x86/its: Add "vmexit" option to skip mitigation on some CPUs

commit 2665281a07e19550944e8354a2024635a7b2714a upstream.

Ice Lake generation CPUs are not affected by guest/host isolation part of
ITS. If a user is only concerned about KVM guests, they can now choose a
new cmdline option "vmexit" that will not deploy the ITS mitigation when
CPU is not affected by guest/host isolation. This saves the performance
overhead of ITS mitigation on Ice Lake gen CPUs.

When "vmexit" option selected, if the CPU is affected by ITS guest/host
isolation, the default ITS mitigation is deployed.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 848b367ca95b5e5a998f05d74f3aa5144f0ff60f..30e48bcc18c983b13221518dca6af6c4d2356709 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2068,6 +2068,8 @@
                        off:    Disable mitigation.
                        force:  Force the ITS bug and deploy default
                                mitigation.
+                       vmexit: Only deploy mitigation if CPU is affected by
+                               guest/host isolation part of ITS.
 
                        For details see:
                        Documentation/admin-guide/hw-vuln/indirect-target-selection.rst

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 8cc47fc986e9ce9ed2183fc83d7f335346cb36c0..8a2482651a6f1e637fbef4a870a50d1d6ef47e37 100644 (file)
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -520,4 +520,5 @@
 #define X86_BUG_BHI                    X86_BUG(1*32 + 3) /* CPU is affected by Branch History Injection */
 #define X86_BUG_IBPB_NO_RET            X86_BUG(1*32 + 4) /* "ibpb_no_ret" IBPB omits return target predictions */
 #define X86_BUG_ITS                    X86_BUG(1*32 + 5) /* CPU is affected by Indirect Target Selection */
+#define X86_BUG_ITS_NATIVE_ONLY                X86_BUG(1*32 + 6) /* CPU is affected by ITS, VMX is not affected */
 #endif /* _ASM_X86_CPUFEATURES_H */

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index df5edadf8bbe24ffe40ca4c0a8648aad0f87a581..beb34b716a4a3ba0f83ab49aff3dc954799cd16f 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1188,16 +1188,19 @@ do_cmd_auto:
 enum its_mitigation_cmd {
        ITS_CMD_OFF,
        ITS_CMD_ON,
+       ITS_CMD_VMEXIT,
 };
 
 enum its_mitigation {
        ITS_MITIGATION_OFF,
+       ITS_MITIGATION_VMEXIT_ONLY,
        ITS_MITIGATION_ALIGNED_THUNKS,
        ITS_MITIGATION_RETPOLINE_STUFF,
 };
 
 static const char * const its_strings[] = {
        [ITS_MITIGATION_OFF]                    = "Vulnerable",
+       [ITS_MITIGATION_VMEXIT_ONLY]            = "Mitigation: Vulnerable, KVM: Not affected",
        [ITS_MITIGATION_ALIGNED_THUNKS]         = "Mitigation: Aligned branch/return thunks",
        [ITS_MITIGATION_RETPOLINE_STUFF]        = "Mitigation: Retpolines, Stuffing RSB",
 };
@@ -1224,6 +1227,8 @@ static int __init its_parse_cmdline(char *str)
        } else if (!strcmp(str, "force")) {
                its_cmd = ITS_CMD_ON;
                setup_force_cpu_bug(X86_BUG_ITS);
+       } else if (!strcmp(str, "vmexit")) {
+               its_cmd = ITS_CMD_VMEXIT;
        } else {
                pr_err("Ignoring unknown indirect_target_selection option (%s).", str);
        }
@@ -1278,6 +1283,12 @@ static void __init its_select_mitigation(void)
        case ITS_CMD_OFF:
                its_mitigation = ITS_MITIGATION_OFF;
                break;
+       case ITS_CMD_VMEXIT:
+               if (boot_cpu_has_bug(X86_BUG_ITS_NATIVE_ONLY)) {
+                       its_mitigation = ITS_MITIGATION_VMEXIT_ONLY;
+                       goto out;
+               }
+               fallthrough;
        case ITS_CMD_ON:
                its_mitigation = ITS_MITIGATION_ALIGNED_THUNKS;
                if (!boot_cpu_has(X86_FEATURE_RETPOLINE))

