From: Josh Poimboeuf <jpoimboe@kernel.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Nikolay Borisov <nik.borisov@suse.com>, X86 ML <x86@kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/srso: Correct the mitigation status when SMT is disabled
Date: Tue, 15 Aug 2023 12:58:31 -0700 [thread overview]
Message-ID: <20230815195831.2opbgrznnpszaa32@treble> (raw)
In-Reply-To: <20230815095724.GBZNtMBPUJSEegviJN@fat_crate.local>
On Tue, Aug 15, 2023 at 11:57:24AM +0200, Borislav Petkov wrote:
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -2417,8 +2417,7 @@ static void __init srso_select_mitigation(void)
> * Zen1/2 with SMT off aren't vulnerable after the right
> * IBPB microcode has been applied.
> */
> - if ((boot_cpu_data.x86 < 0x19) &&
> - (!cpu_smt_possible() || (cpu_smt_control == CPU_SMT_DISABLED))) {
> + if (boot_cpu_data.x86 < 0x19 && !cpu_smt_possible()) {
> setup_force_cpu_cap(X86_FEATURE_SRSO_NO);
> return;
> }
> @@ -2698,8 +2697,12 @@ static ssize_t retbleed_show_state(char *buf)
>
> static ssize_t srso_show_state(char *buf)
> {
> - if (boot_cpu_has(X86_FEATURE_SRSO_NO))
> - return sysfs_emit(buf, "Not affected\n");
> + if (boot_cpu_has(X86_FEATURE_SRSO_NO)) {
> + if (sched_smt_active())
> + return sysfs_emit(buf, "Not affected\n");
> + else
> + return sysfs_emit(buf, "Mitigation: SMT disabled\n");
> + }
AFAICT, nowhere in the spec does it say the SRSO_NO bit won't get set by
future (fixed) HW. In fact I'd expect it will, similar to other *_NO
flags.
Regardless, here SRSO_NO seems to mean two different things: "reported
safe by host (or HW)" and "not reported safe on Zen1/2 with SMT not
possible".
Also, in this code, the SRSO_NO+SMT combo doesn't seem logically
possible, as srso_show_state() only gets called if X86_BUG_SRSO is set,
which only happens if SRSO_NO is not set by the HW/host in the first
place. So here, if boot_cpu_has(X86_FEATURE_SRSO_NO), it means SRSO_NO
was manually set by srso_select_mitigation(), and SMT can't possibly be
enabled.
Instead of piggybacking on SRSO_NO, which is confusing, why not just add
a new mitigation type, like:
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 6c04aef4b63b..c925b98f5a15 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2343,6 +2343,7 @@ early_param("l1tf", l1tf_cmdline);
enum srso_mitigation {
SRSO_MITIGATION_NONE,
SRSO_MITIGATION_MICROCODE,
+ SRSO_MITIGATION_SMT,
SRSO_MITIGATION_SAFE_RET,
SRSO_MITIGATION_IBPB,
SRSO_MITIGATION_IBPB_ON_VMEXIT,
@@ -2359,6 +2360,7 @@ enum srso_mitigation_cmd {
static const char * const srso_strings[] = {
[SRSO_MITIGATION_NONE] = "Vulnerable",
[SRSO_MITIGATION_MICROCODE] = "Mitigation: microcode",
+ [SRSO_MITIGATION_SMT] = "Mitigation: SMT disabled",
[SRSO_MITIGATION_SAFE_RET] = "Mitigation: safe RET",
[SRSO_MITIGATION_IBPB] = "Mitigation: IBPB",
[SRSO_MITIGATION_IBPB_ON_VMEXIT] = "Mitigation: IBPB on VMEXIT only"
@@ -2407,19 +2409,15 @@ static void __init srso_select_mitigation(void)
pr_warn("IBPB-extending microcode not applied!\n");
pr_warn(SRSO_NOTICE);
} else {
- /*
- * Enable the synthetic (even if in a real CPUID leaf)
- * flags for guests.
- */
+ /* Enable the synthetic flag, as HW doesn't set it. */
setup_force_cpu_cap(X86_FEATURE_IBPB_BRTYPE);
/*
* Zen1/2 with SMT off aren't vulnerable after the right
* IBPB microcode has been applied.
*/
- if ((boot_cpu_data.x86 < 0x19) &&
- (!cpu_smt_possible() || (cpu_smt_control == CPU_SMT_DISABLED))) {
- setup_force_cpu_cap(X86_FEATURE_SRSO_NO);
+ if ((boot_cpu_data.x86 < 0x19) && !cpu_smt_possible()) {
+ srso_mitigation = SRSO_MITIGATION_SMT;
return;
}
}
@@ -2698,9 +2696,6 @@ static ssize_t retbleed_show_state(char *buf)
static ssize_t srso_show_state(char *buf)
{
- if (boot_cpu_has(X86_FEATURE_SRSO_NO))
- return sysfs_emit(buf, "Not affected\n");
-
return sysfs_emit(buf, "%s%s\n",
srso_strings[srso_mitigation],
(cpu_has_ibpb_brtype_microcode() ? "" : ", no microcode"));
next prev parent reply other threads:[~2023-08-15 19:59 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-13 10:45 [PATCH] x86/srso: Disable the mitigation on unaffected configurations Borislav Petkov
2023-08-14 6:39 ` Nikolay Borisov
2023-08-14 20:08 ` Josh Poimboeuf
2023-08-14 20:25 ` Borislav Petkov
2023-08-14 20:53 ` Josh Poimboeuf
2023-08-14 21:17 ` Borislav Petkov
2023-08-15 9:57 ` [PATCH] x86/srso: Correct the mitigation status when SMT is disabled Borislav Petkov
2023-08-15 19:58 ` Josh Poimboeuf [this message]
2023-08-15 20:17 ` Borislav Petkov
2023-08-15 21:27 ` Josh Poimboeuf
2023-08-16 8:30 ` Borislav Petkov
2023-08-16 16:07 ` Josh Poimboeuf
2023-08-16 17:35 ` Borislav Petkov
2023-08-16 18:29 ` Josh Poimboeuf
2023-08-16 18:58 ` Borislav Petkov
2023-08-17 9:07 ` Borislav Petkov
2023-08-17 14:54 ` Josh Poimboeuf
2023-08-18 10:59 ` [tip: x86/urgent] " tip-bot2 for Borislav Petkov (AMD)
2023-08-14 9:37 ` [tip: x86/urgent] x86/srso: Disable the mitigation on unaffected configurations tip-bot2 for Borislav Petkov (AMD)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230815195831.2opbgrznnpszaa32@treble \
--to=jpoimboe@kernel.org \
--cc=bp@alien8.de \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nik.borisov@suse.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).