From 74a80253d3baa614de35eae2bd4800be67f815d0 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Mar 18 2024 09:49:44 +0000 Subject: - Linux 6.8.1 (bsc#1012628). - Rename to patches.kernel.org/6.8.1-001-x86-mmio-Disable-KVM-mitigation-when-X86_FEATUR.patch. - Rename to patches.kernel.org/6.8.1-002-Documentation-hw-vuln-Add-documentation-for-RFD.patch. - Rename to patches.kernel.org/6.8.1-003-x86-rfds-Mitigate-Register-File-Data-Sampling-R.patch. - Rename to patches.kernel.org/6.8.1-004-KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch. --- diff --git a/patches.kernel.org/6.8.1-001-x86-mmio-Disable-KVM-mitigation-when-X86_FEATUR.patch b/patches.kernel.org/6.8.1-001-x86-mmio-Disable-KVM-mitigation-when-X86_FEATUR.patch new file mode 100644 index 0000000..1a54db1 --- /dev/null +++ b/patches.kernel.org/6.8.1-001-x86-mmio-Disable-KVM-mitigation-when-X86_FEATUR.patch @@ -0,0 +1,64 @@ +From: Pawan Gupta +Date: Mon, 11 Mar 2024 12:29:43 -0700 +Subject: [PATCH] x86/mmio: Disable KVM mitigation when + X86_FEATURE_CLEAR_CPU_BUF is set +Patch-mainline: 6.8.1 +References: CVE-2023-28746 bsc#1012628 bsc#1213456 +Git-commit: e95df4ec0c0c9791941f112db699fae794b9862a + +commit e95df4ec0c0c9791941f112db699fae794b9862a upstream. + +Currently MMIO Stale Data mitigation for CPUs not affected by MDS/TAA is +to only deploy VERW at VMentry by enabling mmio_stale_data_clear static +branch. No mitigation is needed for kernel->user transitions. If such +CPUs are also affected by RFDS, its mitigation may set +X86_FEATURE_CLEAR_CPU_BUF to deploy VERW at kernel->user and VMentry. +This could result in duplicate VERW at VMentry. + +Fix this by disabling mmio_stale_data_clear static branch when +X86_FEATURE_CLEAR_CPU_BUF is enabled. + +Signed-off-by: Pawan Gupta +Signed-off-by: Dave Hansen +Reviewed-by: Dave Hansen +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + arch/x86/kernel/cpu/bugs.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index 48d049cd..cd6ac89c 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -422,6 +422,13 @@ static void __init mmio_select_mitigation(void) + if (boot_cpu_has_bug(X86_BUG_MDS) || (boot_cpu_has_bug(X86_BUG_TAA) && + boot_cpu_has(X86_FEATURE_RTM))) + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); ++ ++ /* ++ * X86_FEATURE_CLEAR_CPU_BUF could be enabled by other VERW based ++ * mitigations, disable KVM-only mitigation in that case. ++ */ ++ if (boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF)) ++ static_branch_disable(&mmio_stale_data_clear); + else + static_branch_enable(&mmio_stale_data_clear); + +@@ -498,8 +505,11 @@ static void __init md_clear_update_mitigation(void) + taa_mitigation = TAA_MITIGATION_VERW; + taa_select_mitigation(); + } +- if (mmio_mitigation == MMIO_MITIGATION_OFF && +- boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { ++ /* ++ * MMIO_MITIGATION_OFF is not checked here so that mmio_stale_data_clear ++ * gets updated correctly as per X86_FEATURE_CLEAR_CPU_BUF state. ++ */ ++ if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { + mmio_mitigation = MMIO_MITIGATION_VERW; + mmio_select_mitigation(); + } +-- +2.44.0 + diff --git a/patches.kernel.org/6.8.1-002-Documentation-hw-vuln-Add-documentation-for-RFD.patch b/patches.kernel.org/6.8.1-002-Documentation-hw-vuln-Add-documentation-for-RFD.patch new file mode 100644 index 0000000..76c1291 --- /dev/null +++ b/patches.kernel.org/6.8.1-002-Documentation-hw-vuln-Add-documentation-for-RFD.patch @@ -0,0 +1,146 @@ +From: Pawan Gupta +Date: Mon, 11 Mar 2024 12:29:43 -0700 +Subject: [PATCH] Documentation/hw-vuln: Add documentation for RFDS +Patch-mainline: 6.8.1 +References: CVE-2023-28746 bsc#1012628 bsc#1213456 +Git-commit: 4e42765d1be01111df0c0275bbaf1db1acef346e + +commit 4e42765d1be01111df0c0275bbaf1db1acef346e upstream. + +Add the documentation for transient execution vulnerability Register +File Data Sampling (RFDS) that affects Intel Atom CPUs. + +Signed-off-by: Pawan Gupta +Signed-off-by: Dave Hansen +Reviewed-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + Documentation/admin-guide/hw-vuln/index.rst | 1 + + .../hw-vuln/reg-file-data-sampling.rst | 104 ++++++++++++++++++ + 2 files changed, 105 insertions(+) + create mode 100644 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst + +diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst +index de99caab..ff0b440e 100644 +--- a/Documentation/admin-guide/hw-vuln/index.rst ++++ b/Documentation/admin-guide/hw-vuln/index.rst +@@ -21,3 +21,4 @@ are configurable at compile, boot or run time. + cross-thread-rsb + srso + gather_data_sampling ++ reg-file-data-sampling +diff --git a/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst +new file mode 100644 +index 00000000..0585d02b +--- /dev/null ++++ b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst +@@ -0,0 +1,104 @@ ++================================== ++Register File Data Sampling (RFDS) ++================================== ++ ++Register File Data Sampling (RFDS) is a microarchitectural vulnerability that ++only affects Intel Atom parts(also branded as E-cores). RFDS may allow ++a malicious actor to infer data values previously used in floating point ++registers, vector registers, or integer registers. RFDS does not provide the ++ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS. ++ ++Affected Processors ++=================== ++Below is the list of affected Intel processors [#f1]_: ++ ++ =================== ============ ++ Common name Family_Model ++ =================== ============ ++ ATOM_GOLDMONT 06_5CH ++ ATOM_GOLDMONT_D 06_5FH ++ ATOM_GOLDMONT_PLUS 06_7AH ++ ATOM_TREMONT_D 06_86H ++ ATOM_TREMONT 06_96H ++ ALDERLAKE 06_97H ++ ALDERLAKE_L 06_9AH ++ ATOM_TREMONT_L 06_9CH ++ RAPTORLAKE 06_B7H ++ RAPTORLAKE_P 06_BAH ++ ATOM_GRACEMONT 06_BEH ++ RAPTORLAKE_S 06_BFH ++ =================== ============ ++ ++As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and ++RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as ++vulnerable in Linux because they share the same family/model with an affected ++part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or ++CPUID.HYBRID. This information could be used to distinguish between the ++affected and unaffected parts, but it is deemed not worth adding complexity as ++the reporting is fixed automatically when these parts enumerate RFDS_NO. ++ ++Mitigation ++========== ++Intel released a microcode update that enables software to clear sensitive ++information using the VERW instruction. Like MDS, RFDS