From: Thomas Gleixner <tglx@linutronix.de>
To: speck@linutronix.de
Subject: Re: [patch V5 00/14] MDS basics 0
Date: Wed, 27 Feb 2019 22:04:33 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.21.1902272157370.1644@nanos.tec.linutronix.de> (raw)
In-Reply-To: <20190227150939.605235753@linutronix.de>
On Wed, 27 Feb 2019, speck for Thomas Gleixner wrote:
> Changes since V4:
>
> - Fix SSB whitelist. Needs to go upstream independently.
>
> - Consolidate whitelists before adding another one.
>
> - Use an inline helper for the exit to user mitigation.
>
> - Add VMX/VMENTER mitigation when CPU is not affected by L1TF.
>
> - Remove 'auto' command line option.
>
> - Rework the mitigation documentation so the handling of special
> exceptions is clear.
>
> - Adjust the virt mitigation admin documentation.
>
> - Fix typos and address review comments
>
> Available from git:
>
> cvs.ou.linutronix.de:linux/speck/linux WIP.mds
Pushed out a new tree which contains the fixups for the consolidated table
and the documentation for VMX.
Delta patch below.
Thanks,
tglx
8<---------------
diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
index 73cdc390aece..3fe53bd5b9cc 100644
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -169,7 +169,7 @@ Virtualization mitigation
If the L1D flush mitigation is enabled and up to date microcode is
available, the L1D flush mitigation is automatically protecting the
guest transition. If the L1D flush mitigation is disabled the MDS
- mitigation is disabled as well.
+ mitigation is invoked explicit when the host MDS mitigation is enabled.
For details on L1TF and virtualization see:
:ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <mitigation_control_kvm>`.
@@ -177,7 +177,7 @@ Virtualization mitigation
- CPU is not affected by L1TF:
CPU buffers are flushed before entering the guest when the host MDS
- protection is enabled.
+ mitigation is enabled.
The resulting MDS protection matrix for the host to guest transition:
@@ -186,7 +186,9 @@ Virtualization mitigation
Don't care No Don't care N/A Not affected
- Yes Yes Disabled Don't care Vulnerable
+ Yes Yes Disabled Off Vulnerable
+
+ Yes Yes Disabled Full Mitigated
Yes Yes Enabled Don't care Mitigated
@@ -196,7 +198,7 @@ Virtualization mitigation
============ ===== ============= ============ =================
This only covers the host to guest transition, i.e. prevents leakage from
- host to guest, but does not protect the guest internally. Guest need to
+ host to guest, but does not protect the guest internally. Guests need to
have their own protections.
.. _xeon_phi:
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 389853338c2f..7b34ac46f4db 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -954,37 +954,40 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
#define NO_L1TF BIT(3)
#define NO_MDS BIT(4)
+#define VULNWL(vendor, family, model, whitelist) \
+ { X86_VENDOR_##vendor, number, model, X86_FEATURE_ANY, whitelist)
+
static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
- { X86_VENDOR_ANY, 4, X86_MODEL_ANY, X86_FEATURE_ANY, NO_SPECULATION },
- { X86_VENDOR_CENTAUR, 5, X86_MODEL_ANY, X86_FEATURE_ANY, NO_SPECULATION },
- { X86_VENDOR_INTEL, 5, X86_MODEL_ANY, X86_FEATURE_ANY, NO_SPECULATION },
- { X86_VENDOR_NSC, 5, X86_MODEL_ANY, X86_FEATURE_ANY, NO_SPECULATION },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL, X86_FEATURE_ANY, NO_SPECULATION },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_TABLET, X86_FEATURE_ANY, NO_SPECULATION },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL_MID, X86_FEATURE_ANY, NO_SPECULATION },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_MID, X86_FEATURE_ANY, NO_SPECULATION },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_BONNELL, X86_FEATURE_ANY, NO_SPECULATION },
-
- { X86_VENDOR_AMD, X86_FAMILY_ANY, X86_MODEL_ANY, X86_FEATURE_ANY, NO_MELTDOWN | NO_L1TF },
- { X86_VENDOR_HYGON, X86_FAMILY_ANY, X86_MODEL_ANY, X86_FEATURE_ANY, NO_MELTDOWN | NO_L1TF },
-
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT, X86_FEATURE_ANY, NO_SSB | NO_L1TF },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_X, X86_FEATURE_ANY, NO_SSB | NO_L1TF },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID, X86_FEATURE_ANY, NO_SSB | NO_L1TF },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT, X86_FEATURE_ANY, NO_SSB | NO_L1TF },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT_MID, X86_FEATURE_ANY, NO_SSB | NO_L1TF },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH, X86_FEATURE_ANY, NO_SSB | NO_L1TF },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL, X86_FEATURE_ANY, NO_SSB | NO_L1TF },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM, X86_FEATURE_ANY, NO_SSB | NO_L1TF },
