x86/speculation/taa: Add mitigation for TSX Async Abort (1b42f017) · Commits · 戴 / test

arch/x86/include/asm/cpufeatures.h

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -399,5 +399,6 @@
	#define X86_BUG_MDS X86_BUG(19) /* CPU is affected by Microarchitectural data sampling */		#define X86_BUG_MDS X86_BUG(19) /* CPU is affected by Microarchitectural data sampling */
	#define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */		#define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */
	#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */		#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */
			#define X86_BUG_TAA X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */

	#endif /* _ASM_X86_CPUFEATURES_H */		#endif /* _ASM_X86_CPUFEATURES_H */

arch/x86/include/asm/msr-index.h

+4 −0

Original line number	Original line	Diff line number	Diff line
	@@ -94,6 +94,10 @@
	* Sampling (MDS) vulnerabilities.		* Sampling (MDS) vulnerabilities.
	*/		*/
	#define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */		#define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */
			#define ARCH_CAP_TAA_NO BIT(8) /*
			* Not susceptible to
			* TSX Async Abort (TAA) vulnerabilities.
			*/

	#define MSR_IA32_FLUSH_CMD 0x0000010b		#define MSR_IA32_FLUSH_CMD 0x0000010b
	#define L1D_FLUSH BIT(0) /*		#define L1D_FLUSH BIT(0) /*

arch/x86/include/asm/nospec-branch.h

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -314,7 +314,7 @@ DECLARE_STATIC_KEY_FALSE(mds_idle_clear);
	#include <asm/segment.h>		#include <asm/segment.h>

	/**		/**
	* mds_clear_cpu_buffers - Mitigation for MDS vulnerability		* mds_clear_cpu_buffers - Mitigation for MDS and TAA vulnerability
	*		*
	* This uses the otherwise unused and obsolete VERW instruction in		* This uses the otherwise unused and obsolete VERW instruction in
	* combination with microcode which triggers a CPU buffer flush when the		* combination with microcode which triggers a CPU buffer flush when the
	@@ -337,7 +337,7 @@ static inline void mds_clear_cpu_buffers(void)
	}		}

	/**		/**
	* mds_user_clear_cpu_buffers - Mitigation for MDS vulnerability		* mds_user_clear_cpu_buffers - Mitigation for MDS and TAA vulnerability
	*		*
	* Clear CPU buffers if the corresponding static key is enabled		* Clear CPU buffers if the corresponding static key is enabled
	*/		*/

arch/x86/include/asm/processor.h

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -988,4 +988,11 @@ enum mds_mitigations {
	MDS_MITIGATION_VMWERV,		MDS_MITIGATION_VMWERV,
	};		};

			enum taa_mitigations {
			TAA_MITIGATION_OFF,
			TAA_MITIGATION_UCODE_NEEDED,
			TAA_MITIGATION_VERW,
			TAA_MITIGATION_TSX_DISABLED,
			};

	#endif /* _ASM_X86_PROCESSOR_H */		#endif /* _ASM_X86_PROCESSOR_H */

arch/x86/kernel/cpu/bugs.c

+108 −0

Original line number	Original line	Diff line number	Diff line
	@@ -39,6 +39,7 @@ static void __init spectre_v2_select_mitigation(void);
	static void __init ssb_select_mitigation(void);		static void __init ssb_select_mitigation(void);
	static void __init l1tf_select_mitigation(void);		static void __init l1tf_select_mitigation(void);
	static void __init mds_select_mitigation(void);		static void __init mds_select_mitigation(void);
			static void __init taa_select_mitigation(void);

	/* The base value of the SPEC_CTRL MSR that always has to be preserved. */		/* The base value of the SPEC_CTRL MSR that always has to be preserved. */
	u64 x86_spec_ctrl_base;		u64 x86_spec_ctrl_base;
	@@ -105,6 +106,7 @@ void __init check_bugs(void)
	ssb_select_mitigation();		ssb_select_mitigation();
	l1tf_select_mitigation();		l1tf_select_mitigation();
	mds_select_mitigation();		mds_select_mitigation();
			taa_select_mitigation();

	arch_smt_update();		arch_smt_update();

	@@ -268,6 +270,100 @@ static int __init mds_cmdline(char *str)
	}		}
	early_param("mds", mds_cmdline);		early_param("mds", mds_cmdline);

