From patchwork Wed Aug 9 10:26:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 133187 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2749094vqr; Wed, 9 Aug 2023 05:04:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFc6BKJkAAWFqZEB+ZtNukV77ytv4uJsYK1SIcapLqhqGcYJGeiz2AxYPOS2CiBgMxeEzNm X-Received: by 2002:a05:6a00:1397:b0:675:ef91:7922 with SMTP id t23-20020a056a00139700b00675ef917922mr2711796pfg.4.1691582695467; Wed, 09 Aug 2023 05:04:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691582695; cv=none; d=google.com; s=arc-20160816; b=mj330F4HB+A6yUucILX5JSBEbYfAWuFBasjJT81yW11uuMJ6B4Dzvm8wO5F8hzEnTq hT9AorElGJwWMt5g0UgTDMh+eC0sd+qH77RwuCrkj/GydDeZVFU5SrJGTvErPZvn9BUT gh5TjhBCY8o5cjF4t+Q9f16/M8bKZK2mqtmPaD58PPFJYeNr9mCMI/tHv+2yGYd+QXOq 1NmleB0NFnEHx2b1pGhA4uPn+S7muWXQ0yhzqyHc259IZXuV1IC/bTIiAgpISA7qfYIH 8vOMxevm9ocLTkk3ZOrwkcB+DLzrCxnjm7rWRcncVincMsA8fG1KxAtkY+sGwwlFaG/q /YDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NAQj1b4NcgJOYxR/7uVHgoQpoay4b5ydCDHPoy0VJP0=; fh=XKtQyXaCQxzsaabDUqWwb5UUdzQvW23zJZqs2rj4yew=; b=Kineug2Vw2L9Wr6CHRMFpQ02d6apRXkInYmblZCn4THeN7H/4Rfqz/eW7ARFRNV4rW cfN5/C6gtBJSdCn0K1cQ8RHlD/590OITDXIcSyxUYV41ka9pj/b+w9/p76ahh3mZBsFv pAimw+3jCl7EtoGIxMmzgKwLArp1C8C/N+TC4kXevYLgJgwyQ2j9Xad8rEfkGO8Q4EiN zi/taK9YizLWp0FCwEJ71xam77t/gGQ7K7aWJc97fLUfU4H8XSKC5WSaPOPvpUlHG1Cw fuS/yJztWV7XOU8N8CvOnemUFKC3GQgucSpq+VWkXZW8lyZiDbpUTXYQzW/s2ScwZhfq y4Fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b=hnTDEu1A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y23-20020a63de57000000b0056418f28df6si8927914pgi.838.2023.08.09.05.04.40; Wed, 09 Aug 2023 05:04:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b=hnTDEu1A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232177AbjHIK1j (ORCPT + 99 others); Wed, 9 Aug 2023 06:27:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231733AbjHIK1e (ORCPT ); Wed, 9 Aug 2023 06:27:34 -0400 Received: from mail.alien8.de (mail.alien8.de [IPv6:2a01:4f9:3051:3f93::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA9F81FDF for ; Wed, 9 Aug 2023 03:27:32 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 249CA40E01A3; Wed, 9 Aug 2023 10:27:31 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=fail (4096-bit key) reason="fail (body has been altered)" header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 2KBEy6rtFKNz; Wed, 9 Aug 2023 10:27:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1691576848; bh=hHwZiO3cl0WSFwWrnTAhlEen22AC22m/lmz1TtfKTSw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hnTDEu1ARH6tQaTAZQzbygpVqchv0YBfnr8WruS5viuS5vk4i9cRU3nuvSxywq1Os 1or3Qp2hS/ttSMDosQ+95K/83F2zFI+lRuCieyShn17/WsALWh8JprQTZ8WvJ9VgbJ d79fljmMx+Lok0oEb6OnJl2AzuEFedw4LrWwi0eIkIMiNsmLiyha2GCnmHZcsP7jy2 dixr8XrhXZlzOEx0sFUVHhy32REPfMm/Rsob6/Bvi0faQEuhUwhQ67QI5W46Wf3xIl t+Q3PJ2LnAHcenxq/uaDG4NA0KtzJCKT4llm1mNWGoDQJduuoemchZut21g1f6Eh57 D2MWRa5OKYvd3VNUG/ooIzK7j0Zpmn6BgFSRZlfVm/2kPHHOoygsWrjOKyUsk07qzK vVIkN1ZvsozRhB/SIGHgQYccjKAHunTb+Koo2BA/JPgOVVctQ9LMnwdDRPtcMHR0Jt NhqpemUEWpDHkTSpf092fEDml7ZbisItj7gWKOOsRZ/Yp8DrG+RNJqo1xfbndBOWOm NU4dF9z5eH5yot1Alkzat3MHYOV5aLRiWESdnaefinyb5Uw6iBAPbZsBPfvvcjGpN6 7ga7vc7vRaLJzXzHbCW/uwMIBy8XVrjzPEYMZ0kOJnFnlHQxexYSGShdKmdhmC7XlA X8MXYGr2+5s/YYvZ5L43j/AA= Received: from zn.tnic (pd9530d32.dip0.t-ipconnect.de [217.83.13.