kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   5da3dcaeccd99d29f61d6b3d8acb1a8b74592df0
  2.   patches.suse
  3.   x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch
Blob History Raw
Borislav Petkov d537ae 
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Borislav Petkov d537ae 
Date: Thu, 19 May 2022 20:33:13 -0700
Borislav Petkov d537ae 
Subject: x86/speculation/srbds: Update SRBDS mitigation selection
Borislav Petkov d537ae 
Git-commit: 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19
Borislav Petkov d537ae 
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git
Borislav Petkov d537ae 
Patch-mainline: Queued in tip for v5.19
Borislav Petkov d537ae 
References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180
Borislav Petkov d537ae
Borislav Petkov d537ae 
Currently, Linux disables SRBDS mitigation on CPUs not affected by
Borislav Petkov d537ae 
MDS and have the TSX feature disabled. On such CPUs, secrets cannot
Borislav Petkov d537ae 
be extracted from CPU fill buffers using MDS or TAA. Without SRBDS
Borislav Petkov d537ae 
mitigation, Processor MMIO Stale Data vulnerabilities can be used to
Borislav Petkov d537ae 
extract RDRAND, RDSEED, and EGETKEY data.
Borislav Petkov d537ae
Borislav Petkov d537ae 
Do not disable SRBDS mitigation by default when CPU is also affected by
Borislav Petkov d537ae 
Processor MMIO Stale Data vulnerabilities.
Borislav Petkov d537ae
Borislav Petkov d537ae 
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Borislav Petkov d537ae 
Signed-off-by: Borislav Petkov <bp@suse.de>
Borislav Petkov d537ae 
---
Borislav Petkov d537ae 
 arch/x86/kernel/cpu/bugs.c | 8 +++++---
Borislav Petkov d537ae 
 1 file changed, 5 insertions(+), 3 deletions(-)
Borislav Petkov d537ae
Borislav Petkov d537ae 
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
Borislav Petkov d537ae 
index 38853077ca58..ef4749097f42 100644
Borislav Petkov d537ae 
--- a/arch/x86/kernel/cpu/bugs.c
Borislav Petkov d537ae 
+++ b/arch/x86/kernel/cpu/bugs.c
Borislav Petkov d537ae 
@@ -595,11 +595,13 @@ static void __init srbds_select_mitigation(void)
Borislav Petkov d537ae 
 		return;
Borislav Petkov d537ae
Borislav Petkov d537ae 
 	/*
Borislav Petkov d537ae 
-	 * Check to see if this is one of the MDS_NO systems supporting
Borislav Petkov d537ae 
-	 * TSX that are only exposed to SRBDS when TSX is enabled.
Borislav Petkov d537ae 
+	 * Check to see if this is one of the MDS_NO systems supporting TSX that
Borislav Petkov d537ae 
+	 * are only exposed to SRBDS when TSX is enabled or when CPU is affected
Borislav Petkov d537ae 
+	 * by Processor MMIO Stale Data vulnerability.
Borislav Petkov d537ae 
 	 */
Borislav Petkov d537ae 
 	ia32_cap = x86_read_arch_cap_msr();
Borislav Petkov d537ae 
-	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM))
Borislav Petkov d537ae 
+	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM) &&
Borislav Petkov d537ae 
+	    !boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA))
Borislav Petkov d537ae 
 		srbds_mitigation = SRBDS_MITIGATION_TSX_OFF;
Borislav Petkov d537ae 
 	else if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
Borislav Petkov d537ae 
 		srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR;
Borislav Petkov d537ae
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.