From 6ecedbaf3f65a6aa9463acd653639f8e7dbaa89f Mon Sep 17 00:00:00 2001 From: Oscar Salvador Date: Mar 15 2024 09:32:30 +0000 Subject: Merge remote-tracking branch 'origin/users/nborisov/SLE15-SP6/for-next' into SLE15-SP6 Pull x86 fixes --- diff --git a/config/x86_64/default b/config/x86_64/default index a4fc955..6ea9c6d 100644 --- a/config/x86_64/default +++ b/config/x86_64/default @@ -569,6 +569,7 @@ CONFIG_CPU_IBRS_ENTRY=y CONFIG_CPU_SRSO=y CONFIG_SLS=y # CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_MITIGATION_RFDS=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y diff --git a/patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch b/patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch new file mode 100644 index 0000000..aaf114e --- /dev/null +++ b/patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch @@ -0,0 +1,134 @@ +From: Pawan Gupta +Date: Mon, 11 Mar 2024 12:29:43 -0700 +Subject: Documentation/hw-vuln: Add documentation for RFDS +Git-commit: 4e42765d1be01111df0c0275bbaf1db1acef346e +Patch-mainline: v6.9-rc1 +References: bsc#1213456 CVE-2023-28746 + +Add the documentation for transient execution vulnerability Register +File Data Sampling (RFDS) that affects Intel Atom CPUs. + +Signed-off-by: Pawan Gupta +Signed-off-by: Dave Hansen +Reviewed-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Acked-by: Nikolay Borisov +--- + Documentation/admin-guide/hw-vuln/index.rst | 1 + Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 +++++++++++ + 2 files changed, 105 insertions(+) + +--- a/Documentation/admin-guide/hw-vuln/index.rst ++++ b/Documentation/admin-guide/hw-vuln/index.rst +@@ -20,3 +20,4 @@ are configurable at compile, boot or run + processor_mmio_stale_data.rst + cross-thread-rsb.rst + gather_data_sampling.rst ++ reg-file-data-sampling +--- /dev/null ++++ b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst +@@ -0,0 +1,104 @@ ++================================== ++Register File Data Sampling (RFDS) ++================================== ++ ++Register File Data Sampling (RFDS) is a microarchitectural vulnerability that ++only affects Intel Atom parts(also branded as E-cores). RFDS may allow ++a malicious actor to infer data values previously used in floating point ++registers, vector registers, or integer registers. RFDS does not provide the ++ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS. ++ ++Affected Processors ++=================== ++Below is the list of affected Intel processors [#f1]_: ++ ++ =================== ============ ++ Common name Family_Model ++ =================== ============ ++ ATOM_GOLDMONT 06_5CH ++ ATOM_GOLDMONT_D 06_5FH ++ ATOM_GOLDMONT_PLUS 06_7AH ++ ATOM_TREMONT_D 06_86H ++ ATOM_TREMONT 06_96H ++ ALDERLAKE 06_97H ++ ALDERLAKE_L 06_9AH ++ ATOM_TREMONT_L 06_9CH ++ RAPTORLAKE 06_B7H ++ RAPTORLAKE_P 06_BAH ++ ATOM_GRACEMONT 06_BEH ++ RAPTORLAKE_S 06_BFH ++ =================== ============ ++ ++As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and ++RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as ++vulnerable in Linux because they share the same family/model with an affected ++part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or ++CPUID.HYBRID. This information could be used to distinguish between the ++affected and unaffected parts, but it is deemed not worth adding complexity as ++the reporting is fixed automatically when these parts enumerate RFDS_NO. ++ ++Mitigation ++========== ++Intel released a microcode update that enables software to clear sensitive ++information using the VERW instruction. Like MDS, RFDS deploys the same ++mitigation strategy to force the CPU to clear the affected buffers before an ++attacker can extract the secrets. This is achieved by using the otherwise ++unused and obsolete VERW instruction in combination with a microcode update. ++The microcode clears the affected CPU buffers when the VERW instruction is ++executed. ++ ++Mitigation points ++----------------- ++VERW is executed by the kernel before returning to user space, and by KVM ++before VMentry. None of the affected cores support SMT, so VERW is not required ++at C-state transitions. ++ ++New bits in IA32_ARCH_CAPABILITIES ++---------------------------------- ++Newer processors and microcode update on existing affected processors added new ++bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate ++vulnerability and mitigation capability: ++ ++- Bit 27 - RFDS_NO - When set, processor is not affected by RFDS. ++- Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the ++ microcode that clears the affected buffers on VERW execution. ++ ++Mitigation control on the kernel command line ++--------------------------------------------- ++The kernel command line allows to control RFDS mitigation at boot time with the ++parameter "reg_file_data_sampling=". The valid arguments are: ++ ++ ========== ================================================================= ++ on If the CPU is vulnerable, enable mitigation; CPU buffer clearing ++ on exit to userspace