2019-11-07 18:04:08 +00:00
|
|
|
From: Vineela Tummalapalli <vineela.tummalapalli@intel.com>
|
|
|
|
Date: Mon, 4 Nov 2019 12:22:01 +0100
|
|
|
|
Subject: x86/bugs: Add ITLB_MULTIHIT bug infrastructure
|
2019-10-20 13:32:35 +00:00
|
|
|
|
2019-11-07 18:04:08 +00:00
|
|
|
commit db4d30fbb71b47e4ecb11c4efa5d8aad4b03dfae upstream.
|
2019-10-20 13:32:35 +00:00
|
|
|
|
2019-11-07 18:04:08 +00:00
|
|
|
Some processors may incur a machine check error possibly resulting in an
|
|
|
|
unrecoverable CPU lockup when an instruction fetch encounters a TLB
|
|
|
|
multi-hit in the instruction TLB. This can occur when the page size is
|
|
|
|
changed along with either the physical address or cache type. The relevant
|
|
|
|
erratum can be found here:
|
|
|
|
|
|
|
|
https://bugzilla.kernel.org/show_bug.cgi?id=205195
|
2019-10-20 13:32:35 +00:00
|
|
|
|
2019-11-07 18:04:08 +00:00
|
|
|
There are other processors affected for which the erratum does not fully
|
|
|
|
disclose the impact.
|
2019-10-20 13:32:35 +00:00
|
|
|
|
2019-11-07 18:04:08 +00:00
|
|
|
This issue affects both bare-metal x86 page tables and EPT.
|
2019-10-20 13:32:35 +00:00
|
|
|
|
2019-11-07 18:04:08 +00:00
|
|
|
It can be mitigated by either eliminating the use of large pages or by
|
|
|
|
using careful TLB invalidations when changing the page size in the page
|
|
|
|
tables.
|
2019-10-20 13:32:35 +00:00
|
|
|
|
2019-11-07 18:04:08 +00:00
|
|
|
Just like Spectre, Meltdown, L1TF and MDS, a new bit has been allocated in
|
|
|
|
MSR_IA32_ARCH_CAPABILITIES (PSCHANGE_MC_NO) and will be set on CPUs which
|
|
|
|
are mitigated against this issue.
|
2019-10-20 13:32:35 +00:00
|
|
|
|
|
|
|
Signed-off-by: Vineela Tummalapalli <vineela.tummalapalli@intel.com>
|
|
|
|
Co-developed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
|
|
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
|
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
2019-11-07 18:04:08 +00:00
|
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
2019-10-20 13:32:35 +00:00
|
|
|
[bwh: Backported to 4.19:
|
|
|
|
- No support for X86_VENDOR_HYGON, ATOM_AIRMONT_NP
|
|
|
|
- Adjust context]
|
|
|
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
|
|
---
|
|
|
|
.../ABI/testing/sysfs-devices-system-cpu | 1 +
|
|
|
|
arch/x86/include/asm/cpufeatures.h | 1 +
|
2019-11-07 18:04:08 +00:00
|
|
|
arch/x86/include/asm/msr-index.h | 7 +++
|
2019-10-20 13:32:35 +00:00
|
|
|
arch/x86/kernel/cpu/bugs.c | 13 ++++
|
2019-11-07 18:04:08 +00:00
|
|
|
arch/x86/kernel/cpu/common.c | 61 ++++++++++---------
|
2019-10-20 13:32:35 +00:00
|
|
|
drivers/base/cpu.c | 8 +++
|
|
|
|
include/linux/cpu.h | 2 +
|
2019-11-07 18:04:08 +00:00
|
|
|
7 files changed, 65 insertions(+), 28 deletions(-)
|
2019-10-20 13:32:35 +00:00
|
|
|
|
|
|
|
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
|
|
|
|
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -479,6 +479,7 @@ What: /sys/devices/system/cpu/vulnerabi
|
2019-10-20 13:32:35 +00:00
|
|
|
/sys/devices/system/cpu/vulnerabilities/l1tf
|
|
|
|
/sys/devices/system/cpu/vulnerabilities/mds
|
2019-11-07 18:04:08 +00:00
|
|
|
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
|
2019-10-20 13:32:35 +00:00
|
|
|
+ /sys/devices/system/cpu/vulnerabilities/itlb_multihit
|
|
|
|
Date: January 2018
|
|
|
|
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
|
|
|
|
Description: Information about CPU vulnerabilities
|
|
|
|
--- a/arch/x86/include/asm/cpufeatures.h
|
|
|
|
+++ b/arch/x86/include/asm/cpufeatures.h
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -390,5 +390,6 @@
|
2019-10-20 13:32:35 +00:00
|
|
|
#define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */
|
|
|
|
#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */
|
2019-11-07 18:04:08 +00:00
|
|
|
#define X86_BUG_TAA X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */
|
|
|
|
+#define X86_BUG_ITLB_MULTIHIT X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */
|
2019-10-20 13:32:35 +00:00
|
|
|
|
|
|
|
#endif /* _ASM_X86_CPUFEATURES_H */
|
|
|
|
--- a/arch/x86/include/asm/msr-index.h
|
|
|
|
+++ b/arch/x86/include/asm/msr-index.h
|
|
|
|
@@ -84,6 +84,13 @@
|
|
|
|
* Microarchitectural Data
|
|
|
|
* Sampling (MDS) vulnerabilities.
|
|
|
|
*/
|
|
|
|
+#define ARCH_CAP_PSCHANGE_MC_NO BIT(6) /*
|
|
|
|
+ * The processor is not susceptible to a
|
|
|
|
+ * machine check error due to modifying the
|
|
|
|
+ * code page size along with either the
|
|
|
|
+ * physical address or cache type
|
|
|
|
+ * without TLB invalidation.
|
|
|
|
+ */
|
2019-11-07 18:04:08 +00:00
|
|
|
#define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */
|
|
|
|
#define ARCH_CAP_TAA_NO BIT(8) /*
|
|
|
|
* Not susceptible to
|
2019-10-20 13:32:35 +00:00
|
|
|
--- a/arch/x86/kernel/cpu/bugs.c
|
|
|
|
+++ b/arch/x86/kernel/cpu/bugs.c
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -1391,6 +1391,11 @@ static ssize_t l1tf_show_state(char *buf
|
2019-10-20 13:32:35 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
+static ssize_t itlb_multihit_show_state(char *buf)
|
|
|
|
+{
|
|
|
|
+ return sprintf(buf, "Processor vulnerable\n");
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
static ssize_t mds_show_state(char *buf)
|
|
|
|
{
|
|
|
|
if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -1494,6 +1499,9 @@ static ssize_t cpu_show_common(struct de
|
|
|
|
case X86_BUG_TAA:
|
|
|
|
return tsx_async_abort_show_state(buf);
|
2019-10-20 13:32:35 +00:00
|
|
|
|
|
|
|
+ case X86_BUG_ITLB_MULTIHIT:
|
|
|
|
+ return itlb_multihit_show_state(buf);
|
|
|
|
+
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -1535,4 +1543,9 @@ ssize_t cpu_show_tsx_async_abort(struct
|
2019-10-20 13:32:35 +00:00
|
|
|
{
|
2019-11-07 18:04:08 +00:00
|
|
|
return cpu_show_common(dev, attr, buf, X86_BUG_TAA);
|
2019-10-20 13:32:35 +00:00
|
|
|
}
|
|
|
|
+
|
|
|
|
+ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr, char *buf)
|
|
|
|
+{
|
|
|
|
+ return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT);
|
|
|
|
+}
|
|
|
|
#endif
|
|
|
|
--- a/arch/x86/kernel/cpu/common.c
|
|
|
|
+++ b/arch/x86/kernel/cpu/common.c
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -946,13 +946,14 @@ static void identify_cpu_without_cpuid(s
|
2019-10-20 13:32:35 +00:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
-#define NO_SPECULATION BIT(0)
|
|
|
|
-#define NO_MELTDOWN BIT(1)
|
|
|
|
-#define NO_SSB BIT(2)
|
|
|
|
-#define NO_L1TF BIT(3)
|
|
|
|
-#define NO_MDS BIT(4)
|
|
|
|
-#define MSBDS_ONLY BIT(5)
|
|
|
|
-#define NO_SWAPGS BIT(6)
|
|
|
|
+#define NO_SPECULATION BIT(0)
|
|
|
|
+#define NO_MELTDOWN BIT(1)
|
|
|
|
+#define NO_SSB BIT(2)
|
|
|
|
+#define NO_L1TF BIT(3)
|
|
|
|
+#define NO_MDS BIT(4)
|
|
|
|
+#define MSBDS_ONLY BIT(5)
|
|
|
|
+#define NO_SWAPGS BIT(6)
|
|
|
|
+#define NO_ITLB_MULTIHIT BIT(7)
|
|
|
|
|
|
|
|
#define VULNWL(_vendor, _family, _model, _whitelist) \
|
|
|
|
{ X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -970,26 +971,26 @@ static const __initconst struct x86_cpu_
|
2019-10-20 13:32:35 +00:00
|
|
|
VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION),
|
|
|
|
|
|
|
|
/* Intel Family 6 */
|
|
|
|
- VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION),
|
|
|
|
- VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION),
|
|
|
|
- VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION),
|
|
|
|
- VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION),
|
|
|
|
- VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION),
|
|
|
|
-
|
|
|
|
- VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS),
|
|
|
|
- VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS),
|
|
|
|
- VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS),
|
|
|
|
- VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS),
|
|
|
|
- VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS),
|
|
|
|
- VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS),
|
|
|
|
+ VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION | NO_ITLB_MULTIHIT),
|
|
|
|
+
|
|
|
|
+ VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
|
|
|
|
VULNWL_INTEL(CORE_YONAH, NO_SSB),
|
|
|
|
|
|
|
|
- VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY | NO_SWAPGS),
|
|
|
|
+ VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
|
|
|
|
- VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS),
|
|
|
|
- VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF | NO_SWAPGS),
|
|
|
|
- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS),
|
|
|
|
+ VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Technically, swapgs isn't serializing on AMD (despite it previously
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -1000,13 +1001,13 @@ static const __initconst struct x86_cpu_
|
2019-10-20 13:32:35 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/* AMD Family 0xf - 0x12 */
|
|
|
|
- VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS),
|
|
|
|
- VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS),
|
|
|
|
- VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS),
|
|
|
|
- VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS),
|
|
|
|
+ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
+ VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
|
|
|
|
/* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
|
|
|
|
- VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS),
|
|
|
|
+ VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
|
|
|
|
{}
|
|
|
|
};
|
|
|
|
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -1031,6 +1032,10 @@ static void __init cpu_set_bug_bits(stru
|
2019-10-20 13:32:35 +00:00
|
|
|
{
|
2019-11-07 18:04:08 +00:00
|
|
|
u64 ia32_cap = x86_read_arch_cap_msr();
|
2019-10-20 13:32:35 +00:00
|
|
|
|
|
|
|
+ /* Set ITLB_MULTIHIT bug if cpu is not in the whitelist and not mitigated */
|
|
|
|
+ if (!cpu_matches(NO_ITLB_MULTIHIT) && !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO))
|
|
|
|
+ setup_force_cpu_bug(X86_BUG_ITLB_MULTIHIT);
|
|
|
|
+
|
|
|
|
if (cpu_matches(NO_SPECULATION))
|
|
|
|
return;
|
|
|
|
|
|
|
|
--- a/drivers/base/cpu.c
|
|
|
|
+++ b/drivers/base/cpu.c
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -559,6 +559,12 @@ ssize_t __weak cpu_show_tsx_async_abort(
|
2019-10-20 13:32:35 +00:00
|
|
|
return sprintf(buf, "Not affected\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
+ssize_t __weak cpu_show_itlb_multihit(struct device *dev,
|
|
|
|
+ struct device_attribute *attr, char *buf)
|
|
|
|
+{
|
|
|
|
+ return sprintf(buf, "Not affected\n");
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
|
|
|
|
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
|
|
|
|
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -566,6 +572,7 @@ static DEVICE_ATTR(spec_store_bypass, 04
|
2019-10-20 13:32:35 +00:00
|
|
|
static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL);
|
|
|
|
static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL);
|
2019-11-07 18:04:08 +00:00
|
|
|
static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL);
|
2019-10-20 13:32:35 +00:00
|
|
|
+static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL);
|
|
|
|
|
|
|
|
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
|
|
|
&dev_attr_meltdown.attr,
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -575,6 +582,7 @@ static struct attribute *cpu_root_vulner
|
2019-10-20 13:32:35 +00:00
|
|
|
&dev_attr_l1tf.attr,
|
|
|
|
&dev_attr_mds.attr,
|
2019-11-07 18:04:08 +00:00
|
|
|
&dev_attr_tsx_async_abort.attr,
|
2019-10-20 13:32:35 +00:00
|
|
|
+ &dev_attr_itlb_multihit.attr,
|
|
|
|
NULL
|
|
|
|
};
|
|
|
|
|
|
|
|
--- a/include/linux/cpu.h
|
|
|
|
+++ b/include/linux/cpu.h
|
2019-11-07 18:04:08 +00:00
|
|
|
@@ -62,6 +62,8 @@ extern ssize_t cpu_show_mds(struct devic
|
|
|
|
extern ssize_t cpu_show_tsx_async_abort(struct device *dev,
|
|
|
|
struct device_attribute *attr,
|
|
|
|
char *buf);
|
2019-10-20 13:32:35 +00:00
|
|
|
+extern ssize_t cpu_show_itlb_multihit(struct device *dev,
|
|
|
|
+ struct device_attribute *attr, char *buf);
|
|
|
|
|
|
|
|
extern __printf(4, 5)
|
|
|
|
struct device *cpu_device_create(struct device *parent, void *drvdata,
|