x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug

commit 51802186158c74a0304f51ab963e7c2b3a2b046f upstream

Processor MMIO Stale Data is a class of vulnerabilities that may
expose data after an MMIO operation. For more details please refer to
Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst

Add the Processor MMIO Stale Data bug enumeration. A microcode update
adds new bits to the MSR IA32_ARCH_CAPABILITIES, define them.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[cascardo: adapted family names to the ones in v4.19]
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 8910dde943d13de8ef5e78c319ab1082174d5c82..8025b7da04951683f4ed8f6696a69d87e5ec0f9e 100644 (file)
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -394,5 +394,6 @@
 #define X86_BUG_TAA                    X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */
 #define X86_BUG_ITLB_MULTIHIT          X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */
 #define X86_BUG_SRBDS                  X86_BUG(24) /* CPU may leak RNG bits if not mitigated */
+#define X86_BUG_MMIO_STALE_DATA                X86_BUG(25) /* CPU is affected by Processor MMIO Stale Data vulnerabilities */
 
 #endif /* _ASM_X86_CPUFEATURES_H */

diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 892af8ab95d70aa76a7cb596861f0ab92f774c12..d30f2a7d00bc7ea0d458c4484cada9fd1add5751 100644 (file)
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -96,6 +96,25 @@
                                                 * Not susceptible to
                                                 * TSX Async Abort (TAA) vulnerabilities.
                                                 */
+#define ARCH_CAP_SBDR_SSDP_NO          BIT(13) /*
+                                                * Not susceptible to SBDR and SSDP
+                                                * variants of Processor MMIO stale data
+                                                * vulnerabilities.
+                                                */
+#define ARCH_CAP_FBSDP_NO              BIT(14) /*
+                                                * Not susceptible to FBSDP variant of
+                                                * Processor MMIO stale data
+                                                * vulnerabilities.
+                                                */
+#define ARCH_CAP_PSDP_NO               BIT(15) /*
+                                                * Not susceptible to PSDP variant of
+                                                * Processor MMIO stale data
+                                                * vulnerabilities.
+                                                */
+#define ARCH_CAP_FB_CLEAR              BIT(17) /*
+                                                * VERW clears CPU fill buffer
+                                                * even on MDS_NO CPUs.
+                                                */
 
 #define MSR_IA32_FLUSH_CMD             0x0000010b
 #define L1D_FLUSH                      BIT(0)  /*

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 7e7400af779781b4b545fb229100270cd56fedd6..138a743261a3d131fa90589c0851a50f6766a7f5 100644 (file)
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1019,18 +1019,39 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
                                            X86_FEATURE_ANY, issues)
 
 #define SRBDS          BIT(0)
+/* CPU is affected by X86_BUG_MMIO_STALE_DATA */
+#define MMIO           BIT(1)
 
 static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
        VULNBL_INTEL_STEPPINGS(IVYBRIDGE,       X86_STEPPING_ANY,               SRBDS),
        VULNBL_INTEL_STEPPINGS(HASWELL_CORE,    X86_STEPPING_ANY,               SRBDS),
        VULNBL_INTEL_STEPPINGS(HASWELL_ULT,     X86_STEPPING_ANY,               SRBDS),
        VULNBL_INTEL_STEPPINGS(HASWELL_GT3E,    X86_STEPPING_ANY,               SRBDS),
+       VULNBL_INTEL_STEPPINGS(HASWELL_X,       BIT(2) | BIT(4),                MMIO),
+       VULNBL_INTEL_STEPPINGS(BROADWELL_XEON_D,X86_STEPPINGS(0x3, 0x5),        MMIO),
        VULNBL_INTEL_STEPPINGS(BROADWELL_GT3E,  X86_STEPPING_ANY,               SRBDS),
+       VULNBL_INTEL_STEPPINGS(BROADWELL_X,     X86_STEPPING_ANY,               MMIO),
        VULNBL_INTEL_STEPPINGS(BROADWELL_CORE,  X86_STEPPING_ANY,               SRBDS),
+       VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE,  X86_STEPPINGS(0x3, 0x3),        SRBDS | MMIO),
        VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE,  X86_STEPPING_ANY,               SRBDS),
+       VULNBL_INTEL_STEPPINGS(SKYLAKE_X,       BIT(3) | BIT(4) | BIT(6) |
+                                               BIT(7) | BIT(0xB),              MMIO),
+       VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP, X86_STEPPINGS(0x3, 0x3),        SRBDS | MMIO),
        VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP, X86_STEPPING_ANY,               SRBDS),
-       VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE, X86_STEPPINGS(0x0, 0xC),        SRBDS),
-       VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x0, 0xD),        SRBDS),
+       VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE, X86_STEPPINGS(0x9, 0xC),        SRBDS | MMIO),
+       VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE, X86_STEPPINGS(0x0, 0x8),        SRBDS),
+       VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x9, 0xD),        SRBDS | MMIO),
+       VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x0, 0x8),        SRBDS),
+       VULNBL_INTEL_STEPPINGS(ICELAKE_MOBILE,  X86_STEPPINGS(0x5, 0x5),        MMIO),
+       VULNBL_INTEL_STEPPINGS(ICELAKE_XEON_D,  X86_STEPPINGS(0x1, 0x1),        MMIO),
+       VULNBL_INTEL_STEPPINGS(ICELAKE_X,       X86_STEPPINGS(0x4, 0x6),        MMIO),
+       VULNBL_INTEL_STEPPINGS(COMETLAKE,       BIT(2) | BIT(3) | BIT(5),       MMIO),
+       VULNBL_INTEL_STEPPINGS(COMETLAKE_L,     X86_STEPPINGS(0x0, 0x1),        MMIO),
+       VULNBL_INTEL_STEPPINGS(LAKEFIELD,       X86_STEPPINGS(0x1, 0x1),        MMIO),
+       VULNBL_INTEL_STEPPINGS(ROCKETLAKE,      X86_STEPPINGS(0x1, 0x1),        MMIO),
+       VULNBL_INTEL_STEPPINGS(ATOM_TREMONT,    X86_STEPPINGS(0x1, 0x1),        MMIO),
+       VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_X,  X86_STEPPING_ANY,               MMIO),
+       VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L,  X86_STEPPINGS(0x0, 0x0),        MMIO),
        {}
 };
 
@@ -1051,6 +1072,13 @@ u64 x86_read_arch_cap_msr(void)
        return ia32_cap;
 }
 
+static bool arch_cap_mmio_immune(u64 ia32_cap)
+{
+       return (ia32_cap & ARCH_CAP_FBSDP_NO &&
+               ia32_cap & ARCH_CAP_PSDP_NO &&
+               ia32_cap & ARCH_CAP_SBDR_SSDP_NO);
+}
+
 static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
 {
        u64 ia32_cap = x86_read_arch_cap_msr();
@@ -1108,6 +1136,17 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
            cpu_matches(cpu_vuln_blacklist, SRBDS))
                    setup_force_cpu_bug(X86_BUG_SRBDS);
 
+       /*
+        * Processor MMIO Stale Data bug enumeration
+        *
+        * Affected CPU list is generally enough to enumerate the vulnerability,
+        * but for virtualization case check for ARCH_CAP MSR bits also, VMM may
+        * not want the guest to enumerate the bug.
+        */
+       if (cpu_matches(cpu_vuln_blacklist, MMIO) &&
+           !arch_cap_mmio_immune(ia32_cap))
+               setup_force_cpu_bug(X86_BUG_MMIO_STALE_DATA);
+
        if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
                return;