and before entering a VM. ++ off Disables mitigation. ++ ========== ================================================================= ++ ++Mitigation default is selected by CONFIG_MITIGATION_RFDS. ++ ++Mitigation status information ++----------------------------- ++The Linux kernel provides a sysfs interface to enumerate the current ++vulnerability status of the system: whether the system is vulnerable, and ++which mitigations are active. The relevant sysfs file is: ++ ++ /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling ++ ++The possible values in this file are: ++ ++ .. list-table:: ++ ++ * - 'Not affected' ++ - The processor is not vulnerable ++ * - 'Vulnerable' ++ - The processor is vulnerable, but no mitigation enabled ++ * - 'Vulnerable: No microcode' ++ - The processor is vulnerable but microcode is not updated. ++ * - 'Mitigation: Clear Register File' ++ - The processor is vulnerable and the CPU buffer clearing mitigation is ++ enabled. ++ ++References ++---------- ++.. [#f1] Affected Processors ++ https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html diff --git a/patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch b/patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch new file mode 100644 index 0000000..f9663dd --- /dev/null +++ b/patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch @@ -0,0 +1,49 @@ +From: Pawan Gupta +Date: Mon, 11 Mar 2024 12:29:43 -0700 +Subject: KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests +Git-commit: 2a0180129d726a4b953232175857d442651b55a0 +Patch-mainline: v6.9-rc1 +References: bsc#1213456 CVE-2023-28746 + +Mitigation for RFDS requires RFDS_CLEAR capability which is enumerated +by MSR_IA32_ARCH_CAPABILITIES bit 27. If the host has it set, export it +to guests so that they can deploy the mitigation. + +RFDS_NO indicates that the system is not vulnerable to RFDS, export it +to guests so that they don't deploy the mitigation unnecessarily. When +the host is not affected by X86_BUG_RFDS, but has RFDS_NO=0, synthesize +RFDS_NO to the guest. + +Signed-off-by: Pawan Gupta +Signed-off-by: Dave Hansen +Reviewed-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Acked-by: Nikolay Borisov +--- + arch/x86/kvm/x86.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 48a61d283406..68fdf3ba031a 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1623,7 +1623,8 @@ static bool kvm_is_immutable_feature_msr(u32 msr) + ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \ + ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \ + ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \ +- ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO) ++ ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO | \ ++ ARCH_CAP_RFDS_NO | ARCH_CAP_RFDS_CLEAR) + + static u64 kvm_get_arch_capabilities(void) + { +@@ -1655,6 +1656,8 @@ static u64 kvm_get_arch_capabilities(void) + data |= ARCH_CAP_SSB_NO; + if (!boot_cpu_has_bug(X86_BUG_MDS)) + data |= ARCH_CAP_MDS_NO; ++ if (!boot_cpu_has_bug(X86_BUG_RFDS)) ++ data |= ARCH_CAP_RFDS_NO; + + if (!boot_cpu_has(X86_FEATURE_RTM)) { + /* + diff --git a/patches.suse/RAS-AMD-FMPM-Add-debugfs-interface-to-print-record-entries.patch b/patches.suse/RAS-AMD-FMPM-Add-debugfs-interface-to-print-record-entries.patch new file mode 100644 index 0000000..d284ae0 --- /dev/null +++ b/patches.suse/RAS-AMD-FMPM-Add-debugfs-interface-to-print-record-entries.patch @@ -0,0 +1,209 @@ +From: Yazen Ghannam +Date: Fri, 1 Mar 2024 08:37:48 -0600 +Subject: RAS/AMD/FMPM: Add debugfs interface to print record entries +Git-commit: 7d19eea51757ad72faf4b0493e5bde85ca62012e +Patch-mainline: v6.9-rc1 +References: jsc#PED-7619 + +It is helpful to see the saved record entries during run time in +human-readable format. This is useful for testing during module +development. It can also be used by system admins to quickly and easily +see the state of the system. + +Provide a sequential file in debugfs to print fields of interest from +the FRU records and their entries. + +Don't fail to load the module if the debugfs interface is not available. +This is a convenience feature which does not affect other module +functionality. + +The new interface reads the record entries and should hold the mutex. +Expand the mutex code comment to clarify when it should be held. + +Signed-off-by: Yazen Ghannam +Signed-off-by: Borislav Petkov (AMD) +Link: https://lore.kernel.org/r/20240301143748.854090-4-yazen.ghannam@amd.com + +Acked-by: Nikolay Borisov +--- + drivers/ras/amd/fmpm.