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 9972440E01A1; Wed, 9 Aug 2023 10:27:24 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: Greg Kroah-Hartman , LKML , Linus Torvalds Subject: [PATCH 1/3] Documentation/hw-vuln: Unify filename specification in index Date: Wed, 9 Aug 2023 12:26:58 +0200 Message-ID: <20230809102700.29449-2-bp@alien8.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809102700.29449-1-bp@alien8.de> References: <20230809102700.29449-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773753016651903273 X-GMAIL-MSGID: 1773753016651903273 From: "Borislav Petkov (AMD)" Most of the index.rst files in Documentation/ refer to other rst files without their file extension in the name. Do that here too. No functional changes. Reported-by: Linus Torvalds Signed-off-by: Borislav Petkov (AMD) --- Documentation/admin-guide/hw-vuln/index.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst index a7d37e124831..aeee8bff5f82 100644 --- a/Documentation/admin-guide/hw-vuln/index.rst +++ b/Documentation/admin-guide/hw-vuln/index.rst @@ -13,11 +13,11 @@ are configurable at compile, boot or run time. l1tf mds tsx_async_abort - multihit.rst - special-register-buffer-data-sampling.rst - core-scheduling.rst - l1d_flush.rst - processor_mmio_stale_data.rst - cross-thread-rsb.rst + multihit + special-register-buffer-data-sampling + core-scheduling + l1d_flush + processor_mmio_stale_data + cross-thread-rsb srso gather_data_sampling.rst From patchwork Wed Aug 9 10:26:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 133161 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2738700vqr; Wed, 9 Aug 2023 04:46:02 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFVBWj2N8KIgl0H0SF87oa9rMoFCbE7ivA+PXpfatJo3Gtm/ib+SYT/dqp3+kC8cG6LfcTx X-Received: by 2002:a17:907:2c75:b0:99c:b65b:54e2 with SMTP id ib21-20020a1709072c7500b0099cb65b54e2mr1743798ejc.55.1691581561787; Wed, 09 Aug 2023 04:46:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691581561; cv=none; d=google.com; s=arc-20160816; b=ekzIzXr4WYLeNguxg+Q2BRplatWfXyas5fCfwInXSTDzjSfHeydwHLKpl8ZTQj26Ei U9rYxZ01aX924vaOR/feTMJM9IRLQQIcHIxlG9VUqPXI8JxUcAmPDxT3JygCXVEGJaFg HwtUpaDlEWGkjMKloxDUaFzw7INB+wmbRD06E5rCKM42+M5OF4k2iQ7AjI9XJq5tHweF KUpKo1Io3IScy0X4K+hbrp9++AKr5Ea6xS3Mwl/k+x+Fkl8XSiec3w2MzdlWeHnge3T7 lmuuz8JRbWyN7ns4cNC8G/UcUXln+RaHrbDiszNHMD7u49dBh+bxwzSy8KVk8dotfU2Z qwqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Kq4EvkdbrNMR0g47WvEeuhpfyD9qSzHU+7VYQ+POwmw=; fh=XKtQyXaCQxzsaabDUqWwb5UUdzQvW23zJZqs2rj4yew=; b=QPgNykhiVYypzJJyMT5Kk8eBwaQE7GIkdtuOCW/9efKh9dC2QinARcuUWX4YHG3pFN 92lf8oRlBHctLsaRKS52AX/WNbMS0aSe4a1GiyDsBcaNDT/PxI+L3eVHs4cL7mg+ysf/ fuGEsSAImxBL05p2PjQP4aPB3ljPsQR8LwOMg2Fv9qYTb/Nk2V92r56arpNFz5EXkArh 6hoRlmx+8ZphGtjU7u1LTf0vDmrCrDaT5vULktIt9wbyfq4VxvEEgMnp48/zxUV9mdhh Ln6dQlEypbOpXLvrwuW9xH+VKcXiBjYacl6x+AcBvpcfvjeTXs0uzS3P/9GJ9jOZ6AXH gQyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b=SGka17EZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i14-20020a17090671ce00b00988796c2019si7865683ejk.591.2023.08.09.04.45.30; Wed, 09 Aug 2023 04:46:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b=SGka17EZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232182AbjHIK1o (ORCPT + 99 others); Wed, 9 Aug 2023 06:27:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232203AbjHIK1j (ORCPT ); Wed, 9 Aug 2023 06:27:39 -0400 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FB1C2112 for ; Wed, 9 Aug 2023 03:27:38 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id A5FFA40E01A2; Wed, 9 Aug 2023 10:27:36 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=fail (4096-bit key) reason="fail (body has been altered)" header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id CMOzuCbjzq-X; Wed, 9 Aug 2023 10:27:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1691576854; bh=Kqk9iB23zva22rrtFW2VbzZ/5CKBSXXVyARTF51x9QA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SGka17EZMGm4JXxnMyDhLYGVtgljDnAdoSMNtZ2lOkPViuraS2B0tGP87U1A5YOU6 pLU5TwFMdeQHwELL4ZBX6r6zyp4O3mHl7b5Pwse17QGn9Ggdd2mrstQBqEHGRcPm6P 5TDN/bJpeO0PoU7qOLuD8jA8+XJHxyaVg8r2FeJKFrfsOR8eHQZY4dJwAtFInMxC2E hc9BZlAp4lIOJuN61fgp9Yfc/Lfu7oB+FhF2cP9VF/0uPZY9+afMdBqzyPDZMd9ZQU NdtOFo8/44V08gFZt9Yx2WGA8dNnjDnEF9AdSUqtG5doXaa7SVkcFgkcg0+yfpDTGi 5nhpi77l4y6muTjA/MECzXAGAvoONSr2c+ukmItFPLtSaJa/iiV5Z4OexUI/3Pxih3 WDmES3fA80yPoza+Osx1I58FdbJ+2wKT36Z3PLVWNVHUxAx2vqoynTdirOKug5nq5L I81VgWACQAwOhIc630PxOq2dmuGhIobCpozVlP6L+Df8HbAfkb+F3LRFd2gz6Ie8uu 1MuNcOk1qYv1k4LSF8+iFeSfeV3C03p1BjMQxE/6VaaXP1wkiwV5EkAiEGOAJq60qY 2JlwyTwmu8pt1VhxvwYeHnplKUecCGmNPFa0kA93Jk5S411atMzYOdSXb0lST1+C8G BxOydA0/12OUtG7QeIT2vuCQ= Received: from zn.tnic (pd9530d32.dip0.t-ipconnect.de [217.83.13.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 6874140E0140; Wed, 9 Aug 2023 10:27:30 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: Greg Kroah-Hartman , LKML , Linus Torvalds Subject: [PATCH 2/3] driver core: cpu: Unify redundant silly stubs Date: Wed, 9 Aug 2023 12:26:59 +0200 Message-ID: <20230809102700.29449-3-bp@alien8.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809102700.29449-1-bp@alien8.de> References: <20230809102700.29449-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773751827802603932 X-GMAIL-MSGID: 1773751827802603932 From: "Borislav Petkov (AMD)" Make them all a weak function, aliasing to a single function which issues the "Not affected" string. No functional changes. Suggested-by: Linus Torvalds Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Nikolay Borisov --- drivers/base/cpu.c | 86 ++++++++++------------------------------------ 1 file changed, 18 insertions(+), 68 