From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 06 Apr 2020 18:13:39 -0000 Received: from mga02.intel.com ([134.134.136.20]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1jLWFc-0006ok-Ig for speck@linutronix.de; Mon, 06 Apr 2020 20:13:38 +0200 Received: from mtg-dev (mtg-dev.jf.intel.com [10.54.74.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.ostc.intel.com (Postfix) with ESMTPS id 51CC46361 for ; Mon, 6 Apr 2020 18:13:32 +0000 (UTC) Received: from mgross by mtg-dev with local (Exim 4.90_1) (envelope-from ) id 1jLWFY-000FqN-Er for speck@linutronix.de; Mon, 06 Apr 2020 11:13:32 -0700 Message-Id: From: mark gross Date: Mon, 6 Apr 2020 10:52:34 -0700 Subject: [MODERATED] [PATCH 0/3] V5 more sampling fun 0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: speck@linutronix.de List-ID: From: mark gross Subject: [PATCH 0/3] v5 more sampling fun This version of the Special Register Buffer Data Sampling has been updated to address feedback gotten. Including: * is based on Thomas' macro clean up for x86. * cleanups and changes driven by review feedback. * handles the virtualized guest case better. --- Special Register Buffer Data Sampling is a sampling type of vulnerability that leaks data across cores sharing the HW-RNG for vulnerable processors. This leak is fixed by a microcode update and is enabled by default. This new microcode serializes processor access during execution of RDRAND or RDSEED. It ensures that the shared buffer is overwritten before it is released for reuse. The mitigation impacts the throughput of the RDRAND and RDSEED instructions and latency of RT processing running on the socket while executing RDRAND or RDSEED. The micro benchmarks calling RDRAND many times show a slowdown. This patch set enables kernel command line control of this mitigation and exports vulnerability and mitigation status. This patch set includes 3 patches: * The first patch adds steppings to x86_cpu_id structure and related macros * The second patch enables the command line control of the mitigation as well as the sysfs export of vulnerability status. * The third patch has the Documentation/admin-guide/hw-vuln documentation for this issue and the control over the mitigation. mark gross (3): x86/cpu: Add stepping field to x86_cpu_id structure x86/speculation: Special Register Buffer Data Sampling (SRBDS) mitigation control. x86/speculation: SRBDS vulnerability and mitigation documentation .../ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 2 + .../special-register-buffer-data-sampling.rst | 150 ++++++++++++++++++ .../admin-guide/kernel-parameters.txt | 20 +++ arch/x86/include/asm/cpu_device_id.h | 26 ++- arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/msr-index.h | 4 + arch/x86/kernel/cpu/bugs.c | 123 ++++++++++++++ arch/x86/kernel/cpu/common.c | 61 +++++-- arch/x86/kernel/cpu/cpu.h | 3 + arch/x86/kernel/cpu/match.c | 7 +- drivers/base/cpu.c | 8 + include/linux/mod_devicetable.h | 2 + 13 files changed, 393 insertions(+), 16 deletions(-) create mode 100644 Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst -- 2.17.1