-
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT, X86_FEATURE_ANY, NO_L1TF | NO_MDS },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_X, X86_FEATURE_ANY, NO_L1TF | NO_MDS },
- { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_PLUS, X86_FEATURE_ANY, NO_L1TF | NO_MDS },
-
- { X86_VENDOR_AMD, 0x0f, X86_MODEL_ANY, X86_FEATURE_ANY, NO_SSB },
- { X86_VENDOR_AMD, 0x10, X86_MODEL_ANY, X86_FEATURE_ANY, NO_SSB },
- { X86_VENDOR_AMD, 0x11, X86_MODEL_ANY, X86_FEATURE_ANY, NO_SSB },
- { X86_VENDOR_AMD, 0x12, X86_MODEL_ANY, X86_FEATURE_ANY, NO_SSB },
+ VULNWL(ANY, 4, X86_MODEL_ANY, NO_SPECULATION },
+ VULNWL(CENTAUR, 5, X86_MODEL_ANY, NO_SPECULATION },
+ VULNWL(INTEL, 5, X86_MODEL_ANY, NO_SPECULATION },
+ VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_SALTWELL, NO_SPECULATION },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_TABLET, NO_SPECULATION },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_SALTWELL_MID, NO_SPECULATION },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_BONELL, NO_SPECULATION },
+
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT, NO_SSB | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_, NO_SSB | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_AIRMONT, NO_SSB | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_AIRMONT_MID, NO_SSB | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_CORE_YONAH, NO_SSB | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_XEON_PHI_KNL, NO_SSB | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_XEON_PHI_KNM, NO_SSB | NO_L1TF },
+
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT, NO_MDS | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_X, NO_MDS | NO_L1TF },
+ VULNWL(INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF },
+
+ VULNWL(AMD, 0x0f, X86_MODEL_ANY, NO_MELTDOWN | NO_SSB | NO_L1TF },
+ VULNWL(AMD, 0x10, X86_MODEL_ANY, NO_MELTDOWN | NO_SSB | NO_L1TF },
+ VULNWL(AMD, 0x11, X86_MODEL_ANY, NO_MELTDOWN | NO_SSB | NO_L1TF },
+ VULNWL(AMD, 0x12, X86_MODEL_ANY, NO_MELTDOWN | NO_SSB | NO_L1TF },
+
+ /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
+ VULNWL(AMD, X86_FAMILY_ANY, X86_MODEL_ANY, NO_MELTDOWN | NO_L1TF },
+ VULNWL(HYGON, X86_FAMILY_ANY, X86_MODEL_ANY, NO_MELTDOWN | NO_L1TF },
{}
};
next prev parent reply other threads:[~2019-02-27 21:04 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-27 15:09 [patch V5 00/14] MDS basics 0 Thomas Gleixner
2019-02-27 15:09 ` [patch V5 01/14] MDS basics 1 Thomas Gleixner
2019-02-28 13:08 ` Thomas Gleixner
2019-02-27 15:09 ` [patch V5 02/14] MDS basics 2 Thomas Gleixner
2019-02-28 13:55 ` [MODERATED] " Josh Poimboeuf
2019-02-28 14:09 ` Thomas Gleixner
2019-02-28 20:23 ` [MODERATED] " Josh Poimboeuf
2019-03-01 16:04 ` Thomas Gleixner
2019-02-27 15:09 ` [patch V5 03/14] MDS basics 3 Thomas Gleixner
2019-02-27 16:34 ` [MODERATED] " Greg KH
2019-02-27 15:09 ` [patch V5 04/14] MDS basics 4 Thomas Gleixner
2019-02-27 15:09 ` [patch V5 05/14] MDS basics 5 Thomas Gleixner
2019-02-27 15:09 ` [patch V5 06/14] MDS basics 6 Thomas Gleixner
2019-02-27 15:09 ` [patch V5 07/14] MDS basics 7 Thomas Gleixner
2019-02-27 17:07 ` [MODERATED] " Greg KH
2019-02-27 15:09 ` [patch V5 08/14] MDS basics 8 Thomas Gleixner
2019-02-28 8:11 ` [MODERATED] " Greg KH
2019-02-27 15:09 ` [patch V5 09/14] MDS basics 9 Thomas Gleixner
2019-03-01 14:04 ` [MODERATED] " Josh Poimboeuf
2019-03-01 16:03 ` Thomas Gleixner
2019-03-01 16:40 ` [MODERATED] " Josh Poimboeuf
2019-03-01 18:39 ` Josh Poimboeuf
2019-03-01 19:15 ` Thomas Gleixner
2019-03-01 22:38 ` [MODERATED] " Andrea Arcangeli
2019-03-01 22:58 ` Thomas Gleixner
2019-03-02 19:22 ` [MODERATED] Re: [SPAM] " Dave Hansen
2019-03-02 20:39 ` Thomas Gleixner
2019-02-27 15:09 ` [patch V5 10/14] MDS basics 10 Thomas Gleixner
2019-02-27 15:09 ` [patch V5 11/14] MDS basics 11 Thomas Gleixner
2019-02-27 15:09 ` [patch V5 12/14] MDS basics 12 Thomas Gleixner
2019-03-01 22:00 ` [MODERATED] " mark gross
2019-02-27 15:09 ` [patch V5 13/14] MDS basics 13 Thomas Gleixner
2019-03-01 22:04 ` [MODERATED] " mark gross
2019-02-27 15:09 ` [patch V5 14/14] MDS basics 14 Thomas Gleixner
2019-02-27 17:49 ` Thomas Gleixner
2019-02-27 16:26 ` [MODERATED] Re: [patch V5 00/14] MDS basics 0 Linus Torvalds
2019-02-27 17:51 ` Thomas Gleixner
2019-02-27 18:13 ` Thomas Gleixner
2019-02-27 19:50 ` [MODERATED] " Linus Torvalds
2019-02-27 20:05 ` Thomas Gleixner
2019-02-27 21:04 ` Thomas Gleixner [this message]
2019-02-28 1:04 ` [MODERATED] " Josh Poimboeuf
2019-02-27 23:06 ` mark gross
2019-02-28 6:58 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.1902272157370.1644@nanos.tec.linutronix.de \
--to=tglx@linutronix.de \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).