kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   009ad22ebdaea2d14f8ecd95672dbc2517d28126
  2.   patches.suse
  3.   x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch
Blob History Raw
Borislav Petkov 872339 
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Borislav Petkov 872339 
Date: Thu, 19 May 2022 20:33:13 -0700
Borislav Petkov 872339 
Subject: x86/speculation/srbds: Update SRBDS mitigation selection
Borislav Petkov 872339 
Git-commit: 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19
Borislav Petkov 872339 
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git
Borislav Petkov 872339 
Patch-mainline: Queued in tip for v5.19
Borislav Petkov 872339 
References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180
Borislav Petkov 872339
Borislav Petkov 872339 
Currently, Linux disables SRBDS mitigation on CPUs not affected by
Borislav Petkov 872339 
MDS and have the TSX feature disabled. On such CPUs, secrets cannot
Borislav Petkov 872339 
be extracted from CPU fill buffers using MDS or TAA. Without SRBDS
Borislav Petkov 872339 
mitigation, Processor MMIO Stale Data vulnerabilities can be used to
Borislav Petkov 872339 
extract RDRAND, RDSEED, and EGETKEY data.
Borislav Petkov 872339
Borislav Petkov 872339 
Do not disable SRBDS mitigation by default when CPU is also affected by
Borislav Petkov 872339 
Processor MMIO Stale Data vulnerabilities.
Borislav Petkov 872339
Borislav Petkov 872339 
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Borislav Petkov 872339 
Signed-off-by: Borislav Petkov <bp@suse.de>
Borislav Petkov 872339 
---
Borislav Petkov 872339 
 arch/x86/kernel/cpu/bugs.c | 8 +++++---
Borislav Petkov 872339 
 1 file changed, 5 insertions(+), 3 deletions(-)
Borislav Petkov 872339
Borislav Petkov 872339 
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
Borislav Petkov 872339 
index 38853077ca58..ef4749097f42 100644
Borislav Petkov 872339 
--- a/arch/x86/kernel/cpu/bugs.c
Borislav Petkov 872339 
+++ b/arch/x86/kernel/cpu/bugs.c
Borislav Petkov 872339 
@@ -595,11 +595,13 @@ static void __init srbds_select_mitigation(void)
Borislav Petkov 872339 
 		return;
Borislav Petkov 872339
Borislav Petkov 872339 
 	/*
Borislav Petkov 872339 
-	 * Check to see if this is one of the MDS_NO systems supporting
Borislav Petkov 872339 
-	 * TSX that are only exposed to SRBDS when TSX is enabled.
Borislav Petkov 872339 
+	 * Check to see if this is one of the MDS_NO systems supporting TSX that
Borislav Petkov 872339 
+	 * are only exposed to SRBDS when TSX is enabled or when CPU is affected
Borislav Petkov 872339 
+	 * by Processor MMIO Stale Data vulnerability.
Borislav Petkov 872339 
 	 */
Borislav Petkov 872339 
 	ia32_cap = x86_read_arch_cap_msr();
Borislav Petkov 872339 
-	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM))
Borislav Petkov 872339 
+	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM) &&
Borislav Petkov 872339 
+	    !boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA))
Borislav Petkov 872339 
 		srbds_mitigation = SRBDS_MITIGATION_TSX_OFF;
Borislav Petkov 872339 
 	else if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
Borislav Petkov 872339 
 		srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR;
Borislav Petkov 872339
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.