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 1b1df06f6c23e9f3408374f4af995ef6c5c3cbac..067e31fb9e165d78b8975d0dd55c7e9ca6172548 100644 (file)
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1274,6 +1274,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
 #define RFDS           BIT(7)
 /* CPU is affected by Indirect Target Selection */
 #define ITS            BIT(8)
+/* CPU is affected by Indirect Target Selection, but guest-host isolation is not affected */
+#define ITS_NATIVE_ONLY        BIT(9)
 
 static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
        VULNBL_INTEL_STEPPINGS(IVYBRIDGE,       X86_STEPPING_ANY,               SRBDS),
@@ -1294,16 +1296,16 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
        VULNBL_INTEL_STEPPINGS(KABYLAKE,        X86_STEPPINGS(0x0, 0xc),        MMIO | RETBLEED | GDS | SRBDS),
        VULNBL_INTEL_STEPPINGS(KABYLAKE,        X86_STEPPING_ANY,               MMIO | RETBLEED | GDS | SRBDS | ITS),
        VULNBL_INTEL_STEPPINGS(CANNONLAKE_L,    X86_STEPPING_ANY,               RETBLEED),
-       VULNBL_INTEL_STEPPINGS(ICELAKE_L,       X86_STEPPING_ANY,               MMIO | MMIO_SBDS | RETBLEED | GDS | ITS),
-       VULNBL_INTEL_STEPPINGS(ICELAKE_D,       X86_STEPPING_ANY,               MMIO | GDS | ITS),
-       VULNBL_INTEL_STEPPINGS(ICELAKE_X,       X86_STEPPING_ANY,               MMIO | GDS | ITS),
+       VULNBL_INTEL_STEPPINGS(ICELAKE_L,       X86_STEPPING_ANY,               MMIO | MMIO_SBDS | RETBLEED | GDS | ITS | ITS_NATIVE_ONLY),
+       VULNBL_INTEL_STEPPINGS(ICELAKE_D,       X86_STEPPING_ANY,               MMIO | GDS | ITS | ITS_NATIVE_ONLY),
+       VULNBL_INTEL_STEPPINGS(ICELAKE_X,       X86_STEPPING_ANY,               MMIO | GDS | ITS | ITS_NATIVE_ONLY),
        VULNBL_INTEL_STEPPINGS(COMETLAKE,       X86_STEPPING_ANY,               MMIO | MMIO_SBDS | RETBLEED | GDS | ITS),
        VULNBL_INTEL_STEPPINGS(COMETLAKE_L,     X86_STEPPINGS(0x0, 0x0),        MMIO | RETBLEED | ITS),
        VULNBL_INTEL_STEPPINGS(COMETLAKE_L,     X86_STEPPING_ANY,               MMIO | MMIO_SBDS | RETBLEED | GDS | ITS),
-       VULNBL_INTEL_STEPPINGS(TIGERLAKE_L,     X86_STEPPING_ANY,               GDS | ITS),
-       VULNBL_INTEL_STEPPINGS(TIGERLAKE,       X86_STEPPING_ANY,               GDS | ITS),
+       VULNBL_INTEL_STEPPINGS(TIGERLAKE_L,     X86_STEPPING_ANY,               GDS | ITS | ITS_NATIVE_ONLY),
+       VULNBL_INTEL_STEPPINGS(TIGERLAKE,       X86_STEPPING_ANY,               GDS | ITS | ITS_NATIVE_ONLY),
        VULNBL_INTEL_STEPPINGS(LAKEFIELD,       X86_STEPPING_ANY,               MMIO | MMIO_SBDS | RETBLEED),
-       VULNBL_INTEL_STEPPINGS(ROCKETLAKE,      X86_STEPPING_ANY,               MMIO | RETBLEED | GDS | ITS),
+       VULNBL_INTEL_STEPPINGS(ROCKETLAKE,      X86_STEPPING_ANY,               MMIO | RETBLEED | GDS | ITS | ITS_NATIVE_ONLY),
        VULNBL_INTEL_STEPPINGS(ALDERLAKE,       X86_STEPPING_ANY,               RFDS),
        VULNBL_INTEL_STEPPINGS(ALDERLAKE_L,     X86_STEPPING_ANY,               RFDS),
        VULNBL_INTEL_STEPPINGS(RAPTORLAKE,      X86_STEPPING_ANY,               RFDS),
@@ -1520,8 +1522,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
        if (cpu_has(c, X86_FEATURE_AMD_IBPB) && !cpu_has(c, X86_FEATURE_AMD_IBPB_RET))
                setup_force_cpu_bug(X86_BUG_IBPB_NO_RET);
 
-       if (vulnerable_to_its(x86_arch_cap_msr))
+       if (vulnerable_to_its(x86_arch_cap_msr)) {
                setup_force_cpu_bug(X86_BUG_ITS);
+               if (cpu_matches(cpu_vuln_blacklist, ITS_NATIVE_ONLY))
+                       setup_force_cpu_bug(X86_BUG_ITS_NATIVE_ONLY);
+       }
 
        if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
                return;