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 131 insertions(+) + +diff --git a/drivers/ras/amd/fmpm.c b/drivers/ras/amd/fmpm.c +index 8c3188488673..0963c9e7b853 100644 +--- a/drivers/ras/amd/fmpm.c ++++ b/drivers/ras/amd/fmpm.c +@@ -54,6 +54,8 @@ + #include + #include + ++#include "../debugfs.h" ++ + #define INVALID_CPU UINT_MAX + + /* Validation Bits */ +@@ -116,6 +118,9 @@ static u64 *spa_entries; + + #define INVALID_SPA ~0ULL + ++static struct dentry *fmpm_dfs_dir; ++static struct dentry *fmpm_dfs_entries; ++ + #define CPER_CREATOR_FMP \ + GUID_INIT(0xcd5c2993, 0xf4b2, 0x41b2, 0xb5, 0xd4, 0xf9, 0xc3, \ + 0xa0, 0x33, 0x08, 0x75) +@@ -152,6 +157,11 @@ static unsigned int spa_nr_entries; + * Protect the local records cache in fru_records and prevent concurrent + * writes to storage. This is only needed after init once notifier block + * registration is done. ++ * ++ * The majority of a record is fixed at module init and will not change ++ * during run time. The entries within a record will be updated as new ++ * errors are reported. The mutex should be held whenever the entries are ++ * accessed during run time. + */ + static DEFINE_MUTEX(fmpm_update_mutex); + +@@ -815,6 +825,124 @@ static int allocate_records(void) + return ret; + } + ++static void *fmpm_start(struct seq_file *f, loff_t *pos) ++{ ++ if (*pos >= (spa_nr_entries + 1)) ++ return NULL; ++ return pos; ++} ++ ++static void *fmpm_next(struct seq_file *f, void *data, loff_t *pos) ++{ ++ if (++(*pos) >= (spa_nr_entries + 1)) ++ return NULL; ++ return pos; ++} ++ ++static void fmpm_stop(struct seq_file *f, void *data) ++{ ++} ++ ++#define SHORT_WIDTH 8 ++#define U64_WIDTH 18 ++#define TIMESTAMP_WIDTH 19 ++#define LONG_WIDTH 24 ++#define U64_PAD (LONG_WIDTH - U64_WIDTH) ++#define TS_PAD (LONG_WIDTH - TIMESTAMP_WIDTH) ++static int fmpm_show(struct seq_file *f, void *data) ++{ ++ unsigned int fru_idx, entry, spa_entry, line; ++ struct cper_fru_poison_desc *fpd; ++ struct fru_rec *rec; ++ ++ line = *(loff_t *)data; ++ if (line == 0) { ++ seq_printf(f, "%-*s", SHORT_WIDTH, "fru_idx"); ++ seq_printf(f, "%-*s", LONG_WIDTH, "fru_id"); ++ seq_printf(f, "%-*s", SHORT_WIDTH, "entry"); ++ seq_printf(f, "%-*s", LONG_WIDTH, "timestamp"); ++ seq_printf(f, "%-*s", LONG_WIDTH, "hw_id"); ++ seq_printf(f, "%-*s", LONG_WIDTH, "addr"); ++ seq_printf(f, "%-*s", LONG_WIDTH, "spa"); ++ goto out_newline; ++ } ++ ++ spa_entry = line - 1; ++ fru_idx = spa_entry / max_nr_entries; ++ entry = spa_entry % max_nr_entries; ++ ++ rec = fru_records[fru_idx]; ++ if (!rec) ++ goto out; ++ ++ seq_printf(f, "%-*u", SHORT_WIDTH, fru_idx); ++ seq_printf(f, "0x%016llx%-*s", rec->fmp.fru_id, U64_PAD, ""); ++ seq_printf(f, "%-*u", SHORT_WIDTH, entry); ++ ++ mutex_lock(&fmpm_update_mutex); ++ ++ if (entry >= rec->fmp.nr_entries) { ++ seq_printf(f, "%-*s", LONG_WIDTH, "*"); ++ seq_printf(f, "%-*s", LONG_WIDTH, "*"); ++ seq_printf(f, "%-*s", LONG_WIDTH, "*"); ++ seq_printf(f, "%-*s", LONG_WIDTH, "*"); ++ goto out_unlock; ++ } ++ ++ fpd = &rec->entries[entry]; ++ ++ seq_printf(f, "%ptT%-*s", &fpd->timestamp, TS_PAD, ""); ++ seq_printf(f, "0x%016llx%-*s", fpd->hw_id, U64_PAD, ""); ++ seq_printf(f, "0x%016llx%-*s", fpd->addr, U64_PAD, ""); ++ ++ if (spa_entries[spa_entry] == INVALID_SPA) ++ seq_printf(f, "%-*s", LONG_WIDTH, "*"); ++ else ++ seq_printf(f, "0x%016llx%-*s", spa_entries[spa_entry], U64_PAD, ""); ++ ++out_unlock: ++ mutex_unlock(&fmpm_update_mutex); ++out_newline: ++ seq_putc(f, '\n'); ++out: ++ return 0; ++} ++ ++static const struct seq_operations fmpm_seq_ops = { ++ .start = fmpm_start, ++ .next = fmpm_next, ++ .stop = fmpm_stop, ++ .show = fmpm_show, ++}; ++ ++static int fmpm_open(struct inode *inode, struct file *file) ++{ ++ return seq_open(file, &fmpm_seq_ops); ++} ++ ++static const struct file_operations fmpm_fops = { ++ .open = fmpm_open, ++ .release = seq_release, ++ .read = seq_read, ++ .llseek = seq_lseek, ++}; ++ ++static void setup_debugfs(void) ++{ ++ struct dentry *dfs = ras_get_debugfs_root(); ++ ++ if (!dfs) ++ return; ++ ++ fmpm_dfs_dir = debugfs_create_dir("fmpm", dfs); ++ if (!fmpm_dfs_dir) ++ return; ++ ++ fmpm_dfs_entries = debugfs_create_file("entries", 0400, fmpm_dfs_dir, NULL, &fmpm_fops); ++ if (!fmpm_dfs_entries) ++ debugfs_remove(fmpm_dfs_dir); ++} ++ + static const struct x86_cpu_id fmpm_cpuids[] = { + X86_MATCH_VENDOR_FAM(AMD, 0x19, NULL), + { } +@@ -856,6 +984,8 @@ static int __init fru_mem_poison_init(void) + if (ret) + goto out_free; + ++ setup_debugfs(); ++ + retire_mem_records(); + + mce_register_decode_chain(&fru_mem_poison_nb); +@@ -872,6 +1002,7 @@ static int __init fru_mem_poison_init(void) + static void __exit fru_mem_poison_exit(void) + { + mce_unregister_decode_chain(&fru_mem_poison_nb); ++ debugfs_remove(fmpm_dfs_dir); + free_records(); + } + + diff --git a/patches.suse/RAS-AMD-FMPM-Fix-off-by-one-when-unwinding-on-error.patch b/patches.suse/RAS-AMD-FMPM-Fix-off-by-one-when-unwinding-on-error.patch new file mode 100644 index 0000000..4eeb9f4 --- /dev/null +++ b/patches.suse/RAS-AMD-FMPM-Fix-off-by-one-when-unwinding-on-error.patch @@ -0,0 +1,38 @@ +From: Dan Carpenter +Date: Wed, 6 Mar 2024 08:30:46 +0300 +Subject: RAS/AMD/FMPM: Fix off by one when unwinding on error +Git-commit: bd17b7c34fadef645becde1245b9394f69f31702 +Patch-mainline: v6.9-rc1 +References: jsc#PED-7619 + +Decrement the index variable i before the first iteration when freeing +the remaining elements on error. Depending on where this fails it could +free something from one element beyond the end of the fru_records[] +array. + + [ bp: Massage commit message. ] + +Fixes: 6f15e617cc99 ("RAS: Introduce a FRU memory poison manager") +Signed-off-by: Dan Carpenter +Signed-off-by: Borislav Petkov (AMD) +Link: https://lore.kernel.org/r/6fdec71a-846b-4cd0-af69-e5f6cd12f4f6@moroto.mountain + +Acked-by: Nikolay Borisov +--- + drivers/ras/amd/fmpm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/ras/amd/fmpm.c b/drivers/ras/amd/fmpm.c +index 0963c9e7b853..2f4ac9591c8f 100644 +--- a/drivers/ras/amd/fmpm.c ++++ b/drivers/ras/amd/fmpm.c +@@ -817,7 +817,7 @@ static int allocate_records(void) + return ret; + + out_free: +- for (; i >= 0; i--) ++ while (--i >= 0) + kfree(fru_records[i]); + + kfree(fru_records); + diff --git a/patches.suse/RAS-AMD-FMPM-Save-SPA-values.patch b/patches.suse/RAS-AMD-FMPM-Save-SPA-values.patch new file mode 100644 index 0000000..d4d055f --- /dev/null +++ b/patches.suse/RAS-AMD-FMPM-Save-SPA-values.patch @@ -0,0 +1,173 @@ +From: Yazen Ghannam +Date: Fri, 1 Mar 2024 08:37:47 -0600 +Subject: RAS/AMD/FMPM: Save SPA values +Git-commit: 838850c50884cdd1c96fce1063ef918c394d4bdc +Patch-mainline: v6.9-rc1 +References: jsc#PED-7619 + +The system physical address (SPA) of an error is not a stable value. It +will change depending on the location of the memory: parts can be +swapped. And it will change depending on memory topology: NUMA nodes +and/or interleaving can be adjusted. + +Therefore, the SPA value is not part of the "FRU Memory Poison" record +format. And it will not be saved to persistent storage. + +However, the SPA values can be helpful during debug and for system +admins during run time. + +Save the SPA values in a separate structure. This is updated when +records are restored and when new errors are saved. + + [ bp: Make error messages more user friendly and add and correct + comments. ] + +Signed-off-by: Yazen Ghannam +Signed-off-by: Borislav Petkov (AMD) +Link: https://lore.kernel.org/r/20240301143748.854090-3-yazen.ghannam@amd.com + +Acked-by: Nikolay Borisov +--- + drivers/ras/amd/fmpm.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 71 insertions(+), 1 deletion(-) + +diff --git a/drivers/ras/amd/fmpm.c b/drivers/ras/amd/fmpm.c +index 80dd112b720a..8c3188488673 100644 +--- a/drivers/ras/amd/fmpm.c ++++ b/drivers/ras/amd/fmpm.c +@@ -111,6 +111,11 @@ struct fru_rec { + */ + static struct fru_rec **fru_records; + ++/* system physical addresses array */ ++static u64 *spa_entries; ++ ++#define INVALID_SPA ~0ULL ++ + #define CPER_CREATOR_FMP \ + GUID_INIT(0xcd5c2993, 0xf4b2, 0x41b2, 0xb5, 0xd4, 0xf9, 0xc3, \ + 0xa0, 0x33, 0x08, 0x75) +@@ -120,7 +125,7 @@ static struct fru_rec **fru_records; + 0x12, 0x0a, 0x44, 0x58) + + /** +- * DOC: fru_poison_entries (byte) ++ * DOC: max_nr_entries (byte) + * Maximum number of descriptor entries possible for each FRU. + * + * Values between '1' and '255' are valid. +@@ -140,6 +145,9 @@ static unsigned int max_nr_fru; + /* Total length of record including headers and list of descriptor entries. */ + static size_t max_rec_len; + ++/* Total number of SPA entries across all FRUs. */ ++static unsigned int spa_nr_entries; ++ + /* + * Protect the local records cache in fru_records and prevent concurrent + * writes to storage. This is only needed after init once notifier block +@@ -269,6 +277,54 @@ static bool rec_has_fpd(struct fru_rec *rec, struct cper_fru_poison_desc *fpd) + return false; + } + ++static void save_spa(struct fru_rec *rec, unsigned int entry, ++ u64 addr, u64 id, unsigned int cpu) ++{ ++ unsigned int i, fru_idx, spa_entry; ++ struct atl_err a_err; ++ unsigned long spa; ++ ++ if (entry >= max_nr_entries) { ++ pr_warn_once("FRU descriptor entry %d out-of-bounds (max: %d)\n", ++ entry, max_nr_entries); ++ return; ++ } ++ ++ /* spa_nr_entries is always multiple of max_nr_entries */ ++ for (i = 0; i < spa_nr_entries; i += max_nr_entries) { ++ fru_idx = i / max_nr_entries; ++ if (fru_records[fru_idx] == rec) ++ break; ++ } ++ ++ if (i >= spa_nr_entries) { ++ pr_warn_once("FRU record %d not found\n", i); ++ return; ++ } ++ ++ spa_entry = i + entry; ++ if (spa_entry >= spa_nr_entries) { ++ pr_warn_once("spa_entries[] index out-of-bounds\n"); ++ return; ++ } ++ ++ memset(&a_err, 0, sizeof(struct atl_err)); ++ ++ a_err.addr = addr; ++ a_err.ipid = id; ++ a_err.cpu = cpu; ++ ++ spa = amd_convert_umc_mca_addr_to_sys_addr(&a_err); ++ if (IS_ERR_VALUE(spa)) { ++ pr_debug("Failed to get system address\n"); ++ return; ++ } ++ ++ spa_entries[spa_entry] = spa; ++ pr_debug("fru_idx: %u, entry: %u, spa_entry: %u, spa: 0x%016llx\n", ++ fru_idx, entry, spa_entry, spa_entries[spa_entry]); ++} ++ + static void update_fru_record(struct fru_rec *rec, struct mce *m) + { + struct cper_sec_fru_mem_poison *fmp = &rec->fmp; +@@ -301,6 +357,7 @@ static void update_fru_record(struct fru_rec *rec, struct mce *m) + entry = fmp->nr_entries; + + save_fpd: ++ save_spa(rec, entry, m->addr, m->ipid, m->extcpu); + fpd_dest = &rec->entries[entry]; + memcpy(fpd_dest, &fpd, sizeof(struct