deletions(-) diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index 52df435eecf8..971771347aa6 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -509,79 +509,29 @@ static void __init cpu_dev_register_generic(void) } #ifdef CONFIG_GENERIC_CPU_VULNERABILITIES - -ssize_t __weak cpu_show_meltdown(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_spectre_v1(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_spectre_v2(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_spec_store_bypass(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_l1tf(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_mds(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_tsx_async_abort(struct device *dev, - struct device_attribute *attr, - char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_itlb_multihit(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_srbds(struct device *dev, +ssize_t cpu_show_not_affected(struct device *dev, struct device_attribute *attr, char *buf) { return sysfs_emit(buf, "Not affected\n"); } -ssize_t __weak cpu_show_mmio_stale_data(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_retbleed(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} - -ssize_t __weak cpu_show_spec_rstack_overflow(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sysfs_emit(buf, "Not affected\n"); -} +#define CPU_VULN_FALLBACK(func) \ + ssize_t cpu_show_##func(struct device *, \ + struct device_attribute *, char *) \ + __attribute__((weak, alias("cpu_show_not_affected"))) + +CPU_VULN_FALLBACK(meltdown); +CPU_VULN_FALLBACK(spectre_v1); +CPU_VULN_FALLBACK(spectre_v2); +CPU_VULN_FALLBACK(spec_store_bypass); +CPU_VULN_FALLBACK(l1tf); +CPU_VULN_FALLBACK(mds); +CPU_VULN_FALLBACK(tsx_async_abort); +CPU_VULN_FALLBACK(itlb_multihit); +CPU_VULN_FALLBACK(srbds); +CPU_VULN_FALLBACK(mmio_stale_data); +CPU_VULN_FALLBACK(retbleed); +CPU_VULN_FALLBACK(spec_rstack_overflow); ssize_t __weak cpu_show_gds(struct device *dev, struct device_attribute *attr, char *buf) From patchwork Wed Aug 9 10:27:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 133190 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2750574vqr; Wed, 9 Aug 2023 05:06:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH16uux+1rypBseWW7QaLAv3LCUXvo1b/TWKEnQbDMnvQtoVr/30q3kuns555HBl5l67jfs X-Received: by 2002:a17:902:da82:b0:1b8:954c:1f6 with SMTP id j2-20020a170902da8200b001b8954c01f6mr3329309plx.36.1691582816010; Wed, 09 Aug 2023 05:06:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691582815; cv=none; d=google.com; s=arc-20160816; b=0hIEPmL9SD6/47Q9qcMpEDPyVpo5JXSkt+iSM1IAu5cktAnB+7vCoY3UBqD6iV1i1X hxrqsl6wYabSeaOc/5TEGz6IhZhkB+1hlwZ0DibRyIfT9ktGngFV3EyBcat4rBrd5YPm Gh0Pi0us1UV4Qc51tePbL+N86DoK3RMFd4WamvWLJ+IO0fZOeEMLIXU7ouLrQl1SMTN3 cLWG31QudttC4o31r3gUu7x4ruM0iCYhrPpW2FiUT2f0Xe2ROB0L1Ofct+SoMJq0Bkfv a51E+C8AduIcnROjhcbEDpRToioUI4MoRNvx+jXsgPNZyiBkT1nBgkHAfJy5fbP8KwI6 MrTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Qq2e0fKUiObaQFkbMezLQ3rndkkA/zK4wPnA0YXz5j0=; fh=Mp6U4MvFwphBBmWtxjdxW2bNPYDenxYEzhAzBqV4M6E=; b=nTRPyQ4t1eAuEvBkVAG+eMIu/mFLPNVaOgb2XgG2lt/fZ+IFLI71eaaz4y+QOSzZe3 1S1dUVrpgKdBWyFg7IipBPLNdVWVngnT45v07VBKkD6PmLfQ6CzMtK/ZRO0qhElX1wZF lnD2lkdlQSXSbnOGqh1SFjHnFTK9qKaGDV3INr5u8r0Myyswu9wf8lDoVt7BSdspCJuU EATnNJKNkpoj26h8bHlsytOf+fndU0VXMrf0SKd/maoz4YPx9S9n3UKkjf2xoXgGtNq8 Yrz87OSTexNgBTE/4Zhmz46HFZ9kwGh7u/2eOs9gd1rajvcG4I+3Fuuh3caaQlfbSx2F 07AQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b="ZrFhL/OL"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a17-20020a170902ecd100b001b9eb349549si9219153plh.630.2023.08.09.05.06.42; Wed, 09 Aug 2023 05:06:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b="ZrFhL/OL"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232128AbjHIK1y (ORCPT + 99 others); Wed, 9 Aug 2023 06:27:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232194AbjHIK1t (ORCPT ); Wed, 9 Aug 2023 06:27:49 -0400 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BBEF210C for ; Wed, 9 Aug 2023 03:27:42 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 648B540E01A1; Wed, 9 Aug 2023 10:27:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=fail (4096-bit key) reason="fail (body has been altered)" header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 52PuPSpKsuIJ; Wed, 9 Aug 2023 10:27:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1691576859; bh=sSG8SuLREEWpITGtVL2ale4erYRAEQ6yV/T4GIjhK/s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZrFhL/OLe16B3WTHoznti3hfzmMOwRm/Gw++gpceuIDHnsqGCBrnR8SWHnIQIU6wE 9lBv9KuIVGsvKD7/HllTilBei0ztMA6N7n4GfecP+ZNXquihB7SAHDVyqKDIJ4kKac cbWmRO8pC5eB/4YLuoLELwyLHTvgCVdEWo8alCIRrIhu9VYOos0hrwnha7kCVouF+A rc7lD9QmvUMeBCr/wqzcOSevpjVhtpYBhNar/WGQpVXvzsR3uCNgyTFMldOfNeq00Y AOc6XnPTQslMXslTRCyG4vytQeLCGPMQYTwHlnQJCNZqGlbdT0HExm5lTQeichgdi8 8ozmVULwuoUIs381Cgq3lr/uC9yg3IfGEhTp+rGYh/6kI25TPRCoPAj2yec9SV6hoe cvOdHuOs0dZsB8ceY6wnNP3Z0oIA/qOS8+QroBR7keJ+ojnK66wmm0TaTy1ABIPPJC nd97TbGO8+u48HxaxAmhH8YtQq3kVNcrPDuhXwzvEw/WZz4lOrjGtqkuN+1BXvEVr0 41RxJm2qtoNinTWcKFGoQnhbWB67jOl5S0ZQuJ7GEBACPPedbMebYbY6Rd/s6G1wBj cYzwPzEFCoDGNgvQvcPjPxm27+ztGw/3+Vz4BrLrfuJGB8t2cqZv3ZuTcYk2mIJaxy VN/1M8mxzK51t0Q37vtfTgdY= Received: from zn.tnic (pd9530d32.dip0.t-ipconnect.de [217.83.13.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 1822C40E01A3; Wed, 9 Aug 2023 10:27:36 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: Greg Kroah-Hartman , LKML Subject: [PATCH 3/3] Documentation/srso: Document IBPB aspect and fix formatting Date: Wed, 9 Aug 2023 12:27:00 +0200 Message-ID: <20230809102700.29449-4-bp@alien8.