Re: [patch V5 00/14] MDS basics 0

From: Thomas Gleixner <tglx@linutronix.de>
To: speck@linutronix.de
Subject: Re: [patch V5 00/14] MDS basics 0
Date: Wed, 27 Feb 2019 22:04:33 +0100 (CET)	[thread overview]
Message-ID: <alpine.DEB.2.21.1902272157370.1644@nanos.tec.linutronix.de> (raw)
In-Reply-To: <20190227150939.605235753@linutronix.de>

On Wed, 27 Feb 2019, speck for Thomas Gleixner wrote:

> Changes since V4:
> 
>   - Fix SSB whitelist. Needs to go upstream independently.
> 
>   - Consolidate whitelists before adding another one.
> 
>   - Use an inline helper for the exit to user mitigation.
> 
>   - Add VMX/VMENTER mitigation when CPU is not affected by L1TF.
> 
>   - Remove 'auto' command line option.
> 
>   - Rework the mitigation documentation so the handling of special
>     exceptions is clear.
> 
>   - Adjust the virt mitigation admin documentation.
> 
>   - Fix typos and address review comments
> 
> Available from git:
> 
>    cvs.ou.linutronix.de:linux/speck/linux WIP.mds

Pushed out a new tree which contains the fixups for the consolidated table
and the documentation for VMX.

Delta patch below.

Thanks,

	tglx

8<---------------

diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
index 73cdc390aece..3fe53bd5b9cc 100644
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -169,7 +169,7 @@ Virtualization mitigation
     If the L1D flush mitigation is enabled and up to date microcode is
     available, the L1D flush mitigation is automatically protecting the
     guest transition. If the L1D flush mitigation is disabled the MDS
-    mitigation is disabled as well.
+    mitigation is invoked explicit when the host MDS mitigation is enabled.
 
     For details on L1TF and virtualization see:
     :ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <mitigation_control_kvm>`.
@@ -177,7 +177,7 @@ Virtualization mitigation
   - CPU is not affected by L1TF:
 
     CPU buffers are flushed before entering the guest when the host MDS
-    protection is enabled.
+    mitigation is enabled.
 
   The resulting MDS protection matrix for the host to guest transition:
 
@@ -186,7 +186,9 @@ Virtualization mitigation
 
    Don't care   No    Don't care    N/A          Not affected
 
-   Yes          Yes   Disabled      Don't care   Vulnerable
+   Yes          Yes   Disabled      Off          Vulnerable
+
+   Yes          Yes   Disabled      Full         Mitigated
 
    Yes          Yes   Enabled       Don't care   Mitigated
 
@@ -196,7 +198,7 @@ Virtualization mitigation
   ============ ===== ============= ============ =================
 
   This only covers the host to guest transition, i.e. prevents leakage from
-  host to guest, but does not protect the guest internally. Guest need to
+  host to guest, but does not protect the guest internally. Guests need to
   have their own protections.
 
 .. _xeon_phi:
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 389853338c2f..7b34ac46f4db 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -954,37 +954,40 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
 #define NO_L1TF		BIT(3)
 #define NO_MDS		BIT(4)
 