cper_fru_poison_desc)); + +@@ -385,6 +442,7 @@ static void retire_mem_fmp(struct fru_rec *rec) + continue; + + retire_dram_row(fpd->addr, fpd->hw_id, err_cpu); ++ save_spa(rec, i, fpd->addr, fpd->hw_id, err_cpu); + } + } + +@@ -696,6 +754,8 @@ static int get_system_info(void) + if (!max_nr_entries) + max_nr_entries = FMPM_DEFAULT_MAX_NR_ENTRIES; + ++ spa_nr_entries = max_nr_fru * max_nr_entries; ++ + max_rec_len = sizeof(struct fru_rec); + max_rec_len += sizeof(struct cper_fru_poison_desc) * max_nr_entries; + +@@ -714,6 +774,7 @@ static void free_records(void) + kfree(rec); + + kfree(fru_records); ++ kfree(spa_entries); + } + + static int allocate_records(void) +@@ -734,6 +795,15 @@ static int allocate_records(void) + } + } + ++ spa_entries = kcalloc(spa_nr_entries, sizeof(u64), GFP_KERNEL); ++ if (!spa_entries) { ++ ret = -ENOMEM; ++ goto out_free; ++ } ++ ++ for (i = 0; i < spa_nr_entries; i++) ++ spa_entries[i] = INVALID_SPA; ++ + return ret; + + out_free: + diff --git a/patches.suse/RAS-Export-helper-to-get-ras_debugfs_dir.patch b/patches.suse/RAS-Export-helper-to-get-ras_debugfs_dir.patch new file mode 100644 index 0000000..c5a424d --- /dev/null +++ b/patches.suse/RAS-Export-helper-to-get-ras_debugfs_dir.patch @@ -0,0 +1,78 @@ +From: "Borislav Petkov (AMD)" +Date: Fri, 1 Mar 2024 08:37:46 -0600 +Subject: RAS: Export helper to get ras_debugfs_dir +Git-commit: 9d2b6fa09d15d021fb83ec6f1336176ebaebbeec +Patch-mainline: v6.9-rc1 +References: jsc#PED-7619 + +Export a getter instead of the debugfs node directly so that, other +in-tree-only RAS modules can use it. + +Signed-off-by: Borislav Petkov (AMD) +Signed-off-by: Yazen Ghannam +Link: https://lore.kernel.org/r/20240301143748.854090-2-yazen.ghannam@amd.com + +Acked-by: Nikolay Borisov +--- + drivers/ras/cec.c | 10 ++++++++-- + drivers/ras/debugfs.c | 8 +++++++- + drivers/ras/debugfs.h | 2 +- + 3 files changed, 16 insertions(+), 4 deletions(-) + +diff --git a/drivers/ras/cec.c b/drivers/ras/cec.c +index 321af498ee11..e440b15fbabc 100644 +--- a/drivers/ras/cec.c ++++ b/drivers/ras/cec.c +@@ -480,9 +480,15 @@ DEFINE_SHOW_ATTRIBUTE(array); + + static int __init create_debugfs_nodes(void) + { +- struct dentry *d, *pfn, *decay, *count, *array; ++ struct dentry *d, *pfn, *decay, *count, *array, *dfs; + +- d = debugfs_create_dir("cec", ras_debugfs_dir); ++ dfs = ras_get_debugfs_root(); ++ if (!dfs) { ++ pr_warn("Error getting RAS debugfs root!\n"); ++ return -1; ++ } ++ ++ d = debugfs_create_dir("cec", dfs); + if (!d) { + pr_warn("Error creating cec debugfs node!\n"); + return -1; +diff --git a/drivers/ras/debugfs.c b/drivers/ras/debugfs.c +index ffb973c328e3..42afd3de68b2 100644 +--- a/drivers/ras/debugfs.c ++++ b/drivers/ras/debugfs.c +@@ -3,10 +3,16 @@ + #include + #include "debugfs.h" + +-struct dentry *ras_debugfs_dir; ++static struct dentry *ras_debugfs_dir; + + static atomic_t trace_count = ATOMIC_INIT(0); + ++struct dentry *ras_get_debugfs_root(void) ++{ ++ return ras_debugfs_dir; ++} ++EXPORT_SYMBOL_GPL(ras_get_debugfs_root); ++ + int ras_userspace_consumers(void) + { + return atomic_read(&trace_count); +diff --git a/drivers/ras/debugfs.h b/drivers/ras/debugfs.h +index c07443b462ad..4749ccdeeba1 100644 +--- a/drivers/ras/debugfs.h ++++ b/drivers/ras/debugfs.h +@@ -4,6 +4,6 @@ + + #include + +-extern struct dentry *ras_debugfs_dir; ++struct dentry *ras_get_debugfs_root(void); + + #endif /* __RAS_DEBUGFS_H__ */ + diff --git a/patches.suse/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLEAR_CPU.patch b/patches.suse/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLEAR_CPU.patch new file mode 100644 index 0000000..9bd6c47 --- /dev/null +++ b/patches.suse/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLEAR_CPU.patch @@ -0,0 +1,59 @@ +From: Pawan Gupta +Date: Mon, 11 Mar 2024 12:29:43 -0700 +Subject: x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is + set +Git-commit: e95df4ec0c0c9791941f112db699fae794b9862a +Patch-mainline: v6.9-rc1 +References: bsc#1213456 CVE-2023-28746 + +Currently MMIO Stale Data mitigation for CPUs not affected by MDS/TAA is +to only deploy VERW at VMentry by enabling mmio_stale_data_clear static +branch. No mitigation is needed for kernel->user transitions. If such +CPUs are also affected by RFDS, its mitigation may set +X86_FEATURE_CLEAR_CPU_BUF to deploy VERW at kernel->user and VMentry. +This could result in duplicate VERW at VMentry. + +Fix this by disabling mmio_stale_data_clear static branch when +X86_FEATURE_CLEAR_CPU_BUF is enabled. + +Signed-off-by: Pawan Gupta +Signed-off-by: Dave Hansen +Reviewed-by: Dave Hansen +Acked-by: Nikolay Borisov +--- + arch/x86/kernel/cpu/bugs.