deploys the same ++mitigation strategy to force the CPU to clear the affected buffers before an ++attacker can extract the secrets. This is achieved by using the otherwise ++unused and obsolete VERW instruction in combination with a microcode update. ++The microcode clears the affected CPU buffers when the VERW instruction is ++executed. ++ ++Mitigation points ++----------------- ++VERW is executed by the kernel before returning to user space, and by KVM ++before VMentry. None of the affected cores support SMT, so VERW is not required ++at C-state transitions. ++ ++New bits in IA32_ARCH_CAPABILITIES ++---------------------------------- ++Newer processors and microcode update on existing affected processors added new ++bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate ++vulnerability and mitigation capability: ++ ++- Bit 27 - RFDS_NO - When set, processor is not affected by RFDS. ++- Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the ++ microcode that clears the affected buffers on VERW execution. ++ ++Mitigation control on the kernel command line ++--------------------------------------------- ++The kernel command line allows to control RFDS mitigation at boot time with the ++parameter "reg_file_data_sampling=". The valid arguments are: ++ ++ ========== ================================================================= ++ on If the CPU is vulnerable, enable mitigation; CPU buffer clearing ++ on exit to userspace and before entering a VM. ++ off Disables mitigation. ++ ========== ================================================================= ++ ++Mitigation default is selected by CONFIG_MITIGATION_RFDS. ++ ++Mitigation status information ++----------------------------- ++The Linux kernel provides a sysfs interface to enumerate the current ++vulnerability status of the system: whether the system is vulnerable, and ++which mitigations are active. The relevant sysfs file is: ++ ++ /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling ++ ++The possible values in this file are: ++ ++ .. list-table:: ++ ++ * - 'Not affected' ++ - The processor is not vulnerable ++ * - 'Vulnerable' ++ - The processor is vulnerable, but no mitigation enabled ++ * - 'Vulnerable: No microcode' ++ - The processor is vulnerable but microcode is not updated. ++ * - 'Mitigation: Clear Register File' ++ - The processor is vulnerable and the CPU buffer clearing mitigation is ++ enabled. ++ ++References ++---------- ++.. [#f1] Affected Processors ++ https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html +-- +2.44.0 + diff --git a/patches.kernel.org/6.8.1-003-x86-rfds-Mitigate-Register-File-Data-Sampling-R.patch b/patches.kernel.org/6.8.1-003-x86-rfds-Mitigate-Register-File-Data-Sampling-R.patch new file mode 100644 index 0000000..78488b0 --- /dev/null +++ b/patches.kernel.org/6.8.1-003-x86-rfds-Mitigate-Register-File-Data-Sampling-R.patch @@ -0,0 +1,390 @@ +From: Pawan Gupta +Date: Mon, 11 Mar 2024 12:29:43 -0700 +Subject: [PATCH] x86/rfds: Mitigate Register File Data Sampling (RFDS) +Patch-mainline: 6.8.1 +References: CVE-2023-28746 bsc#1012628 bsc#1213456 +Git-commit: 8076fcde016c9c0e0660543e67bff86cb48a7c9c + +commit 8076fcde016c9c0e0660543e67bff86cb48a7c9c upstream. + +RFDS is a CPU vulnerability that may allow userspace to infer kernel +stale data previously used in floating point registers, vector registers +and integer registers. RFDS only affects certain Intel Atom processors. + +Intel released a microcode update that uses VERW instruction to clear +the affected CPU buffers. Unlike MDS, none of the affected cores support +SMT. + +Add RFDS bug infrastructure and enable the VERW based mitigation by +default, that clears the affected buffers just before exiting to +userspace. Also add sysfs reporting and cmdline parameter +"reg_file_data_sampling" to control the mitigation. + +For details see: +Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst + +Signed-off-by: Pawan Gupta +Signed-off-by: Dave Hansen +Reviewed-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + .../ABI/testing/sysfs-devices-system-cpu | 1 + + .../admin-guide/kernel-parameters.txt | 21 +++++ + arch/x86/Kconfig | 11 +++ + arch/x86/include/asm/cpufeatures.h | 1 + + arch/x86/include/asm/msr-index.h | 8 ++ + arch/x86/kernel/cpu/bugs.c | 78 ++++++++++++++++++- + arch/x86/kernel/cpu/common.c | 38 ++++++++- + drivers/base/cpu.c | 3 + + include/linux/cpu.h | 2 + + 9 files changed, 157 insertions(+), 6 deletions(-) + +diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu +index a1db6db4..710d47be 100644 +--- a/Documentation/ABI/testing/sysfs-devices-system-cpu ++++ b/Documentation/ABI/testing/sysfs-devices-system-cpu +@@ -516,6 +516,7 @@ What: /sys/devices/system/cpu/vulnerabilities + /sys/devices/system/cpu/vulnerabilities/mds + /sys/devices/system/cpu/vulnerabilities/meltdown + /sys/devices/system/cpu/vulnerabilities/mmio_stale_data ++ /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling + /sys/devices/system/cpu/vulnerabilities/retbleed + /sys/devices/system/cpu/vulnerabilities/spec_store_bypass + /sys/devices/system/cpu/vulnerabilities/spectre_v1 +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 31b3a256..73062d47 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -1150,6 +1150,26 @@ + The filter can be disabled or changed to another + driver later using sysfs. + ++ reg_file_data_sampling= ++ [X86] Controls mitigation for Register File Data ++ Sampling (RFDS) vulnerability. RFDS is a CPU ++ vulnerability which may allow userspace to infer ++ kernel data values previously stored in floating point ++ registers, vector registers, or integer registers. ++ RFDS only affects Intel Atom processors. ++ ++ on: Turns ON the mitigation. ++ off: Turns OFF the mitigation. ++ ++ This parameter overrides the compile time default set ++ by CONFIG_MITIGATION_RFDS. Mitigation cannot be ++ disabled when other VERW based mitigations (like MDS) ++ are enabled. In order to disable RFDS mitigation all ++ VERW based mitigations need to be disabled. ++ ++ For details see: ++ Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst ++ + driver_async_probe= [KNL] + List of driver names to be probed asynchronously. * + matches with all driver names. If * is specified, the +@@ -3398,6 +3418,7 @@ + nospectre_bhb [ARM64] + nospectre_v1 [X86,PPC] + nospectre_v2 [X86,PPC,S390,ARM64] ++ reg_file_data_sampling=off [X86] + retbleed=off [X86] + spec_store_bypass_disable=off [X86,PPC] + spectre_v2_user=off [X86] +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 5edec175..637e337c 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -2614,6 +2614,17 @@ config GDS_FORCE_MITIGATION + + If in doubt, say N. + ++config MITIGATION_RFDS ++ bool "RFDS Mitigation" ++ depends on CPU_SUP_INTEL ++ default y ++ help ++ Enable mitigation for Register File Data Sampling (RFDS) by default. ++ RFDS is a hardware vulnerability which affects Intel Atom CPUs. It ++ allows unprivileged speculative access to stale data previously ++ stored in floating point, vector and integer registers. ++ See also ++ + endif + + config ARCH_HAS_ADD_PAGES +diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h +index 2b62cdd8..8511aad5 100644 +--- a/arch/x86/include/asm/cpufeatures.h ++++ b/arch/x86/include/asm/cpufeatures.h +@@ -503,4 +503,5 @@ + /* BUG word 2 */ + #define X86_BUG_SRSO X86_BUG(1*32 + 0) /* AMD SRSO bug */ + #define X86_BUG_DIV0 X86_BUG(1*32 + 1) /* AMD DIV0 speculation bug */ ++#define X86_BUG_RFDS X86_BUG(1*32 + 2) /* CPU is vulnerable to Register File Data Sampling */ + #endif /* _ASM_X86_CPUFEATURES_H */ +diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h +index f1bd7b91..d1b5edaf 100644 +--- a/arch/x86/include/asm/msr-index.h ++++ b/arch/x86/include/asm/msr-index.h +@@ -165,6 +165,14 @@ + * CPU is not vulnerable to Gather + * Data Sampling (GDS). + */ ++#define ARCH_CAP_RFDS_NO BIT(27) /* ++ * Not susceptible to Register ++ * File Data Sampling. ++ */ ++#define ARCH_CAP_RFDS_CLEAR BIT(28) /* ++ * VERW clears CPU Register ++ * File. ++ */ + + #define ARCH_CAP_XAPIC_DISABLE BIT(21) /* + * IA32_XAPIC_DISABLE_STATUS MSR +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index cd6ac89c..01ac18f5 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -480,6 +480,57 @@ static int __init mmio_stale_data_parse_cmdline(char *str) + } + early_param("mmio_stale_data", mmio_stale_data_parse_cmdline); + ++#undef pr_fmt ++#define pr_fmt(fmt) "Register File Data Sampling: " fmt ++ ++enum rfds_mitigations { ++ RFDS_MITIGATION_OFF, ++ RFDS_MITIGATION_VERW, ++ RFDS_MITIGATION_UCODE_NEEDED, ++}; ++ ++/* Default mitigation for Register File Data Sampling */ ++static enum rfds_mitigations rfds_mitigation __ro_after_init = ++ IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATION_OFF; ++ ++static const char * const rfds_strings[] = { ++ [RFDS_MITIGATION_OFF] = "Vulnerable", ++ [RFDS_MITIGATION_VERW] = "Mitigation: Clear Register File", ++ [RFDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", ++}; ++ ++static void __init rfds_select_mitigation(void) ++{ ++ if (!boot_cpu_has_bug(X86_BUG_RFDS) || cpu_mitigations_off()) { ++ rfds_mitigation = RFDS_MITIGATION_OFF; ++ return; ++ } ++ if (rfds_mitigation == RFDS_MITIGATION_OFF) ++ return; ++ ++ if (x86_read_arch_cap_msr() & ARCH_CAP_RFDS_CLEAR) ++ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); ++ else ++ rfds_mitigation = RFDS_MITIGATION_UCODE_NEEDED; ++} ++ ++static __init int rfds_parse_cmdline(char *str) ++{ ++ if (!str) ++ return -EINVAL; ++ ++ if (!boot_cpu_has_bug(X86_BUG_RFDS)) ++ return 0; ++ ++ if (!strcmp(str, "off")) ++ rfds_mitigation = RFDS_MITIGATION_OFF; ++ else if (!strcmp(str, "on")) ++ rfds_mitigation = RFDS_MITIGATION_VERW; ++ ++ return 0; ++} ++early_param("reg_file_data_sampling", rfds_parse_cmdline); ++ + #undef pr_fmt + #define pr_fmt(fmt) "" fmt + +@@ -513,6 +564,11 @@ static void __init md_clear_update_mitigation(void) + mmio_mitigation = MMIO_MITIGATION_VERW; + mmio_select_mitigation(); + } ++ if (rfds_mitigation == RFDS_MITIGATION_OFF && ++ boot_cpu_has_bug(X86_BUG_RFDS)) { ++ rfds_mitigation = RFDS_MITIGATION_VERW; ++ rfds_select_mitigation(); ++ } + out: + if (boot_cpu_has_bug(X86_BUG_MDS)) + pr_info("MDS: %s\n", mds_strings[mds_mitigation]); +@@ -522,6 +578,8 @@ static void __init md_clear_update_mitigation(void) + pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]); + else if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) + pr_info("MMIO Stale Data: Unknown: No mitigations\n"); ++ if (boot_cpu_has_bug(X86_BUG_RFDS)) ++ pr_info("Register File Data Sampling: %s\n", rfds_strings[rfds_mitigation]); + } + + static void __init md_clear_select_mitigation(void) +@@ -529,11 +587,12 @@ static void __init md_clear_select_mitigation(void) + mds_select_mitigation(); + taa_select_mitigation(); + mmio_select_mitigation(); ++ rfds_select_mitigation(); + + /* +- * As MDS, TAA and MMIO Stale Data mitigations are inter-related, update +- * and print their mitigation after MDS, TAA and MMIO Stale Data +- * mitigation selection is done. ++ * As these mitigations are inter-related and rely on VERW instruction ++ * to clear the microarchitural buffers, update and print their status ++ * after mitigation selection is done for each of these vulnerabilities. + */ + md_clear_update_mitigation(); + } +@@ -2622,6 +2681,11 @@ static ssize_t mmio_stale_data_show_state(char *buf) + sched_smt_active() ? "vulnerable" : "disabled"); + } + ++static ssize_t rfds_show_state(char *buf) ++{ ++ return sysfs_emit(buf, "%s\n", rfds_strings[rfds_mitigation]); ++} ++ + static char *stibp_state(void) + { + if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && +@@ -2781,6 +2845,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr + case X86_BUG_GDS: + return gds_show_state(buf); + ++ case X86_BUG_RFDS: ++ return rfds_show_state(buf); ++ + default: + break; + } +@@ -2855,4 +2922,9 @@ ssize_t cpu_show_gds(struct device *dev, struct device_attribute *attr, char *bu + { + return cpu_show_common(dev, attr, buf, X86_BUG_GDS); + } ++ ++ssize_t cpu_show_reg_file_data_sampling(struct device *dev, struct device_attribute *attr, char *buf) ++{ ++ return cpu_show_common(dev, attr, buf, X86_BUG_RFDS); ++} + #endif +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index fbc4e60d..40d8c110 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1267,6 +1267,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { + #define SRSO BIT(5) + /* CPU is affected by GDS */ + #define GDS BIT(6) ++/* CPU is affected by Register File Data Sampling */ ++#define RFDS BIT(7) + + static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { + VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS), +@@ -1294,9 +1296,18 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { + VULNBL_INTEL_STEPPINGS(TIGERLAKE, X86_STEPPING_ANY, GDS), + VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED), + VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED | GDS), +- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS), +- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO), +- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS), ++ VULNBL_INTEL_STEPPINGS(ALDERLAKE, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ALDERLAKE_L, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(RAPTORLAKE, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(RAPTORLAKE_P, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(RAPTORLAKE_S, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_GRACEMONT, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO | RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT_D, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT_PLUS, X86_STEPPING_ANY, RFDS), + + VULNBL_AMD(0x15, RETBLEED), + VULNBL_AMD(0x16, RETBLEED), +@@ -1330,6 +1341,24 @@ static bool arch_cap_mmio_immune(u64 ia32_cap) + ia32_cap & ARCH_CAP_SBDR_SSDP_NO); + } + ++static bool __init vulnerable_to_rfds(u64 ia32_cap) ++{ ++ /* The "immunity" bit trumps everything else: */ ++ if (ia32_cap & ARCH_CAP_RFDS_NO) ++ return false; ++ ++ /* ++ * VMMs set ARCH_CAP_RFDS_CLEAR for processors not in the blacklist to ++ * indicate that mitigation is needed because guest is running on a ++ * vulnerable hardware or may migrate to such hardware: ++ */ ++ if (ia32_cap & ARCH_CAP_RFDS_CLEAR) ++ return true; ++ ++ /* Only consult the blacklist when there is no enumeration: */ ++ return cpu_matches(cpu_vuln_blacklist, RFDS); ++} ++ + static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) + { + u64 ia32_cap = x86_read_arch_cap_msr(); +@@ -1441,6 +1470,9 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) + boot_cpu_has(X86_FEATURE_AVX)) + setup_force_cpu_bug(X86_BUG_GDS); + ++ if (vulnerable_to_rfds(ia32_cap)) ++ setup_force_cpu_bug(X86_BUG_RFDS); ++ + if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) + return; + +diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c +index 47de0f14..0b33e81f 100644 +--- a/drivers/base/cpu.c ++++ b/drivers/base/cpu.c +@@ -588,6 +588,7 @@ CPU_SHOW_VULN_FALLBACK(mmio_stale_data); + CPU_SHOW_VULN_FALLBACK(retbleed); + CPU_SHOW_VULN_FALLBACK(spec_rstack_overflow); + CPU_SHOW_VULN_FALLBACK(gds); ++CPU_SHOW_VULN_FALLBACK(reg_file_data_sampling); + + static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); + static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); +@@ -602,6 +603,7 @@ static DEVICE_ATTR(mmio_stale_data, 0444, cpu_show_mmio_stale_data, NULL); + static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL); + static DEVICE_ATTR(spec_rstack_overflow, 0444, cpu_show_spec_rstack_overflow, NULL); + static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL); ++static DEVICE_ATTR(reg_file_data_sampling, 0444, cpu_show_reg_file_data_sampling, NULL); + + static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_meltdown.attr, +@@ -617,6 +619,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_retbleed.attr, + &dev_attr_spec_rstack_overflow.attr, + &dev_attr_gather_data_sampling.attr, ++ &dev_attr_reg_file_data_sampling.attr, + NULL + }; + +diff --git a/include/linux/cpu.h b/include/linux/cpu.h +index dcb89c98..86547144 100644 +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -75,6 +75,8 @@ extern ssize_t cpu_show_spec_rstack_overflow(struct device *dev, + struct device_attribute *attr, char *buf); + extern ssize_t cpu_show_gds(struct device *dev, + struct device_attribute *attr, char *buf); ++extern ssize_t cpu_show_reg_file_data_sampling(struct device *dev, ++ struct device_attribute *attr, char *buf); + + extern __printf(4, 5) + struct device *cpu_device_create(struct device *parent, void *drvdata, +-- +2.44.0 + diff --git a/patches.kernel.org/6.8.1-004-KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch b/patches.kernel.org/6.8.1-004-KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch new file mode 100644 index 0000000..6fc757b --- /dev/null +++ b/patches.kernel.org/6.8.1-004-KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch @@ -0,0 +1,54 @@ +From: Pawan Gupta +Date: Mon, 11 Mar 2024 12:29:43 -0700 +Subject: [PATCH] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests +Patch-mainline: 6.8.1 +References: CVE-2023-28746 bsc#1012628 bsc#1213456 +Git-commit: 2a0180129d726a4b953232175857d442651b55a0 + +commit 2a0180129d726a4b953232175857d442651b55a0 upstream. + +Mitigation for RFDS requires RFDS_CLEAR capability which is enumerated +by MSR_IA32_ARCH_CAPABILITIES bit 27. If the host has it set, export it +to guests so that they can deploy the mitigation. + +RFDS_NO indicates that the system is not vulnerable to RFDS, export it +to guests so that they don't deploy the mitigation unnecessarily. When +the host is not affected by X86_BUG_RFDS, but has RFDS_NO=0, synthesize +RFDS_NO to the guest. + +Signed-off-by: Pawan Gupta +Signed-off-by: Dave Hansen +Reviewed-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + arch/x86/kvm/x86.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index e02cc710..ffe58016 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1623,7 +1623,8 @@ static bool kvm_is_immutable_feature_msr(u32 msr) + ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \ + ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \ + ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \ +- ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO) ++ ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO | \ ++ ARCH_CAP_RFDS_NO | ARCH_CAP_RFDS_CLEAR) + + static u64 kvm_get_arch_capabilities(void) + { +@@ -1655,6 +1656,8 @@ static u64 kvm_get_arch_capabilities(void) + data |= ARCH_CAP_SSB_NO; + if (!boot_cpu_has_bug(X86_BUG_MDS)) + data |= ARCH_CAP_MDS_NO; ++ if (!boot_cpu_has_bug(X86_BUG_RFDS)) ++ data |= ARCH_CAP_RFDS_NO; + + if (!boot_cpu_has(X86_FEATURE_RTM)) { + /* +-- +2.44.0 + diff --git a/patches.kernel.org/6.8.1-005-Linux-6.8.1.patch b/patches.kernel.org/6.8.1-005-Linux-6.8.1.patch new file mode 100644 index 0000000..ff9f798 --- /dev/null +++ b/patches.kernel.org/6.8.1-005-Linux-6.8.1.patch @@ -0,0 +1,35 @@ +From: Sasha Levin +Date: Wed, 13 Mar 2024 07:41:34 -0400 +Subject: [PATCH] Linux 6.8.1 +References: bsc#1012628 +Patch-mainline: 6.8.1 +Git-commit: 8a8b2a057ed9684704792b5d4b333616769002c2 + +Tested-by: Bagas Sanjaya +Tested-by: Luna Jernberg +Tested-by: Ron Economos +Tested-by: Linux Kernel Functional Testing +Tested-by: Florian Fainelli +Tested-by: Mark Brown +Signed-off-by: Sasha Levin +Signed-off-by: Jiri Slaby +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index c7ee53f4..95b320ad 