+#define VULNWL(vendor, family, model, whitelist)	\
+	{ X86_VENDOR_##vendor, number, model, X86_FEATURE_ANY, whitelist)
+
 static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
-	{ X86_VENDOR_ANY,	4, X86_MODEL_ANY,			X86_FEATURE_ANY, NO_SPECULATION },
-	{ X86_VENDOR_CENTAUR,	5, X86_MODEL_ANY,			X86_FEATURE_ANY, NO_SPECULATION },
-	{ X86_VENDOR_INTEL,	5, X86_MODEL_ANY,			X86_FEATURE_ANY, NO_SPECULATION },
-	{ X86_VENDOR_NSC,	5, X86_MODEL_ANY,			X86_FEATURE_ANY, NO_SPECULATION },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_SALTWELL,		X86_FEATURE_ANY, NO_SPECULATION },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_SALTWELL_TABLET,	X86_FEATURE_ANY, NO_SPECULATION },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_BONNELL_MID,		X86_FEATURE_ANY, NO_SPECULATION },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_SALTWELL_MID,	X86_FEATURE_ANY, NO_SPECULATION },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_BONNELL,		X86_FEATURE_ANY, NO_SPECULATION },
-
-	{ X86_VENDOR_AMD,	X86_FAMILY_ANY, X86_MODEL_ANY,		X86_FEATURE_ANY, NO_MELTDOWN | NO_L1TF },
-	{ X86_VENDOR_HYGON,	X86_FAMILY_ANY, X86_MODEL_ANY,		X86_FEATURE_ANY, NO_MELTDOWN | NO_L1TF },
-
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_SILVERMONT,		X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_SILVERMONT_X,	X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_SILVERMONT_MID,	X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_AIRMONT,		X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_AIRMONT_MID,		X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_CORE_YONAH,		X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_XEON_PHI_KNL,		X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_XEON_PHI_KNM,		X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_GOLDMONT,		X86_FEATURE_ANY, NO_L1TF | NO_MDS },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_GOLDMONT_X,		X86_FEATURE_ANY, NO_L1TF | NO_MDS },
-	{ X86_VENDOR_INTEL,	6, INTEL_FAM6_ATOM_GOLDMONT_PLUS,	X86_FEATURE_ANY, NO_L1TF | NO_MDS },
-
-	{ X86_VENDOR_AMD,	0x0f, X86_MODEL_ANY,			X86_FEATURE_ANY, NO_SSB },
-	{ X86_VENDOR_AMD,	0x10, X86_MODEL_ANY,			X86_FEATURE_ANY, NO_SSB },
-	{ X86_VENDOR_AMD,	0x11, X86_MODEL_ANY,			X86_FEATURE_ANY, NO_SSB },
-	{ X86_VENDOR_AMD,	0x12, X86_MODEL_ANY,			X86_FEATURE_ANY, NO_SSB },
+	VULNWL(ANY,	4, X86_MODEL_ANY,		      NO_SPECULATION },
+	VULNWL(CENTAUR,	5, X86_MODEL_ANY,		      NO_SPECULATION },
+	VULNWL(INTEL,	5, X86_MODEL_ANY,		      NO_SPECULATION },
+	VULNWL(NSC,	5, X86_MODEL_ANY,		      NO_SPECULATION },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_SALTWELL,	      NO_SPECULATION },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_SALTWELL_TABLET,   NO_SPECULATION },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_SALTWELL_MID,      NO_SPECULATION },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_BONELL,	      NO_SPECULATION },
+
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_SILVERMONT,      NO_SSB | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_SILVERMONT_,     NO_SSB | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_SILVERMONT_MID,  NO_SSB | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_AIRMONT,	    NO_SSB | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_AIRMONT_MID,	    NO_SSB | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_CORE_YONAH,	    NO_SSB | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_XEON_PHI_KNL,	    NO_SSB | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_XEON_PHI_KNM,	    NO_SSB | NO_L1TF },
+
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_GOLDMONT,	    NO_MDS | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_GOLDMONT_X,	    NO_MDS | NO_L1TF },
+	VULNWL(INTEL,	6, INTEL_FAM6_ATOM_GOLDMONT_PLUS,   NO_MDS | NO_L1TF },
+
+	VULNWL(AMD,	0x0f, X86_MODEL_ANY,  NO_MELTDOWN | NO_SSB | NO_L1TF },
+	VULNWL(AMD,	0x10, X86_MODEL_ANY,  NO_MELTDOWN | NO_SSB | NO_L1TF },
+	VULNWL(AMD,	0x11, X86_MODEL_ANY,  NO_MELTDOWN | NO_SSB | NO_L1TF },
+	VULNWL(AMD,	0x12, X86_MODEL_ANY,  NO_MELTDOWN | NO_SSB | NO_L1TF },
+
+	/* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
+	VULNWL(AMD,	X86_FAMILY_ANY, X86_MODEL_ANY, NO_MELTDOWN | NO_L1TF },
+	VULNWL(HYGON,	X86_FAMILY_ANY, X86_MODEL_ANY, NO_MELTDOWN | NO_L1TF },
 	{}
 };
 
