From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 11 Mar 2020 16:02:06 -0000 Received: from mga05.intel.com ([192.55.52.43]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1jC3o5-0004Jr-1p for speck@linutronix.de; Wed, 11 Mar 2020 17:02:05 +0100 Received: from mtg-dev (mtg-dev.jf.intel.com [10.54.74.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.ostc.intel.com (Postfix) with ESMTPS id 70AC26367 for ; Wed, 11 Mar 2020 16:01:53 +0000 (UTC) Received: from mgross by mtg-dev with local (Exim 4.90_1) (envelope-from ) id 1jC3ns-000KKy-OV for speck@linutronix.de; Wed, 11 Mar 2020 09:01:52 -0700 Message-Id: From: mark gross Date: Wed, 11 Mar 2020 08:39:29 -0700 Subject: [MODERATED] [PATCH 0/2] v3 more sampling fun 0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: speck@linutronix.de List-ID: From: mark gross Subject: [PATCH 0/2] V3: more sampling funn This is a significantly reworked version of the mitigation control I think I've addressed all the high quality feedback give on the first 2 versions. This version of the mitigation no longer needs to change the structure of cpu_vuln_whitelist as it creates a similar "affected_processors" list. --- Special Register Buffer Data Sampling is a sampling type of vulnerability that leaks data across cores sharing the HW-RNG for vulnerable processors. This leak is fixed by a microcode update and is enabled by default. This new microcode serializes processor access during execution of RDRAND or RDSEED. It ensures that the shared buffer is overwritten before it is released for reuse. The mitigation impacts the throughput of the RDRAND and RDSEED instructions and latency of RT processing running on the socket while executing RDRAND or RDSEED. The micro benchmark of calling RDRAND many times shows a slowdown. This patch set enables kernel command line control of this mitigation and exports vulnerability and mitigation status. This patch set includes 2 patches: The fist patch enables the command line control of the mitigation as well as the sysfs export of vulnerability status. The second patch has the Documentation/admin-guide/hw-vuln documentation for the issue and the control over the mitigation. The microcode defaults to enabling the mitigation. mark gross (2): x86/speculation: Special Register Buffer Data Sampling (SRBDS) mitigation control. x86/speculation: SRBDS vulnerability and mitigation documentation Documentation/admin-guide/hw-vuln/index.rst | 2 + .../special-register-buffer-data-sampling.rst | 145 ++++++++++++++++++ .../admin-guide/kernel-parameters.txt | 11 ++ arch/x86/include/asm/cpu_device_id.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/msr-index.h | 4 + arch/x86/kernel/cpu/bugs.c | 110 +++++++++++++ arch/x86/kernel/cpu/common.c | 41 +++++ arch/x86/kernel/cpu/cpu.h | 13 ++ arch/x86/kernel/cpu/intel.c | 2 + arch/x86/kernel/cpu/match.c | 26 ++++ drivers/base/cpu.c | 8 + 12 files changed, 376 insertions(+) create mode 100644 Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst -- 2.17.1