			#undef pr_fmt
			#define pr_fmt(fmt) "TAA: " fmt

			/* Default mitigation for TAA-affected CPUs */
			static enum taa_mitigations taa_mitigation __ro_after_init = TAA_MITIGATION_VERW;
			static bool taa_nosmt __ro_after_init;

			static const char * const taa_strings[] = {
			[TAA_MITIGATION_OFF] = "Vulnerable",
			[TAA_MITIGATION_UCODE_NEEDED] = "Vulnerable: Clear CPU buffers attempted, no microcode",
			[TAA_MITIGATION_VERW] = "Mitigation: Clear CPU buffers",
			[TAA_MITIGATION_TSX_DISABLED] = "Mitigation: TSX disabled",
			};

			static void __init taa_select_mitigation(void)
			{
			u64 ia32_cap;

			if (!boot_cpu_has_bug(X86_BUG_TAA)) {
			taa_mitigation = TAA_MITIGATION_OFF;
			return;
			}

			/* TSX previously disabled by tsx=off */
			if (!boot_cpu_has(X86_FEATURE_RTM)) {
			taa_mitigation = TAA_MITIGATION_TSX_DISABLED;
			goto out;
			}

			if (cpu_mitigations_off()) {
			taa_mitigation = TAA_MITIGATION_OFF;
			return;
			}

			/* TAA mitigation is turned off on the cmdline (tsx_async_abort=off) */
			if (taa_mitigation == TAA_MITIGATION_OFF)
			goto out;

			if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
			taa_mitigation = TAA_MITIGATION_VERW;
			else
			taa_mitigation = TAA_MITIGATION_UCODE_NEEDED;

			/*
			* VERW doesn't clear the CPU buffers when MD_CLEAR=1 and MDS_NO=1.
			* A microcode update fixes this behavior to clear CPU buffers. It also
			* adds support for MSR_IA32_TSX_CTRL which is enumerated by the
			* ARCH_CAP_TSX_CTRL_MSR bit.
			*
			* On MDS_NO=1 CPUs if ARCH_CAP_TSX_CTRL_MSR is not set, microcode
			* update is required.
			*/
			ia32_cap = x86_read_arch_cap_msr();
			if ( (ia32_cap & ARCH_CAP_MDS_NO) &&
			!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR))
			taa_mitigation = TAA_MITIGATION_UCODE_NEEDED;

			/*
			* TSX is enabled, select alternate mitigation for TAA which is
			* the same as MDS. Enable MDS static branch to clear CPU buffers.
			*
			* For guests that can't determine whether the correct microcode is
			* present on host, enable the mitigation for UCODE_NEEDED as well.
			*/
			static_branch_enable(&mds_user_clear);

			if (taa_nosmt \|\| cpu_mitigations_auto_nosmt())
			cpu_smt_disable(false);

			out:
			pr_info("%s\n", taa_strings[taa_mitigation]);
			}

			static int __init tsx_async_abort_parse_cmdline(char *str)
			{
			if (!boot_cpu_has_bug(X86_BUG_TAA))
			return 0;

			if (!str)
			return -EINVAL;

			if (!strcmp(str, "off")) {
			taa_mitigation = TAA_MITIGATION_OFF;
			} else if (!strcmp(str, "full")) {
			taa_mitigation = TAA_MITIGATION_VERW;
			} else if (!strcmp(str, "full,nosmt")) {
			taa_mitigation = TAA_MITIGATION_VERW;
			taa_nosmt = true;
			}

			return 0;
			}
			early_param("tsx_async_abort", tsx_async_abort_parse_cmdline);

	#undef pr_fmt		#undef pr_fmt
	#define pr_fmt(fmt) "Spectre V1 : " fmt		#define pr_fmt(fmt) "Spectre V1 : " fmt

	@@ -786,6 +882,7 @@ static void update_mds_branch_idle(void)
	}		}

	#define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n"		#define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n"
			#define TAA_MSG_SMT "TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details.\n"

	void cpu_bugs_smt_update(void)		void cpu_bugs_smt_update(void)
	{		{
	@@ -819,6 +916,17 @@ void cpu_bugs_smt_update(void)
	break;		break;
	}		}

			switch (taa_mitigation) {
			case TAA_MITIGATION_VERW:
			case TAA_MITIGATION_UCODE_NEEDED:
			if (sched_smt_active())
			pr_warn_once(TAA_MSG_SMT);
			break;
			case TAA_MITIGATION_TSX_DISABLED:
			case TAA_MITIGATION_OFF:
			break;
			}

	mutex_unlock(&spec_ctrl_mutex);		mutex_unlock(&spec_ctrl_mutex);
	}		}

Admin message