[PATCH] x86/speculation: Fix incorrect MDS/TAA mitigation status

From: Waiman Long
Date: Wed Nov 13 2019 - 14:35:09 EST

Next message: Jeffrey Hugo: "Re: [PATCH] ath10k: add cleanup in ath10k_sta_state()"
Previous message: Eric Biggers: "Re: [PATCH v5 2/8] crypto: x86/serpent: Remove glue function macros usage"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/speculation: Fix incorrect MDS/TAA mitigation status"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For MDS vulnerable processors with TSX support, enabling either MDS
or TAA mitigations will enable the use of VERW to flush internal
processor buffers at the right code path. IOW, they are either both
mitigated or both not mitigated. However, if the command line options
are inconsistent, the vulnerabilites sysfs files may not report the
mitigation status correctly.

For example, with only the "mds=off" option:

vulnerabilities/mds:Vulnerable; SMT vulnerable
vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT vulnerable

The mds vulnerabilities file has wrong status in this case.

Change taa_select_mitigation() to sync up the two mitigation status
and have them turned off if both "mds=off" and "tsx_async_abort=off"
are present.

Signed-off-by: Waiman Long <longman@xxxxxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 4c7b0fa15a19..418d41c1fd0d 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -304,8 +304,12 @@ static void __init taa_select_mitigation(void)
return;
}

- /* TAA mitigation is turned off on the cmdline (tsx_async_abort=off) */
- if (taa_mitigation == TAA_MITIGATION_OFF)
+ /*
+ * TAA mitigation via VERW is turned off if both
+ * tsx_async_abort=off and mds=off are specified.
+ */
+ if (taa_mitigation == TAA_MITIGATION_OFF &&
+ mds_mitigation == MDS_MITIGATION_OFF)
goto out;

if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
@@ -339,6 +343,15 @@ static void __init taa_select_mitigation(void)
if (taa_nosmt || cpu_mitigations_auto_nosmt())
cpu_smt_disable(false);

+ /*
+ * Update MDS mitigation, if necessary, as the mds_user_clear is
+ * now enabled for TAA mitigation.
+ */
+ if (mds_mitigation == MDS_MITIGATION_OFF &&
+ boot_cpu_has_bug(X86_BUG_MDS)) {
+ mds_mitigation = MDS_MITIGATION_FULL;
+ mds_select_mitigation();
+ }
out:
pr_info("%s\n", taa_strings[taa_mitigation]);
}
--
2.18.1

Next message: Jeffrey Hugo: "Re: [PATCH] ath10k: add cleanup in ath10k_sta_state()"
Previous message: Eric Biggers: "Re: [PATCH v5 2/8] crypto: x86/serpent: Remove glue function macros usage"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/speculation: Fix incorrect MDS/TAA mitigation status"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]