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 6 + PATCHLEVEL = 8 +-SUBLEVEL = 0 ++SUBLEVEL = 1 + EXTRAVERSION = + NAME = Hurr durr I'ma ninja sloth + +-- +2.44.0 + diff --git a/patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch b/patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch deleted file mode 100644 index 743494a..0000000 --- a/patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch +++ /dev/null @@ -1,143 +0,0 @@ -From: Pawan Gupta -Date: Mon, 11 Mar 2024 12:29:43 -0700 -Subject: Documentation/hw-vuln: Add documentation for RFDS -Git-commit: 4e42765d1be01111df0c0275bbaf1db1acef346e -Patch-mainline: v6.9-rc1 -References: bsc#1213456 CVE-2023-28746 - -Add the documentation for transient execution vulnerability Register -File Data Sampling (RFDS) that affects Intel Atom CPUs. - -Signed-off-by: Pawan Gupta -Signed-off-by: Dave Hansen -Reviewed-by: Thomas Gleixner -Acked-by: Josh Poimboeuf -Signed-off-by: Jiri Slaby ---- - Documentation/admin-guide/hw-vuln/index.rst | 1 + - .../hw-vuln/reg-file-data-sampling.rst | 104 ++++++++++++++++++ - 2 files changed, 105 insertions(+) - create mode 100644 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst - -diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst -index de99caab..ff0b440e 100644 ---- a/Documentation/admin-guide/hw-vuln/index.rst -+++ b/Documentation/admin-guide/hw-vuln/index.rst -@@ -21,3 +21,4 @@ are configurable at compile, boot or run time. - cross-thread-rsb - srso - gather_data_sampling -+ reg-file-data-sampling -diff --git a/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst -new file mode 100644 -index 00000000..0585d02b ---- /dev/null -+++ b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst -@@ -0,0 +1,104 @@ -+================================== -+Register File Data Sampling (RFDS) -+================================== -+ -+Register File Data Sampling (RFDS) is a microarchitectural vulnerability that -+only affects Intel Atom parts(also branded as E-cores). RFDS may allow -+a malicious actor to infer data values previously used in floating point -+registers, vector registers, or integer registers. RFDS does not provide the -+ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS. -+ -+Affected Processors -+=================== -+Below is the list of affected Intel processors [#f1]_: -+ -+ =================== ============ -+ Common name Family_Model -+ =================== ============ -+ ATOM_GOLDMONT 06_5CH -+ ATOM_GOLDMONT_D 06_5FH -+ ATOM_GOLDMONT_PLUS 06_7AH -+ ATOM_TREMONT_D 06_86H -+ ATOM_TREMONT 06_96H -+ ALDERLAKE 06_97H -+ ALDERLAKE_L 06_9AH -+ ATOM_TREMONT_L 06_9CH -+ RAPTORLAKE 06_B7H -+ RAPTORLAKE_P 06_BAH -+ ATOM_GRACEMONT 06_BEH -+ RAPTORLAKE_S 06_BFH -+ =================== ============ -+ -+As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and -+RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as -+vulnerable in Linux because they share the same family/model with an affected -+part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or -+CPUID.HYBRID. This information could be used to distinguish between the -+affected and unaffected parts, but it is deemed not worth adding complexity as -+the reporting is fixed automatically when these parts enumerate RFDS_NO. -+ -+Mitigation -+========== -+Intel released a microcode update that enables software to clear sensitive -+information using the VERW instruction. Like MDS, RFDS deploys the same -+mitigation strategy to force the CPU to clear the affected buffers before an -+attacker can extract the secrets. This is achieved by using the otherwise -+unused and obsolete VERW instruction in combination with a microcode update. -+The microcode clears the affected CPU buffers when the VERW instruction is -+executed. -+ -+Mitigation points -+----------------- -+VERW is executed by the kernel before returning to user space, and by KVM -+before VMentry. None of the affected cores support SMT, so VERW is not required -+at C-state transitions. -+ -+New bits in IA32_ARCH_CAPABILITIES -+---------------------------------- -+Newer processors and microcode update on existing affected processors added new -+bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate -+vulnerability and mitigation capability: -+ -+- Bit 27 - RFDS_NO - When set, processor is not affected by RFDS. -+- Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the -+ microcode that clears the affected buffers on VERW execution. -+ -+Mitigation control on the kernel command line -+--------------------------------------------- -+The kernel command line allows to control RFDS mitigation at boot time with the -+parameter "reg_file_data_sampling=". The valid arguments are: -+ -+ ========== ================================================================= -+ on If the CPU is vulnerable, enable mitigation; CPU buffer clearing -+ on exit to userspace and before entering a VM. -+ off Disables mitigation. -+ ========== ================================================================= -+ -+Mitigation default is selected by CONFIG_MITIGATION_RFDS. -+ -+Mitigation status information -+----------------------------- -+The Linux kernel provides a sysfs interface to enumerate the current -+vulnerability status of the system: whether the system is vulnerable, and -+which mitigations are active. The relevant sysfs file is: -+ -+ /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling -+ -+The possible values in this file are: -+ -+ .. list-table:: -+ -+ * - 'Not affected' -+ - The processor is not vulnerable -+ * - 'Vulnerable' -+ - The processor is vulnerable, but no mitigation enabled -+ * - 'Vulnerable: No microcode' -+ - The processor is vulnerable but microcode is not updated. -+ * - 'Mitigation: Clear Register File' -+ - The processor is vulnerable and the CPU buffer clearing mitigation is -+ enabled. -+ -+References -+---------- -+.. [#f1] Affected Processors -+ https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html --- -2.44.0 - diff --git a/patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch b/patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch deleted file mode 100644 index 69bbf4b..0000000 --- a/patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Pawan Gupta -Date: Mon, 11 Mar 2024 12:29:43 -0700 -Subject: KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests -Git-commit: 2a0180129d726a4b953232175857d442651b55a0 -Patch-mainline: v6.9-rc1 -References: bsc#1213456 CVE-2023-28746 - -Mitigation for RFDS requires RFDS_CLEAR capability which is enumerated -by MSR_IA32_ARCH_CAPABILITIES bit 27. If the host has it set, export it -to guests so that they can deploy the mitigation. - -RFDS_NO indicates that the system is not vulnerable to RFDS, export it -to guests so that they don't deploy the mitigation unnecessarily. When -the host is not affected by X86_BUG_RFDS, but has RFDS_NO=0, synthesize -RFDS_NO to the guest. - -Signed-off-by: Pawan Gupta -Signed-off-by: Dave Hansen -Reviewed-by: Thomas Gleixner -Acked-by: Josh Poimboeuf -Signed-off-by: Jiri Slaby ---- - arch/x86/kvm/x86.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 48a61d28..68fdf3ba 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -1623,7 +1623,8 @@ static bool kvm_is_immutable_feature_msr(u32 msr) - ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \ - ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \ - ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \ -- ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO) -+ ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO | \ -+ ARCH_CAP_RFDS_NO | ARCH_CAP_RFDS_CLEAR) - - static u64 kvm_get_arch_capabilities(void) - { -@@ -1655,6 +1656,8 @@ static u64 kvm_get_arch_capabilities(void) - data |= ARCH_CAP_SSB_NO; - if (!boot_cpu_has_bug(X86_BUG_MDS)) - data |= ARCH_CAP_MDS_NO; -+ if (!boot_cpu_has_bug(X86_BUG_RFDS)) -+ data |= ARCH_CAP_RFDS_NO; - - if (!boot_cpu_has(X86_FEATURE_RTM)) { - /* --- -2.44.0 - diff --git a/patches.suse/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLE.patch b/patches.suse/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLE.patch deleted file mode 100644 index f1b5074..0000000 --- a/patches.suse/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLE.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Pawan Gupta -Date: Mon, 11 Mar 2024 12:29:43 -0700 -Subject: x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is - set -Git-commit: e95df4ec0c0c9791941f112db699fae794b9862a -Patch-mainline: v6.9-rc1 -References: bsc#1213456 CVE-2023-28746 - -Currently MMIO Stale Data mitigation for CPUs not affected by MDS/TAA is -to only deploy VERW at VMentry by enabling mmio_stale_data_clear static -branch. No mitigation is needed for kernel->user transitions. If such -CPUs are also affected by RFDS, its mitigation may set -X86_FEATURE_CLEAR_CPU_BUF to deploy VERW at kernel->user and VMentry. -This could result in duplicate VERW at VMentry. - -Fix this by disabling mmio_stale_data_clear static branch when -X86_FEATURE_CLEAR_CPU_BUF is enabled. - -Signed-off-by: Pawan Gupta -Signed-off-by: Dave Hansen -Reviewed-by: Dave Hansen -Signed-off-by: Jiri Slaby ---- - arch/x86/kernel/cpu/bugs.c | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c -index 48d049cd..cd6ac89c 100644 ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -422,6 +422,13 @@ static void __init mmio_select_mitigation(void) - if (boot_cpu_has_bug(X86_BUG_MDS) || (boot_cpu_has_bug(X86_BUG_TAA) && - boot_cpu_has(X86_FEATURE_RTM))) - setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); -+ -+ /* -+ * X86_FEATURE_CLEAR_CPU_BUF could be enabled by other VERW based -+ * mitigations, disable KVM-only mitigation in that case. -+ */ -+ if (boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF)) -+ static_branch_disable(&mmio_stale_data_clear); - else - static_branch_enable(&mmio_stale_data_clear); - -@@ -498,8 +505,11 @@ static void __init md_clear_update_mitigation(void) - taa_mitigation = TAA_MITIGATION_VERW; - taa_select_mitigation(); - } -- if (mmio_mitigation == MMIO_MITIGATION_OFF && -- boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { -+ /* -+ * MMIO_MITIGATION_OFF is not checked here so that mmio_stale_data_clear -+ * gets updated correctly as per X86_FEATURE_CLEAR_CPU_BUF state. -+ */ -+ if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { - mmio_mitigation = MMIO_MITIGATION_VERW; - mmio_select_mitigation(); - } --- -2.44.0 - diff --git a/patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch b/patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch deleted file mode 100644 index 45e9a70..0000000 --- a/patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch +++ /dev/null @@ -1,387 +0,0 @@ -From: Pawan Gupta -Date: Mon, 11 Mar 2024 12:29:43 -0700 -Subject: x86/rfds: Mitigate Register File Data Sampling (RFDS) -Git-commit: 8076fcde016c9c0e0660543e67bff86cb48a7c9c -Patch-mainline: v6.9-rc1 -References: bsc#1213456 CVE-2023-28746 - -RFDS is a CPU vulnerability that may allow userspace to infer kernel -stale data previously used in floating point registers, vector registers -and integer registers. RFDS only affects certain Intel Atom processors. - -Intel released a microcode update that uses VERW instruction to clear -the affected CPU buffers. Unlike MDS, none of the affected cores support -SMT. - -Add RFDS bug infrastructure and enable the VERW based mitigation by -default, that clears the affected buffers just before exiting to -userspace. Also add sysfs reporting and cmdline parameter -"reg_file_data_sampling" to control the mitigation. - -For details see: -Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst - -Signed-off-by: Pawan Gupta -Signed-off-by: Dave Hansen -Reviewed-by: Thomas Gleixner -Acked-by: Josh Poimboeuf -Signed-off-by: Jiri Slaby ---- - .../ABI/testing/sysfs-devices-system-cpu | 1 + - .../admin-guide/kernel-parameters.txt | 21 +++++ - arch/x86/Kconfig | 11 +++ - arch/x86/include/asm/cpufeatures.h | 1 + - arch/x86/include/asm/msr-index.h | 8 ++ - arch/x86/kernel/cpu/bugs.c | 78 ++++++++++++++++++- - arch/x86/kernel/cpu/common.c | 38 ++++++++- - drivers/base/cpu.c | 3 + - include/linux/cpu.h | 2 + - 9 files changed, 157 insertions(+), 6 deletions(-) - -diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu -index a1db6db4..710d47be 100644 ---- a/Documentation/ABI/testing/sysfs-devices-system-cpu -+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu -@@ -516,6 +516,7 @@ What: /sys/devices/system/cpu/vulnerabilities - /sys/devices/system/cpu/vulnerabilities/mds - /sys/devices/system/cpu/vulnerabilities/meltdown - /sys/devices/system/cpu/vulnerabilities/mmio_stale_data -+ /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling - /sys/devices/system/cpu/vulnerabilities/retbleed - /sys/devices/system/cpu/vulnerabilities/spec_store_bypass - /sys/devices/system/cpu/vulnerabilities/spectre_v1 -diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 31b3a256..73062d47 100644 ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -1150,6 +1150,26 @@ - The filter can be disabled or changed to another - driver later using sysfs. - -+ reg_file_data_sampling= -+ [X86] Controls mitigation for Register File Data -+ Sampling (RFDS) vulnerability. RFDS is a CPU -+ vulnerability which may allow userspace to infer -+ kernel data values previously stored in floating point -+ registers, vector registers, or integer registers. -+ RFDS only affects Intel Atom processors. -+ -+ on: Turns ON the mitigation. -+ off: Turns OFF the mitigation. -+ -+ This parameter overrides the compile time default set -+ by CONFIG_MITIGATION_RFDS. Mitigation cannot be -+ disabled when other VERW based mitigations (like MDS) -+ are enabled. In order to disable RFDS mitigation all -+ VERW based mitigations need to be disabled. -+ -+ For details see: -+ Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst -+ - driver_async_probe= [KNL] - List of driver names to be probed asynchronously. * - matches with all driver names. If * is specified, the -@@ -3398,6 +3418,7 @@ - nospectre_bhb [ARM64] - nospectre_v1 [X86,PPC] - nospectre_v2 [X86,PPC,S390,ARM64] -+ reg_file_data_sampling=off [X86] - retbleed=off [X86] - spec_store_bypass_disable=off [X86,PPC] - spectre_v2_user=off [X86] -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 5edec175..637e337c 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -2614,6 +2614,17 @@ config GDS_FORCE_MITIGATION - - If in doubt, say N. - -+config MITIGATION_RFDS -+ bool "RFDS Mitigation" -+ depends on CPU_SUP_INTEL -+ default y -+ help -+ Enable mitigation for Register File Data Sampling (RFDS) by default. -+ RFDS is a hardware vulnerability which affects Intel Atom CPUs. It -+ allows unprivileged speculative access to stale data previously -+ stored in floating point, vector and integer registers. -+ See also -+ - endif - - config ARCH_HAS_ADD_PAGES -diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h -index 2b62cdd8..8511aad5 100644 ---- a/arch/x86/include/asm/cpufeatures.h -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -503,4 +503,5 @@ - /* BUG word 2 */ - #define X86_BUG_SRSO X86_BUG(1*32 + 0) /* AMD SRSO bug */ - #define X86_BUG_DIV0 X86_BUG(1*32 + 1) /* AMD DIV0 speculation bug */ -+#define X86_BUG_RFDS X86_BUG(1*32 + 2) /* CPU is vulnerable to Register File Data Sampling */ - #endif /* _ASM_X86_CPUFEATURES_H */ -diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h -index f1bd7b91..d1b5edaf 100644 ---- a/arch/x86/include/asm/msr-index.h -+++ b/arch/x86/include/asm/msr-index.h -@@ -165,6 +165,14 @@ - * CPU is not vulnerable to Gather - * Data Sampling (GDS). - */ -+#define ARCH_CAP_RFDS_NO BIT(27) /* -+ * Not susceptible to Register -+ * File Data Sampling. -+ */ -+#define ARCH_CAP_RFDS_CLEAR BIT(28) /* -+ * VERW clears CPU Register -+ * File. -+ */ - - #define ARCH_CAP_XAPIC_DISABLE BIT(21) /* - * IA32_XAPIC_DISABLE_STATUS MSR -diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c -index cd6ac89c..01ac18f5 100644 ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -480,6 +480,57 @@ static int __init mmio_stale_data_parse_cmdline(char *str) - } - early_param("mmio_stale_data", mmio_stale_data_parse_cmdline); - -+#undef pr_fmt -+#define pr_fmt(fmt) "Register File Data Sampling: " fmt -+ -+enum rfds_mitigations { -+ RFDS_MITIGATION_OFF, -+ RFDS_MITIGATION_VERW, -+ RFDS_MITIGATION_UCODE_NEEDED, -+}; -+ -+/* Default mitigation for Register File Data Sampling */ -+static enum rfds_mitigations rfds_mitigation __ro_after_init = -+ IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATION_OFF; -+ -+static const char * const rfds_strings[] = { -+ [RFDS_MITIGATION_OFF] = "Vulnerable", -+ [RFDS_MITIGATION_VERW] = "Mitigation: Clear Register File", -+ [RFDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", -+}; -+ -+static void __init rfds_select_mitigation(void) -+{ -+ if (!boot_cpu_has_bug(X86_BUG_RFDS) || cpu_mitigations_off()) { -+ rfds_mitigation = RFDS_MITIGATION_OFF; -+ return; -+ } -+ if (rfds_mitigation == RFDS_MITIGATION_OFF) -+ return; -+ -+ if (x86_read_arch_cap_msr() & ARCH_CAP_RFDS_CLEAR) -+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); -+ else -+ rfds_mitigation = RFDS_MITIGATION_UCODE_NEEDED; -+} -+ -+static __init int rfds_parse_cmdline(char *str) -+{ -+ if (!str) -+ return -EINVAL; -+ -+ if (!boot_cpu_has_bug(X86_BUG_RFDS)) -+ return 0; -+ -+ if (!strcmp(str, "off")) -+ rfds_mitigation = RFDS_MITIGATION_OFF; -+ else if (!strcmp(str, "on")) -+ rfds_mitigation = RFDS_MITIGATION_VERW; -+ -+ return 0; -+} -+early_param("reg_file_data_sampling", rfds_parse_cmdline); -+ - #undef pr_fmt - #define pr_fmt(fmt) "" fmt - -@@ -513,6 +564,11 @@ static void __init md_clear_update_mitigation(void) - mmio_mitigation = MMIO_MITIGATION_VERW; - mmio_select_mitigation(); - } -+ if (rfds_mitigation == RFDS_MITIGATION_OFF && -+ boot_cpu_has_bug(X86_BUG_RFDS)) { -+ rfds_mitigation = RFDS_MITIGATION_VERW; -+ rfds_select_mitigation(); -+ } - out: - if (boot_cpu_has_bug(X86_BUG_MDS)) - pr_info("MDS: %s\n", mds_strings[mds_mitigation]); -@@ -522,6 +578,8 @@ static void __init md_clear_update_mitigation(void) - pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]); - else if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) - pr_info("MMIO Stale Data: Unknown: No mitigations\n"); -+ if (boot_cpu_has_bug(X86_BUG_RFDS)) -+ pr_info("Register File Data Sampling: %s\n", rfds_strings[rfds_mitigation]); - } - - static void __init md_clear_select_mitigation(void) -@@ -529,11 +587,12 @@ static void __init md_clear_select_mitigation(void) - mds_select_mitigation(); - taa_select_mitigation(); - mmio_select_mitigation(); -+ rfds_select_mitigation(); - - /* -- * As MDS, TAA and MMIO Stale Data mitigations are inter-related, update -- * and print their mitigation after MDS, TAA and MMIO Stale Data -- * mitigation selection is done. -+ * As these mitigations are inter-related and rely on VERW instruction -+ * to clear the microarchitural buffers, update and print their status -+ * after mitigation selection is done for each of these vulnerabilities. - */ - md_clear_update_mitigation(); - } -@@ -2622,6 +2681,11 @@ static ssize_t mmio_stale_data_show_state(char *buf) - sched_smt_active() ? "vulnerable" : "disabled"); - } - -+static ssize_t rfds_show_state(char *buf) -+{ -+ return sysfs_emit(buf, "%s\n", rfds_strings[rfds_mitigation]); -+} -+ - static char *stibp_state(void) - { - if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && -@@ -2781,6 +2845,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr - case X86_BUG_GDS: - return gds_show_state(buf); - -+ case X86_BUG_RFDS: -+ return rfds_show_state(buf); -+ - default: - break; - } -@@ -2855,4 +2922,9 @@ ssize_t cpu_show_gds(struct device *dev, struct device_attribute *attr, char *bu - { - return cpu_show_common(dev, attr, buf, X86_BUG_GDS); - } -+ -+ssize_t cpu_show_reg_file_data_sampling(struct device *dev, struct device_attribute *attr, char *buf) -+{ -+ return cpu_show_common(dev, attr, buf, X86_BUG_RFDS); -+} - #endif -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index fbc4e60d..40d8c110 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -1267,6 +1267,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { - #define SRSO BIT(5) - /* CPU is affected by GDS */ - #define GDS BIT(6) -+/* CPU is affected by Register File Data Sampling */ -+#define RFDS BIT(7) - - static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { - VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS), -@@ -1294,9 +1296,18 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { - VULNBL_INTEL_STEPPINGS(TIGERLAKE, X86_STEPPING_ANY, GDS), - VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED), - VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED | GDS), -- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS), -- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO), -- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS), -+ VULNBL_INTEL_STEPPINGS(ALDERLAKE, X86_STEPPING_ANY, RFDS), -+ VULNBL_INTEL_STEPPINGS(ALDERLAKE_L, X86_STEPPING_ANY, RFDS), -+ VULNBL_INTEL_STEPPINGS(RAPTORLAKE, X86_STEPPING_ANY, RFDS), -+ VULNBL_INTEL_STEPPINGS(RAPTORLAKE_P, X86_STEPPING_ANY, RFDS), -+ VULNBL_INTEL_STEPPINGS(RAPTORLAKE_S, X86_STEPPING_ANY, RFDS), -+ VULNBL_INTEL_STEPPINGS(ATOM_GRACEMONT, X86_STEPPING_ANY, RFDS), -+ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RFDS), -+ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO | RFDS), -+ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RFDS), -+ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT, X86_STEPPING_ANY, RFDS), -+ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT_D, X86_STEPPING_ANY, RFDS), -+ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT_PLUS, X86_STEPPING_ANY, RFDS), - - VULNBL_AMD(0x15, RETBLEED), - VULNBL_AMD(0x16, RETBLEED), -@@ -1330,6 +1341,24 @@ static bool arch_cap_mmio_immune(u64 ia32_cap) - ia32_cap & ARCH_CAP_SBDR_SSDP_NO); - } - -+static bool __init vulnerable_to_rfds(u64 ia32_cap) -+{ -+ /* The "immunity" bit trumps everything else: */ -+ if (ia32_cap & ARCH_CAP_RFDS_NO) -+ return false; -+ -+ /* -+ * VMMs set ARCH_CAP_RFDS_CLEAR for processors not in the blacklist to -+ * indicate that mitigation is needed because guest is running on a -+ * vulnerable hardware or may migrate to such hardware: -+ */ -+ if (ia32_cap & ARCH_CAP_RFDS_CLEAR) -+ return true; -+ -+ /* Only consult the blacklist when there is no enumeration: */ -+ return cpu_matches(cpu_vuln_blacklist, RFDS); -+} -+ - static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) - { - u64 ia32_cap = x86_read_arch_cap_msr(); -@@ -1441,6 +1470,9 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) - boot_cpu_has(X86_FEATURE_AVX)) - setup_force_cpu_bug(X86_BUG_GDS); - -+ if (vulnerable_to_rfds(ia32_cap)) -+ setup_force_cpu_bug(X86_BUG_RFDS); -+ - if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) - return; - -diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c -index 47de0f14..0b33e81f 100644 ---- a/drivers/base/cpu.c -+++ b/drivers/base/cpu.c -@@ -588,6 +588,7 @@ CPU_SHOW_VULN_FALLBACK(mmio_stale_data); - CPU_SHOW_VULN_FALLBACK(retbleed); - CPU_SHOW_VULN_FALLBACK(spec_rstack_overflow); - CPU_SHOW_VULN_FALLBACK(gds); -+CPU_SHOW_VULN_FALLBACK(reg_file_data_sampling); - - static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); - static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); -@@ -602,6 +603,7 @@ static DEVICE_ATTR(mmio_stale_data, 0444, cpu_show_mmio_stale_data, NULL); - static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL); - static DEVICE_ATTR(spec_rstack_overflow, 0444, cpu_show_spec_rstack_overflow, NULL); - static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL); -+static DEVICE_ATTR(reg_file_data_sampling, 0444, cpu_show_reg_file_data_sampling, NULL); - - static struct attribute *cpu_root_vulnerabilities_attrs[] = { - &dev_attr_meltdown.attr, -@@ -617,6 +619,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { - &dev_attr_retbleed.attr, - &dev_attr_spec_rstack_overflow.attr, - &dev_attr_gather_data_sampling.attr, -+ &dev_attr_reg_file_data_sampling.attr, - NULL - }; - -diff --git a/include/linux/cpu.h b/include/linux/cpu.h -index dcb89c98..86547144 100644 ---- a/include/linux/cpu.h -+++ b/include/linux/cpu.h -@@ -75,6 +75,8 @@ extern ssize_t cpu_show_spec_rstack_overflow(struct device *dev, - struct device_attribute *attr, char *buf); - extern ssize_t cpu_show_gds(struct device *dev, - struct device_attribute *attr, char *buf); -+extern ssize_t cpu_show_reg_file_data_sampling(struct device *dev, -+ struct device_attribute *attr, char *buf); - - extern __printf(4, 5) - struct device *cpu_device_create(struct device *parent, void *drvdata, --- -2.44.0 - diff --git a/series.conf b/series.conf index 4e2d887..a6914fd 100644 --- a/series.conf +++ b/series.conf @@ -27,6 +27,11 @@ # DO NOT MODIFY THEM! # Send separate patches upstream if you find a problem... ######################################################## + patches.kernel.org/6.8.1-001-x86-mmio-Disable-KVM-mitigation-when-X86_FEATUR.patch + patches.kernel.org/6.8.1-002-Documentation-hw-vuln-Add-documentation-for-RFD.patch + patches.kernel.org/6.8.1-003-x86-rfds-Mitigate-Register-File-Data-Sampling-R.patch + patches.kernel.org/6.8.1-004-KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch + patches.kernel.org/6.8.1-005-Linux-6.8.1.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -54,10 +59,6 @@ ######################################################## # sorted patches ######################################################## - patches.suse/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLE.patch - patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch - patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch - patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch patches.suse/btrfs-fix-race-when-detecting-delalloc-ranges-during.patch patches.suse/wifi-brcmfmac-Fix-use-after-free-bug-in-brcmf_cfg802.patch patches.suse/net-phy-realtek-add-support-for-RTL8126A-integrated-.patch