSX, cpu_vuln_blacklist))
				setup_force_cpu_bug(X86_BUG_SRBDS_IF_TSX);
		}
	}

Hmm?

Thanks,

        tglx

  parent reply	other threads:[~2020-04-14 10:58 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-13 18:10 [MODERATED] [PATCH 0/4] V7 more sampling fun 0 mark gross
2020-01-16 22:16 ` [MODERATED] [PATCH 3/4] V7 more sampling fun 3 mark gross
2020-01-30 19:12 ` [MODERATED] [PATCH 4/4] V7 more sampling fun 4 mark gross
2020-03-17  0:56 ` [MODERATED] [PATCH 2/4] V7 more sampling fun 2 mark gross
2020-03-17  0:56 ` [MODERATED] [PATCH 1/4] V7 more sampling fun 1 mark gross
2020-04-14  3:48 ` [MODERATED] Re: [PATCH 3/4] V7 more sampling fun 3 mark gross
2020-04-14 16:23   ` Thomas Gleixner
2020-04-14 20:03     ` [MODERATED] " mark gross
2020-04-14 10:58 ` Thomas Gleixner [this message]
2020-04-14 16:43   ` mark gross
2020-04-14 20:02 ` Josh Poimboeuf
2020-04-14 21:03   ` mark gross
2020-04-14 21:23     ` Josh Poimboeuf
2020-04-14 21:53       ` mark gross
2020-04-14 20:05 ` Josh Poimboeuf
2020-04-14 21:59   ` mark gross
2020-04-14 22:46     ` Josh Poimboeuf
2020-04-15 20:59       ` mark gross
2020-04-15 12:58     ` Thomas Gleixner
2020-04-15 22:21       ` [MODERATED] " mark gross
2020-04-15 17:51 ` [MODERATED] Re: [PATCH 1/4] V7 more sampling fun 1 Borislav Petkov
2020-04-15 23:58   ` mark gross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87mu7enxkt.fsf@nanos.tec.linutronix.de \
    --to=tglx@linutronix.de \
    --cc=speck@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).