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index 48d049cd74e7..cd6ac89c1a0d 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -422,6 +422,13 @@ static void __init mmio_select_mitigation(void) + if (boot_cpu_has_bug(X86_BUG_MDS) || (boot_cpu_has_bug(X86_BUG_TAA) && + boot_cpu_has(X86_FEATURE_RTM))) + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); ++ ++ /* ++ * X86_FEATURE_CLEAR_CPU_BUF could be enabled by other VERW based ++ * mitigations, disable KVM-only mitigation in that case. ++ */ ++ if (boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF)) ++ static_branch_disable(&mmio_stale_data_clear); + else + static_branch_enable(&mmio_stale_data_clear); + +@@ -498,8 +505,11 @@ static void __init md_clear_update_mitigation(void) + taa_mitigation = TAA_MITIGATION_VERW; + taa_select_mitigation(); + } +- if (mmio_mitigation == MMIO_MITIGATION_OFF && +- boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { ++ /* ++ * MMIO_MITIGATION_OFF is not checked here so that mmio_stale_data_clear ++ * gets updated correctly as per X86_FEATURE_CLEAR_CPU_BUF state. ++ */ ++ if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { + mmio_mitigation = MMIO_MITIGATION_VERW; + mmio_select_mitigation(); + } + diff --git a/patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch b/patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch new file mode 100644 index 0000000..192fc81 --- /dev/null +++ b/patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch @@ -0,0 +1,371 @@ +From: Pawan Gupta +Date: Mon, 11 Mar 2024 12:29:43 -0700 +Subject: x86/rfds: Mitigate Register File Data Sampling (RFDS) +Git-commit: 8076fcde016c9c0e0660543e67bff86cb48a7c9c +Patch-mainline: v6.9-rc1 +References: bsc#1213456 CVE-2023-28746 + +RFDS is a CPU vulnerability that may allow userspace to infer kernel +stale data previously used in floating point registers, vector registers +and integer registers. RFDS only affects certain Intel Atom processors. + +Intel released a microcode update that uses VERW instruction to clear +the affected CPU buffers. Unlike MDS, none of the affected cores support +SMT. + +Add RFDS bug infrastructure and enable the VERW based mitigation by +default, that clears the affected buffers just before exiting to +userspace. Also add sysfs reporting and cmdline parameter +"reg_file_data_sampling" to control the mitigation. + +For details see: +Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst + +Signed-off-by: Pawan Gupta +Signed-off-by: Dave Hansen +Reviewed-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Acked-by: Nikolay Borisov +--- + Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/kernel-parameters.txt | 21 +++++ + arch/x86/Kconfig | 11 ++ + arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 8 ++ + arch/x86/kernel/cpu/bugs.c | 78 ++++++++++++++++++++- + arch/x86/kernel/cpu/common.c | 38 +++++++++- + drivers/base/cpu.c | 8 ++ + include/linux/cpu.h | 2 + 9 files changed, 162 insertions(+), 6 deletions(-) + +--- a/Documentation/ABI/testing/sysfs-devices-system-cpu ++++ b/Documentation/ABI/testing/sysfs-devices-system-cpu +@@ -519,6 +519,7 @@ What: /sys/devices/system/cpu/vulnerabi + /sys/devices/system/cpu/vulnerabilities/mds + /sys/devices/system/cpu/vulnerabilities/meltdown + /sys/devices/system/cpu/vulnerabilities/mmio_stale_data ++ /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling + /sys/devices/system/cpu/vulnerabilities/retbleed + /sys/devices/system/cpu/vulnerabilities/spec_store_bypass + /sys/devices/system/cpu/vulnerabilities/spectre_v1 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -1126,6 +1126,26 @@ + The filter can be disabled or changed to another + driver later using sysfs. + ++ reg_file_data_sampling= ++ [X86] Controls mitigation for Register File Data ++ Sampling (RFDS) vulnerability. RFDS is a CPU ++ vulnerability which may allow userspace to infer ++ kernel data values previously stored in floating point ++ registers, vector registers, or integer registers. ++ RFDS only affects Intel Atom processors. ++ ++ on: Turns ON the mitigation. ++ off: Turns OFF the mitigation. ++ ++ This parameter overrides the compile time default set ++ by CONFIG_MITIGATION_RFDS. Mitigation cannot be ++ disabled when other VERW based mitigations (like MDS) ++ are enabled. In order to disable RFDS mitigation all ++ VERW based mitigations need to be disabled. ++ ++ For details see: ++ Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst ++ + driver_async_probe= [KNL] + List of driver names to be probed asynchronously. * + matches with all driver names. If * is specified, the +@@ -3357,6 +3377,7 @@ + nospectre_bhb [ARM64] + nospectre_v1 [X86,PPC] + nospectre_v2 [X86,PPC,S390,ARM64] ++ reg_file_data_sampling=off [X86] + retbleed=off [X86] + spec_store_bypass_disable=off [X86,PPC] + spectre_v2_user=off [X86] +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -2670,6 +2670,17 @@ config GDS_FORCE_MITIGATION + + If in doubt, say N. + ++config MITIGATION_RFDS ++ bool "RFDS Mitigation" ++ depends on CPU_SUP_INTEL ++ default y ++ help ++ Enable mitigation for Register File Data Sampling (RFDS) by default. ++ RFDS is a hardware vulnerability which affects Intel Atom CPUs. It ++ allows unprivileged speculative access to stale data previously ++ stored in floating point, vector and integer registers. ++ See also ++ + endif + + config ARCH_HAS_ADD_PAGES +--- a/arch/x86/include/asm/cpufeatures.h ++++ b/arch/x86/include/asm/cpufeatures.h +@@ -504,4 +504,5 @@ + /* BUG word 2 */ + #define X86_BUG_SRSO X86_BUG(1*32 + 0) /* AMD SRSO bug */ + #define X86_BUG_DIV0 X86_BUG(1*32 + 1) /* AMD DIV0 speculation bug */ ++#define X86_BUG_RFDS X86_BUG(1*32 + 2) /* CPU is vulnerable to Register File Data Sampling */ + #endif /* _ASM_X86_CPUFEATURES_H */ +--- a/arch/x86/include/asm/msr-index.h ++++ b/arch/x86/include/asm/msr-index.h +@@ -165,6 +165,14 @@ + * CPU is not vulnerable to Gather + * Data Sampling (GDS). + */ ++#define ARCH_CAP_RFDS_NO BIT(27) /* ++ * Not susceptible to Register ++ * File Data Sampling. ++ */ ++#define ARCH_CAP_RFDS_CLEAR BIT(28) /* ++ * VERW clears CPU Register ++ * File. ++ */ + + #define ARCH_CAP_XAPIC_DISABLE BIT(21) /* + * IA32_XAPIC_DISABLE_STATUS MSR +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -481,6 +481,57 @@ static int __init mmio_stale_data_parse_ + early_param("mmio_stale_data", mmio_stale_data_parse_cmdline); + + #undef pr_fmt ++#define pr_fmt(fmt) "Register File Data Sampling: " fmt ++ ++enum rfds_mitigations { ++ RFDS_MITIGATION_OFF, ++ RFDS_MITIGATION_VERW, ++ RFDS_MITIGATION_UCODE_NEEDED, ++}; ++ ++/* Default mitigation for Register File Data Sampling */ ++static enum rfds_mitigations rfds_mitigation __ro_after_init = ++ IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATION_OFF; ++ ++static const char * const rfds_strings[] = { ++ [RFDS_MITIGATION_OFF] = "Vulnerable", ++ [RFDS_MITIGATION_VERW] = "Mitigation: Clear Register File", ++ [RFDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", ++}; ++ ++static void __init rfds_select_mitigation(void) ++{ ++ if (!boot_cpu_has_bug(X86_BUG_RFDS) || cpu_mitigations_off()) { ++ rfds_mitigation = RFDS_MITIGATION_OFF; ++ return; ++ } ++ if (rfds_mitigation == RFDS_MITIGATION_OFF) ++ return; ++ ++ if (x86_read_arch_cap_msr() & ARCH_CAP_RFDS_CLEAR) ++ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); ++ else ++ rfds_mitigation = RFDS_MITIGATION_UCODE_NEEDED; ++} ++ ++static __init int rfds_parse_cmdline(char *str) ++{ ++ if (!str) ++ return -EINVAL; ++ ++ if (!boot_cpu_has_bug(X86_BUG_RFDS)) ++ return 0; ++ ++ if (!strcmp(str, "off")) ++ rfds_mitigation = RFDS_MITIGATION_OFF; ++ else if (!strcmp(str, "on")) ++ rfds_mitigation = RFDS_MITIGATION_VERW; ++ ++ return 0; ++} ++early_param("reg_file_data_sampling", rfds_parse_cmdline); ++ ++#undef pr_fmt + #define pr_fmt(fmt) "" fmt + + static void __init md_clear_update_mitigation(void) +@@ -513,6 +564,11 @@ static void __init md_clear_update_mitig + mmio_mitigation = MMIO_MITIGATION_VERW; + mmio_select_mitigation(); + } ++ if (rfds_mitigation == RFDS_MITIGATION_OFF && ++ boot_cpu_has_bug(X86_BUG_RFDS)) { ++ rfds_mitigation = RFDS_MITIGATION_VERW; ++ rfds_select_mitigation(); ++ } + out: + if (boot_cpu_has_bug(X86_BUG_MDS)) + pr_info("MDS: %s\n", mds_strings[mds_mitigation]); +@@ -522,6 +578,8 @@ out: + pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]); + else if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) + pr_info("MMIO Stale Data: Unknown: No mitigations\n"); ++ if (boot_cpu_has_bug(X86_BUG_RFDS)) ++ pr_info("Register File Data Sampling: %s\n", rfds_strings[rfds_mitigation]); + } + + static void __init md_clear_select_mitigation(void) +@@ -529,11 +587,12 @@ static void __init md_clear_select_mitig + mds_select_mitigation(); + taa_select_mitigation(); + mmio_select_mitigation(); ++ rfds_select_mitigation(); + + /* +- * As MDS, TAA and MMIO Stale Data mitigations are inter-related, update +- * and print their mitigation after MDS, TAA and MMIO Stale Data +- * mitigation selection is done. ++ * As these mitigations are inter-related and rely on VERW instruction ++ * to clear the microarchitural buffers, update and print their status ++ * after mitigation selection is done for each of these vulnerabilities. + */ + md_clear_update_mitigation(); + } +@@ -2623,6 +2682,11 @@ static ssize_t mmio_stale_data_show_stat + sched_smt_active() ? "vulnerable" : "disabled"); + } + ++static ssize_t rfds_show_state(char *buf) ++{ ++ return sysfs_emit(buf, "%s\n", rfds_strings[rfds_mitigation]); ++} ++ + static char *stibp_state(void) + { + if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && +@@ -2782,6 +2846,9 @@ static ssize_t cpu_show_common(struct de + case X86_BUG_SRSO: + return srso_show_state(buf); + ++ case X86_BUG_RFDS: ++ return rfds_show_state(buf); ++ + default: + break; + } +@@ -2856,4 +2923,9 @@ ssize_t cpu_show_spec_rstack_overflow(st + { + return cpu_show_common(dev, attr, buf, X86_BUG_SRSO); + } ++ ++ssize_t cpu_show_reg_file_data_sampling(struct device *dev, struct device_attribute *attr, char *buf) ++{ ++ return cpu_show_common(dev, attr, buf, X86_BUG_RFDS); ++} + #endif +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1305,6 +1305,8 @@ static const __initconst struct x86_cpu_ + #define SRSO BIT(5) + /* CPU is affected by GDS */ + #define GDS BIT(6) ++/* CPU is affected by Register File Data Sampling */ ++#define RFDS BIT(7) + + static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { + VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS), +@@ -1332,9 +1334,18 @@ static const struct x86_cpu_id cpu_vuln_ + VULNBL_INTEL_STEPPINGS(TIGERLAKE, X86_STEPPING_ANY, GDS), + VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RETBLEED), + VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPING_ANY, MMIO | RETBLEED | GDS), +- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS), +- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO), +- VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS), ++ VULNBL_INTEL_STEPPINGS(ALDERLAKE, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ALDERLAKE_L, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(RAPTORLAKE, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(RAPTORLAKE_P, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(RAPTORLAKE_S, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_GRACEMONT, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_D, X86_STEPPING_ANY, MMIO | RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPING_ANY, MMIO | MMIO_SBDS | RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT_D, X86_STEPPING_ANY, RFDS), ++ VULNBL_INTEL_STEPPINGS(ATOM_GOLDMONT_PLUS, X86_STEPPING_ANY, RFDS), + + VULNBL_AMD(0x15, RETBLEED), + VULNBL_AMD(0x16, RETBLEED), +@@ -1368,6 +1379,24 @@ static bool arch_cap_mmio_immune(u64 ia3 + ia32_cap & ARCH_CAP_SBDR_SSDP_NO); + } + ++static bool __init vulnerable_to_rfds(u64 ia32_cap) ++{ ++ /* The "immunity" bit trumps everything else: */ ++ if (ia32_cap & ARCH_CAP_RFDS_NO) ++ return false; ++ ++ /* ++ * VMMs set ARCH_CAP_RFDS_CLEAR for processors not in the blacklist to ++ * indicate that mitigation is needed because guest is running on a ++ * vulnerable hardware or may migrate to such hardware: ++ */ ++ if (ia32_cap & ARCH_CAP_RFDS_CLEAR) ++ return true; ++ ++ /* Only consult the blacklist when there is no enumeration: */ ++ return cpu_matches(cpu_vuln_blacklist, RFDS); ++} ++ + static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) + { + u64 ia32_cap = x86_read_arch_cap_msr(); +@@ -1484,6 +1513,9 @@ static void __init cpu_set_bug_bits(stru + setup_force_cpu_bug(X86_BUG_SRSO); + } + ++ if (vulnerable_to_rfds(ia32_cap)) ++ setup_force_cpu_bug(X86_BUG_RFDS); ++ + if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) + return; + +--- a/drivers/base/cpu.c ++++ b/drivers/base/cpu.c +@@ -602,6 +602,12 @@ ssize_t __weak cpu_show_spec_rstack_over + return sysfs_emit(buf, "Not affected\n"); + } + ++ssize_t __weak cpu_show_reg_file_data_sampling(struct device *dev, ++ struct device_attribute *attr, char *buf) ++{ ++ return sysfs_emit(buf, "Not affected\n"); ++} ++ + static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); + static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); + static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); +@@ -615,6 +621,7 @@ static DEVICE_ATTR(mmio_stale_data, 0444 + static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL); + static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL); + static DEVICE_ATTR(spec_rstack_overflow, 0444, cpu_show_spec_rstack_overflow, NULL); ++static DEVICE_ATTR(reg_file_data_sampling, 0444, cpu_show_reg_file_data_sampling, NULL); + + static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_meltdown.attr, +@@ -630,6 +637,7 @@ static struct attribute *cpu_root_vulner + &dev_attr_retbleed.attr, + &dev_attr_gather_data_sampling.attr, + &dev_attr_spec_rstack_overflow.attr, ++ &dev_attr_reg_file_data_sampling.attr, + NULL + }; + +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -75,6 +75,8 @@ extern ssize_t cpu_show_spec_rstack_over + struct device_attribute *attr, char *buf); + extern ssize_t cpu_show_gds(struct device *dev, + struct device_attribute *attr, char *buf); ++extern ssize_t cpu_show_reg_file_data_sampling(struct device *dev, ++ struct device_attribute *attr, char *buf); + + extern __printf(4, 5) + struct device *cpu_device_create(struct device *parent, void *drvdata, diff --git a/series.conf b/series.conf index 6b1490a..a2a7768 100644 --- a/series.conf +++ b/series.conf @@ -19517,6 +19517,14 @@ patches.suse/RAS-AMD-ATL-Add-MI300-row-retirement-support.patch patches.suse/RAS-Introduce-a-FRU-memory-poison-manager.patch patches.suse/RAS-AMD-ATL-Fix-bit-overflow-in-denorm_addr_df4_np2.patch + patches.suse/RAS-Export-helper-to-get-ras_debugfs_dir.patch + patches.suse/RAS-AMD-FMPM-Save-SPA-values.patch + patches.suse/RAS-AMD-FMPM-Add-debugfs-interface-to-print-record-entries.patch + patches.suse/RAS-AMD-FMPM-Fix-off-by-one-when-unwinding-on-error.patch + patches.suse/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLEAR_CPU.patch + patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch + patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch + patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch patches.suse/bus-tegra-aconnect-Update-dependency-to-ARCH_TEGRA.patch patches.suse/soc-qcom-socinfo-rename-PM2250-to-PM4125.patch