Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP1
xen.30827
xsa435-0-05.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa435-0-05.patch of Package xen.30827
From be35bc9355f2ca4800b4a11b06b8631a057dcf4b Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> Date: Wed, 19 May 2021 19:40:28 +0100 Subject: x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each other settings. No functional change. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -269,8 +269,7 @@ static int enter_state(u32 state) if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); done: spin_debug_enable(); --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -15,6 +15,38 @@ #include "cpu.h" /* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + +/* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists * CPU models in which having conflicting memory types still leads to --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -375,8 +375,7 @@ void start_secondary(void *unused) */ if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -74,7 +74,6 @@ static bool __initdata cpu_has_bug_msbds static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static bool __initdata opt_unpriv_mmio; static bool __read_mostly opt_fb_clear_mmio; @@ -487,7 +486,7 @@ static void __init print_details(enum in (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb_ctxt_switch ? " IBPB-ctxt" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1428,38 +1427,29 @@ void __init init_speculation_mitigations tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * All parts with SRBDS_CTRL suffer SSDP, the mechanism by which stale RNG + * data becomes available to other contexts. To recover the data, an + * attacker needs to use: + * - SBDS (MDS or TAA to sample the cores fill buffer) + * - SBDR (Architecturally retrieve stale transaction buffer contents) + * - DRPW (Architecturally latch stale fill buffer data) + * + * On MDS_NO parts, and with TAA_NO or TSX unavailable/disabled, and there + * is no unprivileged MMIO access, the RNG data doesn't need protecting. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * All parts with SRBDS_CTRL suffer SSDP, the mechanism by which stale - * RNG data becomes available to other contexts. To recover the data, - * an attacker needs to use: - * - SBDS (MDS or TAA to sample the cores fill buffer) - * - SBDR (Architecturally retrieve stale transaction buffer contents) - * - DRPW (Architecturally latch stale fill buffer data) - * - * On MDS_NO parts, and with TAA_NO or TSX unavailable/disabled, and - * there is no unprivileged MMIO access, the RNG data doesn't need - * protecting. - */ if ( opt_srb_lock == -1 && !opt_unpriv_mmio && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && !(opt_tsx & 1))) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1493,9 +1483,6 @@ void __init init_speculation_mitigations wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -118,6 +118,7 @@ #define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO) /* CPUID level 0x00000007:0.edx */ +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_arch_caps boot_cpu_has(X86_FEATURE_ARCH_CAPS) --- a/xen/include/asm-x86/processor.h +++ b/xen/include/asm-x86/processor.h @@ -623,6 +623,9 @@ static inline uint8_t get_cpu_family(uin extern int8_t opt_tsx, cpu_has_tsx_ctrl; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + void amd_check_zenbleed(void); #endif /* !__ASSEMBLY__ */ --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -107,8 +107,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_ */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info();
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor