From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 25 Feb 2020 21:51:17 -0000 Received: from mga17.intel.com ([192.55.52.151]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1j6i2K-0003La-DW for speck@linutronix.de; Tue, 25 Feb 2020 22:46:40 +0100 Received: from mtg-dev (mtg-dev.jf.intel.com [10.54.74.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.ostc.intel.com (Postfix) with ESMTPS id 754026361 for ; Tue, 25 Feb 2020 21:46:35 +0000 (UTC) Received: from mgross by mtg-dev with local (Exim 4.90_1) (envelope-from ) id 1j6i2F-000TBy-Sq for speck@linutronix.de; Tue, 25 Feb 2020 13:46:36 -0800 Message-Id: From: mark gross Date: Mon, 24 Feb 2020 13:45:10 -0800 Subject: [MODERATED] [PATCH v2 0/2] v2: more sampling fun 0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: speck@linutronix.de List-ID: From: mark gross Subject: [PATCH v2 0/2] more sampling fun Special Register Buffer Data Sampling is a sampling type of vulnerability that leaks data across cores sharing the HW-RNG for vulnerable processors. This leak is fixed by a microcode update and is enabled by default. This new microcode serializes processor access during execution of RDRAND or RDSEED. It ensures that the shared buffer is overwritten before it is released for reuse. The mitigation impacts the throughput of the RDRAND and RDSEED instructions and latency of RT processing running on the socket while executing RDRAND or RDSEED. The micro bechmark of calling RDRAND many times shows a 10x slowdown. This patch set enables kernel command line control of this mitigation and exports vulnerability and mitigation status. This patch set includes 2 patches: The first patch updates cpu_vuln_whitelist with support for a 16 bit field for enumerating based on stepping as well as vendor, family, model. The second patch enables the command line control of the mitigation as well as the sysfs export of vulnerability status. The documentation patch is pending on the official white paper to be complete such that I can make sure the in tree documentation is consistent with the white paper. The microcode defaults to enabling the mitigation. changes since last version: use GENMASK is most places recomended by Ben. Fixed sysfs reporting issue associated with TSX=on case. The next version is pending white paper finalization. The disclosure of this issues is coming in May. mark gross (2): Add capability to specify a range of steppings in the vulnerability white list structure. WIP SRBDS mitigation enabling. arch/x86/include/asm/cpu_device_id.h | 12 ++++ arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/msr-index.h | 4 ++ arch/x86/kernel/cpu/bugs.c | 84 ++++++++++++++++++++++++++++ arch/x86/kernel/cpu/common.c | 52 ++++++++++++----- arch/x86/kernel/cpu/cpu.h | 10 ++++ arch/x86/kernel/cpu/intel.c | 2 + arch/x86/kernel/cpu/match.c | 26 +++++++++ drivers/base/cpu.c | 8 +++ 9 files changed, 187 insertions(+), 14 deletions(-) -- 2.17.1