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809102700.29449-1-bp@alien8.de> References: <20230809102700.29449-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773753142867382537 X-GMAIL-MSGID: 1773753142867382537 From: "Borislav Petkov (AMD)" Add a note about the dependency of the User->User mitigation on the previous Spectre v2 IBPB selection. Make the layout moar pretty. Signed-off-by: Borislav Petkov (AMD) --- Documentation/admin-guide/hw-vuln/srso.rst | 71 ++++++++++++++-------- 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/srso.rst b/Documentation/admin-guide/hw-vuln/srso.rst index 32eb5e6db272..af59a9395662 100644 --- a/Documentation/admin-guide/hw-vuln/srso.rst +++ b/Documentation/admin-guide/hw-vuln/srso.rst @@ -42,42 +42,59 @@ The sysfs file showing SRSO mitigation status is: The possible values in this file are: - - 'Not affected' The processor is not vulnerable + * 'Not affected': - - 'Vulnerable: no microcode' The processor is vulnerable, no - microcode extending IBPB functionality - to address the vulnerability has been - applied. + The processor is not vulnerable - - 'Mitigation: microcode' Extended IBPB functionality microcode - patch has been applied. It does not - address User->Kernel and Guest->Host - transitions protection but it does - address User->User and VM->VM attack - vectors. + * 'Vulnerable: no microcode': - (spec_rstack_overflow=microcode) + The processor is vulnerable, no microcode extending IBPB + functionality to address the vulnerability has been applied. - - 'Mitigation: safe RET' Software-only mitigation. It complements - the extended IBPB microcode patch - functionality by addressing User->Kernel - and Guest->Host transitions protection. + * 'Mitigation: microcode': - Selected by default or by - spec_rstack_overflow=safe-ret + Extended IBPB functionality microcode patch has been applied. It does + not address User->Kernel and Guest->Host transitions protection but it + does address User->User and VM->VM attack vectors. - - 'Mitigation: IBPB' Similar protection as "safe RET" above - but employs an IBPB barrier on privilege - domain crossings (User->Kernel, - Guest->Host). + Note that User->User mitigation is controlled by how the IBPB aspect in + the Spectre v2 mitigation is selected: - (spec_rstack_overflow=ibpb) + * conditional IBPB: + + where each process can select whether it needs an IBPB issued + around it PR_SPEC_DISABLE/_ENABLE etc, see :doc:`spectre` + + * strict: + + i.e., always on - by supplying spectre_v2_user=on on the kernel + command line + + (spec_rstack_overflow=microcode) + + * 'Mitigation: safe RET': + + Software-only mitigation. It complements the extended IBPB microcode + patch functionality by addressing User->Kernel and Guest->Host + transitions protection. + + Selected by default or by spec_rstack_overflow=safe-ret + + * 'Mitigation: IBPB': + + Similar protection as "safe RET" above but employs an IBPB barrier on + privilege domain crossings (User->Kernel, Guest->Host). + + (spec_rstack_overflow=ibpb) + + * 'Mitigation: IBPB on VMEXIT': + + Mitigation addressing the cloud provider scenario - the Guest->Host + transitions only. + + (spec_rstack_overflow=ibpb-vmexit) - - 'Mitigation: IBPB on VMEXIT' Mitigation addressing the cloud provider - scenario - the Guest->Host transitions - only. - (spec_rstack_overflow=ibpb-vmexit) In order to exploit vulnerability, an attacker needs to: