From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>

Date: Thu, 19 May 2022 20:34:14 -0700

Subject: x86/speculation/mmio: Reuse SRBDS mitigation for SBDS

Git-commit: a992b8a4682f119ae035a01b40d4d0665c4a2875

Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git

Patch-mainline: Queued in tip for v5.19

References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180

The Shared Buffers Data Sampling (SBDS) variant of Processor MMIO Stale

Data vulnerabilities may expose RDRAND, RDSEED and SGX EGETKEY data.

Mitigation for this is added by a microcode update.

As some of the implications of SBDS are similar to SRBDS, SRBDS mitigation

infrastructure can be leveraged by SBDS. Set X86_BUG_SRBDS and use SRBDS

mitigation.

Mitigation is enabled by default; use srbds=off to opt-out. Mitigation

status can be checked from below file:

  /sys/devices/system/cpu/vulnerabilities/srbds

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>

Signed-off-by: Borislav Petkov <bp@suse.de>

---

 arch/x86/kernel/cpu/common.c |   10 ++++++++--

 1 file changed, 8 insertions(+), 2 deletions(-)

--- a/arch/x86/kernel/cpu/common.c

+++ b/arch/x86/kernel/cpu/common.c

@@ -1005,6 +1005,8 @@ static const __initconst struct x86_cpu_

 #define SRBDS		BIT(0)

 /* CPU is affected by X86_BUG_MMIO_STALE_DATA */

 #define MMIO		BIT(1)

+/* CPU is affected by Shared Buffers Data Sampling (SBDS), a variant of X86_BUG_MMIO_STALE_DATA */

+#define MMIO_SBDS	BIT(2)

 static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {

 	VULNBL_INTEL_STEPPINGS(IVYBRIDGE,	X86_STEPPING_ANY,		SRBDS),

@@ -1026,7 +1028,7 @@ static const struct x86_cpu_id cpu_vuln_

 	VULNBL_INTEL_STEPPINGS(KABYLAKE_L,	X86_STEPPINGS(0x0, 0x8),	SRBDS),

 	VULNBL_INTEL_STEPPINGS(KABYLAKE,	X86_STEPPINGS(0x9, 0xD),	SRBDS | MMIO),

 	VULNBL_INTEL_STEPPINGS(KABYLAKE,	X86_STEPPINGS(0x0, 0x8),	SRBDS),

-	VULNBL_INTEL_STEPPINGS(ICELAKE_L,	X86_STEPPINGS(0x5, 0x5),	MMIO),

+	VULNBL_INTEL_STEPPINGS(ICELAKE_L,	X86_STEPPINGS(0x5, 0x5),	MMIO | MMIO_SBDS),

 	VULNBL_INTEL_STEPPINGS(ICELAKE_XEON_D,	X86_STEPPINGS(0x1, 0x1),	MMIO),

 	VULNBL_INTEL_STEPPINGS(ICELAKE_X,	X86_STEPPINGS(0x4, 0x6),	MMIO),

 	VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D,	X86_STEPPING_ANY,		MMIO),

@@ -1108,10 +1110,14 @@ static void __init cpu_set_bug_bits(stru

 	/*

 	 * SRBDS affects CPUs which support RDRAND or RDSEED and are listed

 	 * in the vulnerability blacklist.

+	 *

+	 * Some of the implications and mitigation of Shared Buffers Data

+	 * Sampling (SBDS) are similar to SRBDS. Give SBDS same treatment as

+	 * SRBDS.

 	 */

 	if ((cpu_has(c, X86_FEATURE_RDRAND) ||

 	     cpu_has(c, X86_FEATURE_RDSEED)) &&

-	    cpu_matches(cpu_vuln_blacklist, SRBDS))

+	    cpu_matches(cpu_vuln_blacklist, SRBDS | MMIO_SBDS))

 		    setup_force_cpu_bug(X86_BUG_SRBDS);

 	/*