[x86] Update TAA patch set to v7
This commit is contained in:
parent
b2cc5e7f74
commit
537ad2315a
|
@ -14,7 +14,16 @@ linux (4.19.67-2+deb10u2) UNRELEASED; urgency=medium
|
|||
- kvm: mmu: ITLB_MULTIHIT mitigation
|
||||
- kvm: Add helper function for creating VM worker threads
|
||||
- kvm: x86: mmu: Recovery of shattered NX large pages
|
||||
* [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135).
|
||||
* [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
|
||||
- x86/msr: Add the IA32_TSX_CTRL MSR
|
||||
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
|
||||
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
|
||||
- x86/speculation/taa: Add mitigation for TSX Async Abort
|
||||
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
|
||||
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
|
||||
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
|
||||
- x86/speculation/taa: Add documentation for TSX Async Abort
|
||||
- x86/tsx: Add config options to set tsx=on|off|auto
|
||||
TSX is now disabled by default; see
|
||||
Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||
|
||||
|
|
|
@ -1,15 +1,17 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:22:56 -0700
|
||||
Subject: TAAv6 1
|
||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Date: Wed, 23 Oct 2019 10:45:50 +0200
|
||||
Subject: x86/msr: Add the IA32_TSX_CTRL MSR
|
||||
|
||||
Transactional Synchronization Extensions (TSX) may be used on certain
|
||||
processors as part of a speculative side channel attack. A microcode
|
||||
update for existing processors that are vulnerable to this attack will
|
||||
add a new MSR, IA32_TSX_CTRL to allow the system administrator the
|
||||
option to disable TSX as one of the possible mitigations. [Note that
|
||||
future processors that are not vulnerable will also support the
|
||||
IA32_TSX_CTRL MSR]. Add defines for the new IA32_TSX_CTRL MSR and its
|
||||
bits.
|
||||
add a new MSR - IA32_TSX_CTRL to allow the system administrator the
|
||||
option to disable TSX as one of the possible mitigations.
|
||||
|
||||
[ Note that future processors that are not vulnerable will also
|
||||
support the IA32_TSX_CTRL MSR. ]
|
||||
|
||||
Add defines for the new IA32_TSX_CTRL MSR and its bits.
|
||||
|
||||
TSX has two sub-features:
|
||||
|
||||
|
@ -23,27 +25,34 @@ IA32_TSX_CTRL MSR.
|
|||
|
||||
There are two control bits in IA32_TSX_CTRL MSR:
|
||||
|
||||
Bit 0: When set it disables the Restricted Transactional Memory (RTM)
|
||||
Bit 0: When set, it disables the Restricted Transactional Memory (RTM)
|
||||
sub-feature of TSX (will force all transactions to abort on the
|
||||
XBEGIN instruction).
|
||||
|
||||
Bit 1: When set it disables the enumeration of the RTM and HLE feature
|
||||
Bit 1: When set, it disables the enumeration of the RTM and HLE feature
|
||||
(i.e. it will make CPUID(EAX=7).EBX{bit4} and
|
||||
CPUID(EAX=7).EBX{bit11} read as 0).
|
||||
CPUID(EAX=7).EBX{bit11} read as 0).
|
||||
|
||||
The other TSX sub-feature, Hardware Lock Elision (HLE), is unconditionally
|
||||
disabled but still enumerated as present by CPUID(EAX=7).EBX{bit4}.
|
||||
The other TSX sub-feature, Hardware Lock Elision (HLE), is
|
||||
unconditionally disabled but still enumerated as present by
|
||||
CPUID(EAX=7).EBX{bit4}.
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
---
|
||||
arch/x86/include/asm/msr-index.h | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
||||
index f58e6921cbf7..f45ca8aad98f 100644
|
||||
index f58e6921cbf7..da7887a9f314 100644
|
||||
--- a/arch/x86/include/asm/msr-index.h
|
||||
+++ b/arch/x86/include/asm/msr-index.h
|
||||
@@ -91,6 +91,7 @@
|
||||
|
@ -59,7 +68,7 @@ index f58e6921cbf7..f45ca8aad98f 100644
|
|||
#define MSR_IA32_BBL_CR_CTL3 0x0000011e
|
||||
|
||||
+#define MSR_IA32_TSX_CTRL 0x00000122
|
||||
+#define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM fxeature */
|
||||
+#define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */
|
||||
+#define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */
|
||||
+
|
||||
#define MSR_IA32_SYSENTER_CS 0x00000174
|
|
@ -1,14 +1,20 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:23:56 -0700
|
||||
Subject: TAAv6 2
|
||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Date: Wed, 23 Oct 2019 10:52:35 +0200
|
||||
Subject: x86/cpu: Add a helper function x86_read_arch_cap_msr()
|
||||
|
||||
Add a helper function to read IA32_ARCH_CAPABILITIES MSR. If the CPU
|
||||
doesn't support this MSR return 0.
|
||||
Add a helper function to read the IA32_ARCH_CAPABILITIES MSR.
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||
Cc: Andy Lutomirski <luto@kernel.org>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
[bwh: Forward-ported on top of NX: Fix conflict (neighbouring changes)
|
||||
in arch/x86/kernel/cpu/common.c]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
@ -1,17 +1,40 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:24:56 -0700
|
||||
Subject: TAAv6 3
|
||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Date: Wed, 23 Oct 2019 11:01:53 +0200
|
||||
Subject: x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
|
||||
|
||||
Add kernel cmdline parameter "tsx" to control the Transactional
|
||||
Synchronization Extensions (TSX) feature. On CPUs that support TSX
|
||||
control, use "tsx=on|off" to enable or disable TSX. Not specifying this
|
||||
Add a kernel cmdline parameter "tsx" to control the Transactional
|
||||
Synchronization Extensions (TSX) feature. On CPUs that support TSX
|
||||
control, use "tsx=on|off" to enable or disable TSX. Not specifying this
|
||||
option is equivalent to "tsx=off". This is because on certain processors
|
||||
TSX may be used as a part of a speculative side channel attack.
|
||||
|
||||
Carve out the TSX controlling functionality into a separate compilation
|
||||
unit because TSX is a CPU feature while the TSX async abort control
|
||||
machinery will go to cpu/bugs.c.
|
||||
|
||||
[ bp: Massage, shorten and clear the arg buffer. ]
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
||||
Cc: Andy Lutomirski <luto@kernel.org>
|
||||
Cc: Babu Moger <Babu.Moger@amd.com>
|
||||
Cc: Fenghua Yu <fenghua.yu@intel.com>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Jonathan Corbet <corbet@lwn.net>
|
||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||
Cc: Juergen Gross <jgross@suse.com>
|
||||
Cc: Kees Cook <keescook@chromium.org>
|
||||
Cc: linux-doc@vger.kernel.org
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
|
||||
Cc: Rahul Tanwar <rahul.tanwar@linux.intel.com>
|
||||
Cc: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
|
||||
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
Cc: Zhao Yakui <yakui.zhao@intel.com>
|
||||
[bwh: Backported to 4.19: adjust context]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
|
@ -20,8 +43,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
arch/x86/kernel/cpu/common.c | 2 +
|
||||
arch/x86/kernel/cpu/cpu.h | 18 +++
|
||||
arch/x86/kernel/cpu/intel.c | 5 +
|
||||
arch/x86/kernel/cpu/tsx.c | 115 ++++++++++++++++++
|
||||
6 files changed, 152 insertions(+), 1 deletion(-)
|
||||
arch/x86/kernel/cpu/tsx.c | 119 ++++++++++++++++++
|
||||
6 files changed, 156 insertions(+), 1 deletion(-)
|
||||
create mode 100644 arch/x86/kernel/cpu/tsx.c
|
||||
|
||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
||||
|
@ -124,10 +147,10 @@ index fc3c07fe7df5..a5287b18a63f 100644
|
|||
#ifdef CONFIG_X86_32
|
||||
diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
|
||||
new file mode 100644
|
||||
index 000000000000..e39b33b7cef8
|
||||
index 000000000000..e5933ef50add
|
||||
--- /dev/null
|
||||
+++ b/arch/x86/kernel/cpu/tsx.c
|
||||
@@ -0,0 +1,115 @@
|
||||
@@ -0,0 +1,119 @@
|
||||
+// SPDX-License-Identifier: GPL-2.0
|
||||
+/*
|
||||
+ * Intel Transactional Synchronization Extensions (TSX) control.
|
||||
|
@ -138,7 +161,6 @@ index 000000000000..e39b33b7cef8
|
|||
+ * Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
+ */
|
||||
+
|
||||
+#include <linux/processor.h>
|
||||
+#include <linux/cpufeature.h>
|
||||
+
|
||||
+#include <asm/cmdline.h>
|
||||
|
@ -155,6 +177,7 @@ index 000000000000..e39b33b7cef8
|
|||
+
|
||||
+ /* Force all transactions to immediately abort */
|
||||
+ tsx |= TSX_CTRL_RTM_DISABLE;
|
||||
+
|
||||
+ /*
|
||||
+ * Ensure TSX support is not enumerated in CPUID.
|
||||
+ * This is visible to userspace and will ensure they
|
||||
|
@ -174,6 +197,7 @@ index 000000000000..e39b33b7cef8
|
|||
+
|
||||
+ /* Enable the RTM feature in the cpu */
|
||||
+ tsx &= ~TSX_CTRL_RTM_DISABLE;
|
||||
+
|
||||
+ /*
|
||||
+ * Ensure TSX support is enumerated in CPUID.
|
||||
+ * This is visible to userspace and will ensure they
|
||||
|
@ -198,7 +222,7 @@ index 000000000000..e39b33b7cef8
|
|||
+
|
||||
+void __init tsx_init(void)
|
||||
+{
|
||||
+ char arg[20];
|
||||
+ char arg[4] = {};
|
||||
+ int ret;
|
||||
+
|
||||
+ if (!tsx_ctrl_is_supported())
|
||||
|
@ -212,7 +236,7 @@ index 000000000000..e39b33b7cef8
|
|||
+ tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
+ } else {
|
||||
+ tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
+ pr_info("tsx: invalid option, defaulting to off\n");
|
||||
+ pr_err("tsx: invalid option, defaulting to off\n");
|
||||
+ }
|
||||
+ } else {
|
||||
+ /* tsx= not provided, defaulting to off */
|
||||
|
@ -221,6 +245,7 @@ index 000000000000..e39b33b7cef8
|
|||
+
|
||||
+ if (tsx_ctrl_state == TSX_CTRL_DISABLE) {
|
||||
+ tsx_disable();
|
||||
+
|
||||
+ /*
|
||||
+ * tsx_disable() will change the state of the
|
||||
+ * RTM CPUID bit. Clear it here since it is now
|
||||
|
@ -228,6 +253,7 @@ index 000000000000..e39b33b7cef8
|
|||
+ */
|
||||
+ setup_clear_cpu_cap(X86_FEATURE_RTM);
|
||||
+ } else if (tsx_ctrl_state == TSX_CTRL_ENABLE) {
|
||||
+
|
||||
+ /*
|
||||
+ * HW defaults TSX to be enabled at bootup.
|
||||
+ * We may still need the TSX enable support
|
||||
|
@ -235,6 +261,7 @@ index 000000000000..e39b33b7cef8
|
|||
+ * kexec after TSX is disabled.
|
||||
+ */
|
||||
+ tsx_enable();
|
||||
+
|
||||
+ /*
|
||||
+ * tsx_enable() will change the state of the
|
||||
+ * RTM CPUID bit. Force it here since it is now
|
|
@ -1,29 +1,33 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:25:56 -0700
|
||||
Subject: TAAv6 4
|
||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Date: Wed, 23 Oct 2019 11:30:45 +0200
|
||||
Subject: x86/speculation/taa: Add mitigation for TSX Async Abort
|
||||
|
||||
TSX Async Abort (TAA) is a side channel vulnerability to the internal
|
||||
buffers in some Intel processors similar to Microachitectural Data
|
||||
Sampling (MDS). In this case certain loads may speculatively pass
|
||||
Sampling (MDS). In this case, certain loads may speculatively pass
|
||||
invalid data to dependent operations when an asynchronous abort
|
||||
condition is pending in a TSX transaction. This includes loads with no
|
||||
fault or assist condition. Such loads may speculatively expose stale
|
||||
data from the uarch data structures as in MDS. Scope of exposure is
|
||||
within the same-thread and cross-thread. This issue affects all current
|
||||
processors that support TSX, but do not have ARCH_CAP_TAA_NO (bit 8) set
|
||||
in MSR_IA32_ARCH_CAPABILITIES.
|
||||
condition is pending in a TSX transaction.
|
||||
|
||||
This includes loads with no fault or assist condition. Such loads may
|
||||
speculatively expose stale data from the uarch data structures as in
|
||||
MDS. Scope of exposure is within the same-thread and cross-thread. This
|
||||
issue affects all current processors that support TSX, but do not have
|
||||
ARCH_CAP_TAA_NO (bit 8) set in MSR_IA32_ARCH_CAPABILITIES.
|
||||
|
||||
On CPUs which have their IA32_ARCH_CAPABILITIES MSR bit MDS_NO=0,
|
||||
CPUID.MD_CLEAR=1 and the MDS mitigation is clearing the CPU buffers
|
||||
using VERW or L1D_FLUSH, there is no additional mitigation needed for
|
||||
TAA.
|
||||
TAA. On affected CPUs with MDS_NO=1 this issue can be mitigated by
|
||||
disabling the Transactional Synchronization Extensions (TSX) feature.
|
||||
|
||||
On affected CPUs with MDS_NO=1 this issue can be mitigated by disabling
|
||||
Transactional Synchronization Extensions (TSX) feature. A new MSR
|
||||
IA32_TSX_CTRL in future and current processors after a microcode update
|
||||
can be used to control TSX feature. TSX_CTRL_RTM_DISABLE bit disables
|
||||
the TSX sub-feature Restricted Transactional Memory (RTM).
|
||||
TSX_CTRL_CPUID_CLEAR bit clears the RTM enumeration in CPUID. The other
|
||||
A new MSR IA32_TSX_CTRL in future and current processors after a
|
||||
microcode update can be used to control the TSX feature. There are two
|
||||
bits in that MSR:
|
||||
|
||||
* TSX_CTRL_RTM_DISABLE disables the TSX sub-feature Restricted
|
||||
Transactional Memory (RTM).
|
||||
|
||||
* TSX_CTRL_CPUID_CLEAR clears the RTM enumeration in CPUID. The other
|
||||
TSX sub-feature, Hardware Lock Elision (HLE), is unconditionally
|
||||
disabled with updated microcode but still enumerated as present by
|
||||
CPUID(EAX=7).EBX{bit4}.
|
||||
|
@ -32,17 +36,36 @@ The second mitigation approach is similar to MDS which is clearing the
|
|||
affected CPU buffers on return to user space and when entering a guest.
|
||||
Relevant microcode update is required for the mitigation to work. More
|
||||
details on this approach can be found here:
|
||||
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html
|
||||
|
||||
TSX feature can be controlled by the "tsx" command line parameter. If
|
||||
the TSX feature is forced to be enabled then "Clear CPU buffers" (MDS
|
||||
mitigation) is deployed. The effective mitigation state can be read from
|
||||
sysfs.
|
||||
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html
|
||||
|
||||
The TSX feature can be controlled by the "tsx" command line parameter.
|
||||
If it is force-enabled then "Clear CPU buffers" (MDS mitigation) is
|
||||
deployed. The effective mitigation state can be read from sysfs.
|
||||
|
||||
[ bp:
|
||||
- massage + comments cleanup
|
||||
- s/TAA_MITIGATION_TSX_DISABLE/TAA_MITIGATION_TSX_DISABLED/g - Josh.
|
||||
- remove partial TAA mitigation in update_mds_branch_idle() - Josh.
|
||||
- s/tsx_async_abort_cmdline/tsx_async_abort_parse_cmdline/g
|
||||
]
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
||||
Cc: Andy Lutomirski <luto@kernel.org>
|
||||
Cc: Fenghua Yu <fenghua.yu@intel.com>
|
||||
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||
Cc: Kees Cook <keescook@chromium.org>
|
||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
|
||||
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: Thomas Lendacky <Thomas.Lendacky@amd.com>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
[bwh: Forward-ported on top of NX: Renumber bug bit after
|
||||
X86_BUG_ITLB_MULTIHIT]
|
||||
[bwh: Backported to 4.19: Add #include "cpu.h" in bugs.c]
|
||||
|
@ -52,9 +75,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
arch/x86/include/asm/msr-index.h | 4 +
|
||||
arch/x86/include/asm/nospec-branch.h | 4 +-
|
||||
arch/x86/include/asm/processor.h | 7 ++
|
||||
arch/x86/kernel/cpu/bugs.c | 129 ++++++++++++++++++++++++++-
|
||||
arch/x86/kernel/cpu/bugs.c | 112 +++++++++++++++++++++++++++
|
||||
arch/x86/kernel/cpu/common.c | 15 ++++
|
||||
6 files changed, 156 insertions(+), 4 deletions(-)
|
||||
6 files changed, 141 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
|
||||
index ccad4f183400..5a2eecfed727 100644
|
||||
|
@ -68,7 +91,7 @@ index ccad4f183400..5a2eecfed727 100644
|
|||
|
||||
#endif /* _ASM_X86_CPUFEATURES_H */
|
||||
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
||||
index f45ca8aad98f..6d17eb64cc69 100644
|
||||
index da7887a9f314..0f4feee6d082 100644
|
||||
--- a/arch/x86/include/asm/msr-index.h
|
||||
+++ b/arch/x86/include/asm/msr-index.h
|
||||
@@ -92,6 +92,10 @@
|
||||
|
@ -105,7 +128,7 @@ index 28cb2b31527a..09c7466c4880 100644
|
|||
* Clear CPU buffers if the corresponding static key is enabled
|
||||
*/
|
||||
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
|
||||
index b54f25697beb..4a163f33a07d 100644
|
||||
index b54f25697beb..efb44bd3a714 100644
|
||||
--- a/arch/x86/include/asm/processor.h
|
||||
+++ b/arch/x86/include/asm/processor.h
|
||||
@@ -1003,4 +1003,11 @@ enum mds_mitigations {
|
||||
|
@ -116,12 +139,12 @@ index b54f25697beb..4a163f33a07d 100644
|
|||
+ TAA_MITIGATION_OFF,
|
||||
+ TAA_MITIGATION_UCODE_NEEDED,
|
||||
+ TAA_MITIGATION_VERW,
|
||||
+ TAA_MITIGATION_TSX_DISABLE,
|
||||
+ TAA_MITIGATION_TSX_DISABLED,
|
||||
+};
|
||||
+
|
||||
#endif /* _ASM_X86_PROCESSOR_H */
|
||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
||||
index 1e764992fa64..841f106a277a 100644
|
||||
index 1e764992fa64..828b2fe4bc0a 100644
|
||||
--- a/arch/x86/kernel/cpu/bugs.c
|
||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
||||
@@ -32,11 +32,14 @@
|
||||
|
@ -147,7 +170,7 @@ index 1e764992fa64..841f106a277a 100644
|
|||
|
||||
arch_smt_update();
|
||||
|
||||
@@ -266,6 +270,110 @@ static int __init mds_cmdline(char *str)
|
||||
@@ -266,6 +270,100 @@ static int __init mds_cmdline(char *str)
|
||||
}
|
||||
early_param("mds", mds_cmdline);
|
||||
|
||||
|
@ -162,44 +185,32 @@ index 1e764992fa64..841f106a277a 100644
|
|||
+ [TAA_MITIGATION_OFF] = "Vulnerable",
|
||||
+ [TAA_MITIGATION_UCODE_NEEDED] = "Vulnerable: Clear CPU buffers attempted, no microcode",
|
||||
+ [TAA_MITIGATION_VERW] = "Mitigation: Clear CPU buffers",
|
||||
+ [TAA_MITIGATION_TSX_DISABLE] = "Mitigation: TSX disabled",
|
||||
+ [TAA_MITIGATION_TSX_DISABLED] = "Mitigation: TSX disabled",
|
||||
+};
|
||||
+
|
||||
+static void __init taa_select_mitigation(void)
|
||||
+{
|
||||
+ u64 ia32_cap = x86_read_arch_cap_msr();
|
||||
+ u64 ia32_cap;
|
||||
+
|
||||
+ if (!boot_cpu_has_bug(X86_BUG_TAA)) {
|
||||
+ taa_mitigation = TAA_MITIGATION_OFF;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * As X86_BUG_TAA=1, TSX feature is supported by the hardware. If
|
||||
+ * TSX was disabled (X86_FEATURE_RTM=0) earlier during tsx_init().
|
||||
+ * Select TSX_DISABLE as mitigation.
|
||||
+ *
|
||||
+ * This check is ahead of mitigations=off and tsx_async_abort=off
|
||||
+ * because when TSX is disabled mitigation is already in place. This
|
||||
+ * ensures sysfs doesn't show "Vulnerable" when TSX is disabled.
|
||||
+ */
|
||||
+ /* TSX previously disabled by tsx=off */
|
||||
+ if (!boot_cpu_has(X86_FEATURE_RTM)) {
|
||||
+ taa_mitigation = TAA_MITIGATION_TSX_DISABLE;
|
||||
+ pr_info("%s\n", taa_strings[taa_mitigation]);
|
||||
+ return;
|
||||
+ taa_mitigation = TAA_MITIGATION_TSX_DISABLED;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ /* All mitigations turned off from cmdline (mitigations=off) */
|
||||
+ if (cpu_mitigations_off()) {
|
||||
+ taa_mitigation = TAA_MITIGATION_OFF;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* TAA mitigation is turned off from cmdline (tsx_async_abort=off) */
|
||||
+ if (taa_mitigation == TAA_MITIGATION_OFF) {
|
||||
+ pr_info("%s\n", taa_strings[taa_mitigation]);
|
||||
+ return;
|
||||
+ }
|
||||
+ /* TAA mitigation is turned off on the cmdline (tsx_async_abort=off) */
|
||||
+ if (taa_mitigation == TAA_MITIGATION_OFF)
|
||||
+ goto out;
|
||||
+
|
||||
+ if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
|
||||
+ taa_mitigation = TAA_MITIGATION_VERW;
|
||||
|
@ -208,20 +219,21 @@ index 1e764992fa64..841f106a277a 100644
|
|||
+
|
||||
+ /*
|
||||
+ * VERW doesn't clear the CPU buffers when MD_CLEAR=1 and MDS_NO=1.
|
||||
+ * A microcode update fixes this behavior to clear CPU buffers.
|
||||
+ * Microcode update also adds support for MSR_IA32_TSX_CTRL which
|
||||
+ * is enumerated by ARCH_CAP_TSX_CTRL_MSR bit.
|
||||
+ * A microcode update fixes this behavior to clear CPU buffers. It also
|
||||
+ * adds support for MSR_IA32_TSX_CTRL which is enumerated by the
|
||||
+ * ARCH_CAP_TSX_CTRL_MSR bit.
|
||||
+ *
|
||||
+ * On MDS_NO=1 CPUs if ARCH_CAP_TSX_CTRL_MSR is not set, microcode
|
||||
+ * update is required.
|
||||
+ */
|
||||
+ if ((ia32_cap & ARCH_CAP_MDS_NO) &&
|
||||
+ ia32_cap = x86_read_arch_cap_msr();
|
||||
+ if ( (ia32_cap & ARCH_CAP_MDS_NO) &&
|
||||
+ !(ia32_cap & ARCH_CAP_TSX_CTRL_MSR))
|
||||
+ taa_mitigation = TAA_MITIGATION_UCODE_NEEDED;
|
||||
+
|
||||
+ /*
|
||||
+ * TSX is enabled, select alternate mitigation for TAA which is
|
||||
+ * same as MDS. Enable MDS static branch to clear CPU buffers.
|
||||
+ * the same as MDS. Enable MDS static branch to clear CPU buffers.
|
||||
+ *
|
||||
+ * For guests that can't determine whether the correct microcode is
|
||||
+ * present on host, enable the mitigation for UCODE_NEEDED as well.
|
||||
|
@ -231,10 +243,11 @@ index 1e764992fa64..841f106a277a 100644
|
|||
+ if (taa_nosmt || cpu_mitigations_auto_nosmt())
|
||||
+ cpu_smt_disable(false);
|
||||
+
|
||||
+out:
|
||||
+ pr_info("%s\n", taa_strings[taa_mitigation]);
|
||||
+}
|
||||
+
|
||||
+static int __init tsx_async_abort_cmdline(char *str)
|
||||
+static int __init tsx_async_abort_parse_cmdline(char *str)
|
||||
+{
|
||||
+ if (!boot_cpu_has_bug(X86_BUG_TAA))
|
||||
+ return 0;
|
||||
|
@ -253,34 +266,12 @@ index 1e764992fa64..841f106a277a 100644
|
|||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+early_param("tsx_async_abort", tsx_async_abort_cmdline);
|
||||
+early_param("tsx_async_abort", tsx_async_abort_parse_cmdline);
|
||||
+
|
||||
#undef pr_fmt
|
||||
#define pr_fmt(fmt) "Spectre V1 : " fmt
|
||||
|
||||
@@ -751,7 +859,7 @@ static void update_indir_branch_cond(void)
|
||||
#undef pr_fmt
|
||||
#define pr_fmt(fmt) fmt
|
||||
|
||||
-/* Update the static key controlling the MDS CPU buffer clear in idle */
|
||||
+/* Update the static key controlling the MDS and TAA CPU buffer clear in idle */
|
||||
static void update_mds_branch_idle(void)
|
||||
{
|
||||
/*
|
||||
@@ -761,8 +869,11 @@ static void update_mds_branch_idle(void)
|
||||
* The other variants cannot be mitigated when SMT is enabled, so
|
||||
* clearing the buffers on idle just to prevent the Store Buffer
|
||||
* repartitioning leak would be a window dressing exercise.
|
||||
+ *
|
||||
+ * Apply idle buffer clearing to TAA affected CPUs also.
|
||||
*/
|
||||
- if (!boot_cpu_has_bug(X86_BUG_MSBDS_ONLY))
|
||||
+ if (!boot_cpu_has_bug(X86_BUG_MSBDS_ONLY) &&
|
||||
+ !boot_cpu_has_bug(X86_BUG_TAA))
|
||||
return;
|
||||
|
||||
if (sched_smt_active())
|
||||
@@ -772,6 +883,7 @@ static void update_mds_branch_idle(void)
|
||||
@@ -772,6 +870,7 @@ static void update_mds_branch_idle(void)
|
||||
}
|
||||
|
||||
#define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n"
|
||||
|
@ -288,7 +279,7 @@ index 1e764992fa64..841f106a277a 100644
|
|||
|
||||
void arch_smt_update(void)
|
||||
{
|
||||
@@ -804,6 +916,19 @@ void arch_smt_update(void)
|
||||
@@ -804,6 +903,19 @@ void arch_smt_update(void)
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -300,7 +291,7 @@ index 1e764992fa64..841f106a277a 100644
|
|||
+ /* TSX is enabled, apply MDS idle buffer clearing. */
|
||||
+ update_mds_branch_idle();
|
||||
+ break;
|
||||
+ case TAA_MITIGATION_TSX_DISABLE:
|
||||
+ case TAA_MITIGATION_TSX_DISABLED:
|
||||
+ case TAA_MITIGATION_OFF:
|
||||
+ break;
|
||||
+ }
|
||||
|
@ -309,7 +300,7 @@ index 1e764992fa64..841f106a277a 100644
|
|||
}
|
||||
|
||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
||||
index 5f89d78fe132..394bcb0403c9 100644
|
||||
index 5f89d78fe132..de1e552c9705 100644
|
||||
--- a/arch/x86/kernel/cpu/common.c
|
||||
+++ b/arch/x86/kernel/cpu/common.c
|
||||
@@ -1058,6 +1058,21 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
|
||||
|
@ -317,17 +308,17 @@ index 5f89d78fe132..394bcb0403c9 100644
|
|||
setup_force_cpu_bug(X86_BUG_SWAPGS);
|
||||
|
||||
+ /*
|
||||
+ * When processor is not mitigated for TAA (TAA_NO=0) set TAA bug when:
|
||||
+ * When the CPU is not mitigated for TAA (TAA_NO=0) set TAA bug when:
|
||||
+ * - TSX is supported or
|
||||
+ * - TSX_CTRL is supported
|
||||
+ * - TSX_CTRL is present
|
||||
+ *
|
||||
+ * TSX_CTRL check is needed for cases when TSX could be disabled before
|
||||
+ * the kernel boot e.g. kexec
|
||||
+ * the kernel boot e.g. kexec.
|
||||
+ * TSX_CTRL check alone is not sufficient for cases when the microcode
|
||||
+ * update is not present or running as guest that don't get TSX_CTRL.
|
||||
+ */
|
||||
+ if (!(ia32_cap & ARCH_CAP_TAA_NO) &&
|
||||
+ (boot_cpu_has(X86_FEATURE_RTM) ||
|
||||
+ (cpu_has(c, X86_FEATURE_RTM) ||
|
||||
+ (ia32_cap & ARCH_CAP_TSX_CTRL_MSR)))
|
||||
+ setup_force_cpu_bug(X86_BUG_TAA);
|
||||
+
|
|
@ -1,18 +1,27 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:26:56 -0700
|
||||
Subject: TAAv6 5
|
||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Date: Wed, 23 Oct 2019 12:19:51 +0200
|
||||
Subject: x86/speculation/taa: Add sysfs reporting for TSX Async Abort
|
||||
|
||||
Add the sysfs reporting file for TSX Async Abort. It exposes the
|
||||
vulnerability and the mitigation state similar to the existing files for
|
||||
the other hardware vulnerabilities.
|
||||
|
||||
sysfs file path is:
|
||||
Sysfs file path is:
|
||||
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Jiri Kosina <jkosina@suse.cz>
|
||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
[bwh: Forward-ported on top of NX: Fix conflicts (neighbouring
|
||||
insertions) in arch/x86/kernel/cpu/bugs.c, drivers/base/cpu.c,
|
||||
include/linux/cpu.h]
|
||||
|
@ -24,16 +33,16 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
3 files changed, 35 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
||||
index 841f106a277a..c435bc5dc19b 100644
|
||||
index 828b2fe4bc0a..1ed43b858c52 100644
|
||||
--- a/arch/x86/kernel/cpu/bugs.c
|
||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
||||
@@ -1439,6 +1439,21 @@ static ssize_t mds_show_state(char *buf)
|
||||
@@ -1426,6 +1426,21 @@ static ssize_t mds_show_state(char *buf)
|
||||
sched_smt_active() ? "vulnerable" : "disabled");
|
||||
}
|
||||
|
||||
+static ssize_t tsx_async_abort_show_state(char *buf)
|
||||
+{
|
||||
+ if ((taa_mitigation == TAA_MITIGATION_TSX_DISABLE) ||
|
||||
+ if ((taa_mitigation == TAA_MITIGATION_TSX_DISABLED) ||
|
||||
+ (taa_mitigation == TAA_MITIGATION_OFF))
|
||||
+ return sprintf(buf, "%s\n", taa_strings[taa_mitigation]);
|
||||
+
|
||||
|
@ -49,7 +58,7 @@ index 841f106a277a..c435bc5dc19b 100644
|
|||
static char *stibp_state(void)
|
||||
{
|
||||
if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
|
||||
@@ -1510,6 +1525,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
|
||||
@@ -1497,6 +1512,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
|
||||
case X86_BUG_ITLB_MULTIHIT:
|
||||
return itlb_multihit_show_state(buf);
|
||||
|
||||
|
@ -59,7 +68,7 @@ index 841f106a277a..c435bc5dc19b 100644
|
|||
default:
|
||||
break;
|
||||
}
|
||||
@@ -1551,4 +1569,9 @@ ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr
|
||||
@@ -1538,4 +1556,9 @@ ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr
|
||||
{
|
||||
return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT);
|
||||
}
|
|
@ -1,12 +1,12 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:27:56 -0700
|
||||
Subject: TAAv6 6
|
||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Date: Wed, 23 Oct 2019 12:23:33 +0200
|
||||
Subject: kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
|
||||
|
||||
Export IA32_ARCH_CAPABILITIES MSR bit MDS_NO=0 to guests on TSX Async
|
||||
Abort(TAA) affected hosts that have TSX enabled and updated microcode.
|
||||
This is required so that the guests don't complain,
|
||||
Export the IA32_ARCH_CAPABILITIES MSR bit MDS_NO=0 to guests on TSX
|
||||
Async Abort(TAA) affected hosts that have TSX enabled and updated
|
||||
microcode. This is required so that the guests don't complain,
|
||||
|
||||
"Vulnerable: Clear CPU buffers attempted, no microcode"
|
||||
"Vulnerable: Clear CPU buffers attempted, no microcode"
|
||||
|
||||
when the host has the updated microcode to clear CPU buffers.
|
||||
|
||||
|
@ -16,29 +16,39 @@ Guests can't do this check themselves when the ARCH_CAP_TSX_CTRL bit is
|
|||
not exported to the guests.
|
||||
|
||||
In this case export MDS_NO=0 to the guests. When guests have
|
||||
CPUID.MD_CLEAR=1 guests deploy MDS mitigation which also mitigates TAA.
|
||||
CPUID.MD_CLEAR=1, they deploy MDS mitigation which also mitigates TAA.
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Joerg Roedel <joro@8bytes.org>
|
||||
Cc: kvm ML <kvm@vger.kernel.org>
|
||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Cc: "Radim Krcmar" <rkrcmar@redhat.com>
|
||||
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
---
|
||||
arch/x86/kvm/x86.c | 19 +++++++++++++++++++
|
||||
1 file changed, 19 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
||||
index 1ecadf51f154..5ccf79739b2b 100644
|
||||
index da688e726632..c68ee8d1ef8c 100644
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -1143,6 +1143,25 @@ u64 kvm_get_arch_capabilities(void)
|
||||
@@ -1151,6 +1151,25 @@ u64 kvm_get_arch_capabilities(void)
|
||||
if (l1tf_vmx_mitigation != VMENTER_L1D_FLUSH_NEVER)
|
||||
data |= ARCH_CAP_SKIP_VMENTRY_L1DFLUSH;
|
||||
|
||||
+ /*
|
||||
+ * On TAA affected systems, export MDS_NO=0 when:
|
||||
+ * - TSX is enabled on host, i.e. X86_FEATURE_RTM=1.
|
||||
+ * - TSX is enabled on the host, i.e. X86_FEATURE_RTM=1.
|
||||
+ * - Updated microcode is present. This is detected by
|
||||
+ * the presence of ARCH_CAP_TSX_CTRL_MSR. This ensures
|
||||
+ * VERW clears CPU buffers.
|
||||
+ * the presence of ARCH_CAP_TSX_CTRL_MSR and ensures
|
||||
+ * that VERW clears CPU buffers.
|
||||
+ *
|
||||
+ * When MDS_NO=0 is exported, guests deploy clear CPU buffer
|
||||
+ * mitigation and don't complain:
|
|
@ -1,6 +1,6 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:28:56 -0700
|
||||
Subject: TAAv6 7
|
||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Date: Wed, 23 Oct 2019 12:28:57 +0200
|
||||
Subject: x86/tsx: Add "auto" option to the tsx= cmdline parameter
|
||||
|
||||
Platforms which are not affected by X86_BUG_TAA may want the TSX feature
|
||||
enabled. Add "auto" option to the TSX cmdline parameter. When tsx=auto
|
||||
|
@ -9,16 +9,30 @@ disable TSX when X86_BUG_TAA is present, otherwise enable TSX.
|
|||
More details on X86_BUG_TAA can be found here:
|
||||
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html
|
||||
|
||||
[ bp: Extend the arg buffer to accommodate "auto\0". ]
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: "Paul E. McKenney" <paulmck@linux.ibm.com>
|
||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Jonathan Corbet <corbet@lwn.net>
|
||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||
Cc: Juergen Gross <jgross@suse.com>
|
||||
Cc: linux-doc@vger.kernel.org
|
||||
Cc: Mark Gross <mgross@linux.intel.com>
|
||||
Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
---
|
||||
Documentation/admin-guide/kernel-parameters.txt | 5 +++++
|
||||
arch/x86/kernel/cpu/tsx.c | 5 +++++
|
||||
2 files changed, 10 insertions(+)
|
||||
arch/x86/kernel/cpu/tsx.c | 7 ++++++-
|
||||
2 files changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
||||
index f03756d2addb..dffdd4d86f4b 100644
|
||||
index f03756d2addb..e6a58cbbfab8 100644
|
||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||
@@ -4715,6 +4715,11 @@
|
||||
|
@ -28,16 +42,25 @@ index f03756d2addb..dffdd4d86f4b 100644
|
|||
+ auto - Disable TSX if X86_BUG_TAA is present,
|
||||
+ otherwise enable TSX on the system.
|
||||
+
|
||||
+ More details on X86_BUG_TAA are here:
|
||||
+ More details on X86_BUG_TAA here:
|
||||
+ Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||
|
||||
Not specifying this option is equivalent to tsx=off.
|
||||
|
||||
diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
|
||||
index e39b33b7cef8..e93abe6f0bb9 100644
|
||||
index e5933ef50add..89ab91eacd4f 100644
|
||||
--- a/arch/x86/kernel/cpu/tsx.c
|
||||
+++ b/arch/x86/kernel/cpu/tsx.c
|
||||
@@ -80,6 +80,11 @@ void __init tsx_init(void)
|
||||
@@ -69,7 +69,7 @@ static bool __init tsx_ctrl_is_supported(void)
|
||||
|
||||
void __init tsx_init(void)
|
||||
{
|
||||
- char arg[4] = {};
|
||||
+ char arg[5] = {};
|
||||
int ret;
|
||||
|
||||
if (!tsx_ctrl_is_supported())
|
||||
@@ -81,6 +81,11 @@ void __init tsx_init(void)
|
||||
tsx_ctrl_state = TSX_CTRL_ENABLE;
|
||||
} else if (!strcmp(arg, "off")) {
|
||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
|
@ -48,4 +71,4 @@ index e39b33b7cef8..e93abe6f0bb9 100644
|
|||
+ tsx_ctrl_state = TSX_CTRL_ENABLE;
|
||||
} else {
|
||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
pr_info("tsx: invalid option, defaulting to off\n");
|
||||
pr_err("tsx: invalid option, defaulting to off\n");
|
|
@ -1,16 +1,29 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:29:57 -0700
|
||||
Subject: TAAv6 8
|
||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Date: Wed, 23 Oct 2019 12:32:55 +0200
|
||||
Subject: x86/speculation/taa: Add documentation for TSX Async Abort
|
||||
|
||||
Add the documenation for TSX Async Abort. Include the description of
|
||||
the issue, how to check the mitigation state, control the mitigation,
|
||||
guidance for system administrators.
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
[ bp: Add proper SPDX tags, touch ups. ]
|
||||
|
||||
Co-developed-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com>
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Signed-off-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
||||
Cc: Fenghua Yu <fenghua.yu@intel.com>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Jonathan Corbet <corbet@lwn.net>
|
||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||
Cc: Juergen Gross <jgross@suse.com>
|
||||
Cc: linux-doc@vger.kernel.org
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
[bwh: Forward-ported on top of NX: Fix conflict (neighbouring
|
||||
insertions) in Documentation/ABI/testing/sysfs-devices-system-cpu]
|
||||
[bwh: Backported to 4.19: adjust context]
|
||||
|
@ -18,11 +31,11 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
---
|
||||
.../ABI/testing/sysfs-devices-system-cpu | 1 +
|
||||
Documentation/admin-guide/hw-vuln/index.rst | 1 +
|
||||
.../admin-guide/hw-vuln/tsx_async_abort.rst | 240 ++++++++++++++++++
|
||||
.../admin-guide/hw-vuln/tsx_async_abort.rst | 256 ++++++++++++++++++
|
||||
.../admin-guide/kernel-parameters.txt | 36 +++
|
||||
Documentation/x86/index.rst | 1 +
|
||||
Documentation/x86/tsx_async_abort.rst | 54 ++++
|
||||
6 files changed, 333 insertions(+)
|
||||
Documentation/x86/tsx_async_abort.rst | 117 ++++++++
|
||||
6 files changed, 412 insertions(+)
|
||||
create mode 100644 Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||
create mode 100644 Documentation/x86/tsx_async_abort.rst
|
||||
|
||||
|
@ -45,7 +58,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+ tsx_async_abort
|
||||
--- /dev/null
|
||||
+++ b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||
@@ -0,0 +1,240 @@
|
||||
@@ -0,0 +1,256 @@
|
||||
+.. SPDX-License-Identifier: GPL-2.0
|
||||
+
|
||||
+TAA - TSX Asynchronous Abort
|
||||
+======================================
|
||||
+
|
||||
|
@ -59,7 +74,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+This vulnerability only affects Intel processors that support Intel
|
||||
+Transactional Synchronization Extensions (TSX) when the TAA_NO bit (bit 8)
|
||||
+is 0 in the IA32_ARCH_CAPABILITIES MSR. On processors where the MDS_NO bit
|
||||
+(bit 5)is 0 in the IA32_ARCH_CAPABILITIES MSR, the existing MDS mitigations
|
||||
+(bit 5) is 0 in the IA32_ARCH_CAPABILITIES MSR, the existing MDS mitigations
|
||||
+also mitigate against TAA.
|
||||
+
|
||||
+Whether a processor is affected or not can be read out from the TAA
|
||||
|
@ -81,13 +96,13 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+Problem
|
||||
+-------
|
||||
+
|
||||
+When performing store, load, L1 refill operations, processors write data into
|
||||
+temporary microarchitectural structures (buffers). The data in the buffer can
|
||||
+be forwarded to load operations as an optimization.
|
||||
+When performing store, load or L1 refill operations, processors write
|
||||
+data into temporary microarchitectural structures (buffers). The data in
|
||||
+those buffers can be forwarded to load operations as an optimization.
|
||||
+
|
||||
+Intel TSX are an extension to the x86 instruction set architecture that adds
|
||||
+Intel TSX is an extension to the x86 instruction set architecture that adds
|
||||
+hardware transactional memory support to improve performance of multi-threaded
|
||||
+software. TSX lets the processor expose and exploit concurrence hidden in an
|
||||
+software. TSX lets the processor expose and exploit concurrency hidden in an
|
||||
+application due to dynamically avoiding unnecessary synchronization.
|
||||
+
|
||||
+TSX supports atomic memory transactions that are either committed (success) or
|
||||
|
@ -108,8 +123,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+attacker needs to begin a TSX transaction and raise an asynchronous abort
|
||||
+to try to leak some of data stored in the buffers.
|
||||
+
|
||||
+Deeper technical information is available in the TAA specific x86 architecture
|
||||
+section: :ref:`Documentation/x86/tsx_async_abort.rst <tsx_async_abort>`.
|
||||
+More detailed technical information is available in the TAA specific x86
|
||||
+architecture section: :ref:`Documentation/x86/tsx_async_abort.rst <tsx_async_abort>`.
|
||||
+
|
||||
+
|
||||
+Attack scenarios
|
||||
|
@ -180,8 +195,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+
|
||||
+
|
||||
+The mitigation can be controlled at boot time via a kernel command line option.
|
||||
+See :ref:`taa_mitigation_control_command_line`. It also provides a sysfs
|
||||
+interface. See :ref:`taa_mitigation_sysfs`.
|
||||
+See :ref:`taa_mitigation_control_command_line`.
|
||||
+
|
||||
+.. _virt_mechanism:
|
||||
+
|
||||
|
@ -254,6 +268,21 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+buffers. For platforms without TSX control "tsx" command line argument has no
|
||||
+effect.
|
||||
+
|
||||
+For the affected platforms below table indicates the mitigation status for the
|
||||
+combinations of CPUID bit MD_CLEAR and IA32_ARCH_CAPABILITIES MSR bits MDS_NO
|
||||
+and TSX_CTRL_MSR.
|
||||
+
|
||||
+ ======= ========= ============= ========================================
|
||||
+ MDS_NO MD_CLEAR TSX_CTRL_MSR Status
|
||||
+ ======= ========= ============= ========================================
|
||||
+ 0 0 0 Vulnerable (needs ucode)
|
||||
+ 0 1 0 MDS and TAA mitigated via VERW
|
||||
+ 1 1 0 MDS fixed, TAA vulnerable if TSX enabled
|
||||
+ because MD_CLEAR has no meaning and
|
||||
+ VERW is not guaranteed to clear buffers
|
||||
+ 1 X 1 MDS fixed, TAA can be mitigated by
|
||||
+ VERW or TSX_CTRL_MSR
|
||||
+ ======= ========= ============= ========================================
|
||||
+
|
||||
+Mitigation selection guide
|
||||
+--------------------------
|
||||
|
@ -285,7 +314,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+
|
||||
+The kernel's default action for vulnerable processors is:
|
||||
+
|
||||
+ - Deploy TSX disable mitigation (tsx_async_abort=full).
|
||||
+ - Deploy TSX disable mitigation (tsx_async_abort=full tsx=off).
|
||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||
@@ -2538,6 +2538,7 @@
|
||||
|
@ -304,9 +333,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
|
||||
mminit_loglevel=
|
||||
[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
|
||||
@@ -4528,6 +4530,40 @@
|
||||
neutralize any effect of /proc/sys/kernel/sysrq.
|
||||
Useful for debugging.
|
||||
@@ -4718,6 +4720,40 @@
|
||||
|
||||
Not specifying this option is equivalent to tsx=off.
|
||||
|
||||
+ tsx_async_abort= [X86,INTEL] Control mitigation for the TSX Async
|
||||
+ Abort (TAA) vulnerability.
|
||||
|
@ -342,9 +371,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+ For details see:
|
||||
+ Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||
+
|
||||
tcpmhash_entries= [KNL,NET]
|
||||
Set the number of tcp_metrics_hash slots.
|
||||
Default value is 8192 or 16384 depending on total
|
||||
turbografx.map[2|3]= [HW,JOY]
|
||||
TurboGraFX parallel port interface
|
||||
Format:
|
||||
--- a/Documentation/x86/index.rst
|
||||
+++ b/Documentation/x86/index.rst
|
||||
@@ -6,3 +6,4 @@ x86 architecture specifics
|
||||
|
@ -354,9 +383,11 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+ tsx_async_abort
|
||||
--- /dev/null
|
||||
+++ b/Documentation/x86/tsx_async_abort.rst
|
||||
@@ -0,0 +1,54 @@
|
||||
@@ -0,0 +1,117 @@
|
||||
+.. SPDX-License-Identifier: GPL-2.0
|
||||
+
|
||||
+TSX Async Abort (TAA) mitigation
|
||||
+=================================================
|
||||
+================================
|
||||
+
|
||||
+.. _tsx_async_abort:
|
||||
+
|
||||
|
@ -376,15 +407,14 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+Mitigation strategy
|
||||
+-------------------
|
||||
+
|
||||
+a) TSX disable - One of the mitigation is to disable TSX feature. A new MSR
|
||||
+IA32_TSX_CTRL will be available in future and current processors and after a
|
||||
+microcode update in which can be used to disable TSX. This MSR can be used to
|
||||
+disable the TSX feature and the enumeration of the TSX feature bits(RTM and
|
||||
+HLE) in CPUID.
|
||||
+a) TSX disable - one of the mitigations is to disable TSX. A new MSR
|
||||
+IA32_TSX_CTRL will be available in future and current processors after
|
||||
+microcode update which can be used to disable TSX. In addition, it
|
||||
+controls the enumeration of the TSX feature bits (RTM and HLE) in CPUID.
|
||||
+
|
||||
+b) CPU clear buffers - Similar to MDS, clearing the CPU buffers mitigates this
|
||||
+vulnerability. More details on this approach can be found here
|
||||
+https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html
|
||||
+b) Clear CPU buffers - similar to MDS, clearing the CPU buffers mitigates this
|
||||
+vulnerability. More details on this approach can be found in
|
||||
+:ref:`Documentation/admin-guide/hw-vuln/mds.rst <mds>`.
|
||||
+
|
||||
+Kernel internal mitigation modes
|
||||
+--------------------------------
|
||||
|
@ -406,6 +436,68 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+ effort approach without guarantee.
|
||||
+ ============= ============================================================
|
||||
+
|
||||
+If the CPU is affected and "tsx_async_abort" kernel command line parameter is
|
||||
+If the CPU is affected and the "tsx_async_abort" kernel command line parameter is
|
||||
+not provided then the kernel selects an appropriate mitigation depending on the
|
||||
+status of RTM and MD_CLEAR CPUID bits.
|
||||
+
|
||||
+Below tables indicate the impact of tsx=on|off|auto cmdline options on state of
|
||||
+TAA mitigation, VERW behavior and TSX feature for various combinations of
|
||||
+MSR_IA32_ARCH_CAPABILITIES bits.
|
||||
+
|
||||
+1. "tsx=off"
|
||||
+
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=off
|
||||
+---------------------------------- -------------------------------------------------------------------------
|
||||
+TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
|
||||
+ after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+ 0 0 0 HW default Yes Same as MDS Same as MDS
|
||||
+ 0 0 1 Invalid case Invalid case Invalid case Invalid case
|
||||
+ 0 1 0 HW default No Need ucode update Need ucode update
|
||||
+ 0 1 1 Disabled Yes TSX disabled TSX disabled
|
||||
+ 1 X 1 Disabled X None needed None needed
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+
|
||||
+2. "tsx=on"
|
||||
+
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=on
|
||||
+---------------------------------- -------------------------------------------------------------------------
|
||||
+TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
|
||||
+ after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+ 0 0 0 HW default Yes Same as MDS Same as MDS
|
||||
+ 0 0 1 Invalid case Invalid case Invalid case Invalid case
|
||||
+ 0 1 0 HW default No Need ucode update Need ucode update
|
||||
+ 0 1 1 Enabled Yes None Same as MDS
|
||||
+ 1 X 1 Enabled X None needed None needed
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+
|
||||
+3. "tsx=auto"
|
||||
+
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=auto
|
||||
+---------------------------------- -------------------------------------------------------------------------
|
||||
+TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
|
||||
+ after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+ 0 0 0 HW default Yes Same as MDS Same as MDS
|
||||
+ 0 0 1 Invalid case Invalid case Invalid case Invalid case
|
||||
+ 0 1 0 HW default No Need ucode update Need ucode update
|
||||
+ 0 1 1 Disabled Yes TSX disabled TSX disabled
|
||||
+ 1 X 1 Enabled X None needed None needed
|
||||
+========= ========= ============ ============ ============== =================== ======================
|
||||
+
|
||||
+In the tables, TSX_CTRL_MSR is a new bit in MSR_IA32_ARCH_CAPABILITIES that
|
||||
+indicates whether MSR_IA32_TSX_CTRL is supported.
|
||||
+
|
||||
+There are two control bits in IA32_TSX_CTRL MSR:
|
||||
+
|
||||
+ Bit 0: When set it disables the Restricted Transactional Memory (RTM)
|
||||
+ sub-feature of TSX (will force all transactions to abort on the
|
||||
+ XBEGIN instruction).
|
||||
+
|
||||
+ Bit 1: When set it disables the enumeration of the RTM and HLE feature
|
||||
+ (i.e. it will make CPUID(EAX=7).EBX{bit4} and
|
||||
+ CPUID(EAX=7).EBX{bit11} read as 0).
|
|
@ -1,385 +0,0 @@
|
|||
From: speck for Pawan Gupta <speck@linutronix.de>
|
||||
Date: Wed, 9 Oct 2019 16:30:57 -0700
|
||||
Subject: TAAv6 9
|
||||
|
||||
Transactional Synchronization Extensions (TSX) is an extension to the
|
||||
x86 instruction set architecture (ISA) that adds Hardware Transactional
|
||||
Memory (HTM) support. Changing TSX state currently requires a reboot.
|
||||
This may not be desirable when rebooting imposes a huge penalty. Add
|
||||
support to control TSX feature via a new sysfs file:
|
||||
/sys/devices/system/cpu/hw_tx_mem
|
||||
|
||||
- Writing 0|off|N|n to this file disables TSX feature on all the CPUs.
|
||||
This is equivalent to boot parameter tsx=off.
|
||||
- Writing 1|on|Y|y to this file enables TSX feature on all the CPUs.
|
||||
This is equivalent to boot parameter tsx=on.
|
||||
- Reading from this returns the status of TSX feature.
|
||||
- When TSX control is not supported this interface is not visible in
|
||||
sysfs.
|
||||
|
||||
Changing the TSX state from this interface also updates CPUID.RTM
|
||||
feature bit. From the kernel side, this feature bit doesn't result in
|
||||
any ALTERNATIVE code patching. No memory allocations are done to
|
||||
save/restore user state. No code paths in outside of the tests for
|
||||
vulnerability to TAA are dependent on the value of the feature bit. In
|
||||
general the kernel doesn't care whether RTM is present or not.
|
||||
|
||||
Applications typically look at CPUID bits once at startup (or when first
|
||||
calling into a library that uses the feature). So we have a couple of
|
||||
cases to cover:
|
||||
|
||||
1) An application started and saw that RTM was enabled, so began
|
||||
to use it. Then TSX was disabled. Net result in this case is that
|
||||
the application will keep trying to use RTM, but every xbegin() will
|
||||
immediately abort the transaction. This has a performance impact to
|
||||
the application, but it doesn't affect correctness because all users
|
||||
of RTM must have a fallback path for when the transaction aborts. Note
|
||||
that even if an application is in the middle of a transaction when we
|
||||
disable RTM, we are safe. The XPI that we use to update the TSX_CTRL
|
||||
MSR will abort the transaction (just as any interrupt would abort
|
||||
a transaction).
|
||||
|
||||
2) An application starts and sees RTM is not available. So it will
|
||||
always use alternative paths. Even if TSX is enabled and RTM is set,
|
||||
applications in general do not re-evaluate their choice so will
|
||||
continue to run in non-TSX mode.
|
||||
|
||||
When the TSX state is changed from the sysfs interface, TSX Async Abort
|
||||
(TAA) mitigation state also needs to be updated. Set the TAA mitigation
|
||||
state as per TSX and VERW static branch state.
|
||||
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||
[bwh: Backported to 4.19: adjust context]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
.../ABI/testing/sysfs-devices-system-cpu | 23 ++++
|
||||
.../admin-guide/hw-vuln/tsx_async_abort.rst | 29 +++++
|
||||
arch/x86/kernel/cpu/bugs.c | 21 +++-
|
||||
arch/x86/kernel/cpu/cpu.h | 3 +-
|
||||
arch/x86/kernel/cpu/tsx.c | 100 +++++++++++++++++-
|
||||
drivers/base/cpu.c | 32 +++++-
|
||||
include/linux/cpu.h | 6 ++
|
||||
7 files changed, 210 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
||||
index a1bd0b6766d7..2a98f6c70add 100644
|
||||
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
|
||||
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
||||
@@ -513,3 +513,26 @@ Description: Control Symetric Multi Threading (SMT)
|
||||
|
||||
If control status is "forceoff" or "notsupported" writes
|
||||
are rejected.
|
||||
+
|
||||
+What: /sys/devices/system/cpu/hw_tx_mem
|
||||
+Date: August 2019
|
||||
+Contact: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
+ Linux kernel mailing list <linux-kernel@vger.kernel.org>
|
||||
+Description: Hardware Transactional Memory (HTM) control.
|
||||
+
|
||||
+ Read/write interface to control HTM feature for all the CPUs in
|
||||
+ the system. This interface is only present on platforms that
|
||||
+ support HTM control. HTM is a hardware feature to speed up the
|
||||
+ execution of multi-threaded software through lock elision. An
|
||||
+ example of HTM implementation is Intel Transactional
|
||||
+ Synchronization Extensions (TSX).
|
||||
+
|
||||
+ Read returns the status of HTM feature.
|
||||
+
|
||||
+ 0: HTM is disabled
|
||||
+ 1: HTM is enabled
|
||||
+
|
||||
+ Write sets the state of HTM feature.
|
||||
+
|
||||
+ 0: Disables HTM
|
||||
+ 1: Enables HTM
|
||||
diff --git a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||
index 58f24db49615..b62bc749fd8c 100644
|
||||
--- a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||
+++ b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||
@@ -207,6 +207,35 @@ buffers. For platforms without TSX control "tsx" command line argument has no
|
||||
effect.
|
||||
|
||||
|
||||
+.. _taa_mitigation_sysfs:
|
||||
+
|
||||
+Mitigation control using sysfs
|
||||
+------------------------------
|
||||
+
|
||||
+For those affected systems that can not be frequently rebooted to enable or
|
||||
+disable TSX, sysfs can be used as an alternative after installing the updates.
|
||||
+The possible values for the file /sys/devices/system/cpu/hw_tx_mem are:
|
||||
+
|
||||
+ ============ =============================================================
|
||||
+ 0 Disable TSX. Upon entering a TSX transactional region, the code
|
||||
+ will immediately abort, before any instruction executes within
|
||||
+ the transactional region even speculatively, and continue on
|
||||
+ the fallback. Equivalent to boot parameter "tsx=off".
|
||||
+
|
||||
+ 1 Enable TSX. Equivalent to boot parameter "tsx=on".
|
||||
+
|
||||
+ ============ =============================================================
|
||||
+
|
||||
+Reading from this file returns the status of TSX feature. This file is only
|
||||
+present on systems that support TSX control.
|
||||
+
|
||||
+When disabling TSX by using the sysfs mechanism, applications that are already
|
||||
+running and use TSX will see their transactional regions aborted and execution
|
||||
+flow will be redirected to the fallback, losing the benefits of the
|
||||
+non-blocking path. TSX needs fallback code to guarantee correct execution
|
||||
+without transactional regions.
|
||||
+
|
||||
+
|
||||
Mitigation selection guide
|
||||
--------------------------
|
||||
|
||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
||||
index c435bc5dc19b..f0a998c10056 100644
|
||||
--- a/arch/x86/kernel/cpu/bugs.c
|
||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
||||
@@ -274,7 +274,7 @@ early_param("mds", mds_cmdline);
|
||||
#define pr_fmt(fmt) "TAA: " fmt
|
||||
|
||||
/* Default mitigation for TAA-affected CPUs */
|
||||
-static enum taa_mitigations taa_mitigation __ro_after_init = TAA_MITIGATION_VERW;
|
||||
+static enum taa_mitigations taa_mitigation = TAA_MITIGATION_VERW;
|
||||
static bool taa_nosmt __ro_after_init;
|
||||
|
||||
static const char * const taa_strings[] = {
|
||||
@@ -374,6 +374,25 @@ static int __init tsx_async_abort_cmdline(char *str)
|
||||
}
|
||||
early_param("tsx_async_abort", tsx_async_abort_cmdline);
|
||||
|
||||
+void taa_update_mitigation(bool tsx_enabled)
|
||||
+{
|
||||
+ /*
|
||||
+ * When userspace changes the TSX state, update taa_mitigation
|
||||
+ * so that the updated mitigation state is shown in:
|
||||
+ * /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
|
||||
+ *
|
||||
+ * Check if TSX is disabled.
|
||||
+ * Check if CPU buffer clear is enabled.
|
||||
+ * else the system is vulnerable.
|
||||
+ */
|
||||
+ if (!tsx_enabled)
|
||||
+ taa_mitigation = TAA_MITIGATION_TSX_DISABLE;
|
||||
+ else if (static_key_count(&mds_user_clear.key))
|
||||
+ taa_mitigation = TAA_MITIGATION_VERW;
|
||||
+ else
|
||||
+ taa_mitigation = TAA_MITIGATION_OFF;
|
||||
+}
|
||||
+
|
||||
#undef pr_fmt
|
||||
#define pr_fmt(fmt) "Spectre V1 : " fmt
|
||||
|
||||
diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
|
||||
index 236582c90d3f..57fd603d367f 100644
|
||||
--- a/arch/x86/kernel/cpu/cpu.h
|
||||
+++ b/arch/x86/kernel/cpu/cpu.h
|
||||
@@ -52,11 +52,12 @@ enum tsx_ctrl_states {
|
||||
TSX_CTRL_NOT_SUPPORTED,
|
||||
};
|
||||
|
||||
-extern __ro_after_init enum tsx_ctrl_states tsx_ctrl_state;
|
||||
+extern enum tsx_ctrl_states tsx_ctrl_state;
|
||||
|
||||
extern void __init tsx_init(void);
|
||||
extern void tsx_enable(void);
|
||||
extern void tsx_disable(void);
|
||||
+extern void taa_update_mitigation(bool tsx_enabled);
|
||||
#else
|
||||
static inline void tsx_init(void) { }
|
||||
#endif /* CONFIG_CPU_SUP_INTEL */
|
||||
diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
|
||||
index e93abe6f0bb9..96320449abb7 100644
|
||||
--- a/arch/x86/kernel/cpu/tsx.c
|
||||
+++ b/arch/x86/kernel/cpu/tsx.c
|
||||
@@ -10,12 +10,15 @@
|
||||
|
||||
#include <linux/processor.h>
|
||||
#include <linux/cpufeature.h>
|
||||
+#include <linux/cpu.h>
|
||||
|
||||
#include <asm/cmdline.h>
|
||||
|
||||
#include "cpu.h"
|
||||
|
||||
-enum tsx_ctrl_states tsx_ctrl_state __ro_after_init = TSX_CTRL_NOT_SUPPORTED;
|
||||
+static DEFINE_MUTEX(tsx_mutex);
|
||||
+
|
||||
+enum tsx_ctrl_states tsx_ctrl_state = TSX_CTRL_NOT_SUPPORTED;
|
||||
|
||||
void tsx_disable(void)
|
||||
{
|
||||
@@ -118,3 +121,98 @@ void __init tsx_init(void)
|
||||
setup_force_cpu_cap(X86_FEATURE_RTM);
|
||||
}
|
||||
}
|
||||
+
|
||||
+static void tsx_update_this_cpu(void *arg)
|
||||
+{
|
||||
+ unsigned long enable = (unsigned long)arg;
|
||||
+
|
||||
+ if (enable)
|
||||
+ tsx_enable();
|
||||
+ else
|
||||
+ tsx_disable();
|
||||
+}
|
||||
+
|
||||
+/* Take tsx_mutex lock and update tsx_ctrl_state when calling this function */
|
||||
+static void tsx_update_on_each_cpu(bool val)
|
||||
+{
|
||||
+ get_online_cpus();
|
||||
+ on_each_cpu(tsx_update_this_cpu, (void *)val, 1);
|
||||
+ put_online_cpus();
|
||||
+}
|
||||
+
|
||||
+ssize_t hw_tx_mem_show(struct device *dev, struct device_attribute *attr,
|
||||
+ char *buf)
|
||||
+{
|
||||
+ return sprintf(buf, "%d\n", tsx_ctrl_state == TSX_CTRL_ENABLE ? 1 : 0);
|
||||
+}
|
||||
+
|
||||
+ssize_t hw_tx_mem_store(struct device *dev, struct device_attribute *attr,
|
||||
+ const char *buf, size_t count)
|
||||
+{
|
||||
+ enum tsx_ctrl_states requested_state;
|
||||
+ ssize_t ret;
|
||||
+ bool val;
|
||||
+
|
||||
+ ret = kstrtobool(buf, &val);
|
||||
+ if (ret)
|
||||
+ return ret;
|
||||
+
|
||||
+ mutex_lock(&tsx_mutex);
|
||||
+
|
||||
+ if (val)
|
||||
+ requested_state = TSX_CTRL_ENABLE;
|
||||
+ else
|
||||
+ requested_state = TSX_CTRL_DISABLE;
|
||||
+
|
||||
+ /* Current state is same as the requested state, do nothing */
|
||||
+ if (tsx_ctrl_state == requested_state)
|
||||
+ goto exit;
|
||||
+
|
||||
+ tsx_ctrl_state = requested_state;
|
||||
+
|
||||
+ /*
|
||||
+ * Changing the TSX state from this interface also updates CPUID.RTM
|
||||
+ * feature bit. From the kernel side, this feature bit doesn't result
|
||||
+ * in any ALTERNATIVE code patching. No memory allocations are done to
|
||||
+ * save/restore user state. No code paths in outside of the tests for
|
||||
+ * vulnerability to TAA are dependent on the value of the feature bit.
|
||||
+ * In general the kernel doesn't care whether RTM is present or not.
|
||||
+ *
|
||||
+ * From the user side it is a bit fuzzier. Applications typically look
|
||||
+ * at CPUID bits once at startup (or when first calling into a library
|
||||
+ * that uses the feature). So we have a couple of cases to cover:
|
||||
+ *
|
||||
+ * 1) An application started and saw that RTM was enabled, so began
|
||||
+ * to use it. Then TSX was disabled. Net result in this case is
|
||||
+ * that the application will keep trying to use RTM, but every
|
||||
+ * xbegin() will immediately abort the transaction. This has a
|
||||
+ * performance impact to the application, but it doesn't affect
|
||||
+ * correctness because all users of RTM must have a fallback path
|
||||
+ * for when the transaction aborts. Note that even if an application
|
||||
+ * is in the middle of a transaction when we disable RTM, we are
|
||||
+ * safe. The XPI that we use to update the TSX_CTRL MSR will abort
|
||||
+ * the transaction (just as any interrupt would abort a
|
||||
+ * transaction).
|
||||
+ *
|
||||
+ * 2) An application starts and sees RTM is not available. So it will
|
||||
+ * always use alternative paths. Even if TSX is enabled and RTM is
|
||||
+ * set, applications in general do not re-evaluate their choice so
|
||||
+ * will continue to run in non-TSX mode.
|
||||
+ */
|
||||
+ tsx_update_on_each_cpu(val);
|
||||
+
|
||||
+ if (boot_cpu_has_bug(X86_BUG_TAA))
|
||||
+ taa_update_mitigation(val);
|
||||
+exit:
|
||||
+ mutex_unlock(&tsx_mutex);
|
||||
+
|
||||
+ return count;
|
||||
+}
|
||||
+
|
||||
+umode_t hw_tx_mem_is_visible(void)
|
||||
+{
|
||||
+ if (tsx_ctrl_state == TSX_CTRL_NOT_SUPPORTED)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 0644;
|
||||
+}
|
||||
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
|
||||
index e9e7fde0fe00..ebc46fd81762 100644
|
||||
--- a/drivers/base/cpu.c
|
||||
+++ b/drivers/base/cpu.c
|
||||
@@ -458,6 +458,34 @@ struct device *cpu_device_create(struct device *parent, void *drvdata,
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cpu_device_create);
|
||||
|
||||
+ssize_t __weak hw_tx_mem_show(struct device *dev, struct device_attribute *a,
|
||||
+ char *buf)
|
||||
+{
|
||||
+ return -ENODEV;
|
||||
+}
|
||||
+
|
||||
+ssize_t __weak hw_tx_mem_store(struct device *dev, struct device_attribute *a,
|
||||
+ const char *buf, size_t count)
|
||||
+{
|
||||
+ return -ENODEV;
|
||||
+}
|
||||
+
|
||||
+DEVICE_ATTR_RW(hw_tx_mem);
|
||||
+
|
||||
+umode_t __weak hw_tx_mem_is_visible(void)
|
||||
+{
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static umode_t cpu_root_attrs_is_visible(struct kobject *kobj,
|
||||
+ struct attribute *attr, int index)
|
||||
+{
|
||||
+ if (attr == &dev_attr_hw_tx_mem.attr)
|
||||
+ return hw_tx_mem_is_visible();
|
||||
+
|
||||
+ return attr->mode;
|
||||
+}
|
||||
+
|
||||
#ifdef CONFIG_GENERIC_CPU_AUTOPROBE
|
||||
static DEVICE_ATTR(modalias, 0444, print_cpu_modalias, NULL);
|
||||
#endif
|
||||
@@ -479,11 +507,13 @@ static struct attribute *cpu_root_attrs[] = {
|
||||
#ifdef CONFIG_GENERIC_CPU_AUTOPROBE
|
||||
&dev_attr_modalias.attr,
|
||||
#endif
|
||||
+ &dev_attr_hw_tx_mem.attr,
|
||||
NULL
|
||||
};
|
||||
|
||||
static struct attribute_group cpu_root_attr_group = {
|
||||
- .attrs = cpu_root_attrs,
|
||||
+ .attrs = cpu_root_attrs,
|
||||
+ .is_visible = cpu_root_attrs_is_visible,
|
||||
};
|
||||
|
||||
static const struct attribute_group *cpu_root_attr_groups[] = {
|
||||
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
|
||||
index 9d8dba19844e..7bd8ced5c000 100644
|
||||
--- a/include/linux/cpu.h
|
||||
+++ b/include/linux/cpu.h
|
||||
@@ -65,6 +65,12 @@ extern ssize_t cpu_show_tsx_async_abort(struct device *dev,
|
||||
struct device_attribute *attr,
|
||||
char *buf);
|
||||
|
||||
+extern ssize_t hw_tx_mem_show(struct device *dev, struct device_attribute *a,
|
||||
+ char *buf);
|
||||
+extern ssize_t hw_tx_mem_store(struct device *dev, struct device_attribute *a,
|
||||
+ const char *buf, size_t count);
|
||||
+extern umode_t hw_tx_mem_is_visible(void);
|
||||
+
|
||||
extern __printf(4, 5)
|
||||
struct device *cpu_device_create(struct device *parent, void *drvdata,
|
||||
const struct attribute_group **groups,
|
134
debian/patches/bugfix/x86/taa/0021-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch
vendored
Normal file
134
debian/patches/bugfix/x86/taa/0021-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch
vendored
Normal file
|
@ -0,0 +1,134 @@
|
|||
From: Michal Hocko <mhocko@suse.com>
|
||||
Date: Wed, 23 Oct 2019 12:35:50 +0200
|
||||
Subject: x86/tsx: Add config options to set tsx=on|off|auto
|
||||
|
||||
There is a general consensus that TSX usage is not largely spread while
|
||||
the history shows there is a non trivial space for side channel attacks
|
||||
possible. Therefore the tsx is disabled by default even on platforms
|
||||
that might have a safe implementation of TSX according to the current
|
||||
knowledge. This is a fair trade off to make.
|
||||
|
||||
There are, however, workloads that really do benefit from using TSX and
|
||||
updating to a newer kernel with TSX disabled might introduce a
|
||||
noticeable regressions. This would be especially a problem for Linux
|
||||
distributions which will provide TAA mitigations.
|
||||
|
||||
Introduce config options X86_INTEL_TSX_MODE_OFF, X86_INTEL_TSX_MODE_ON
|
||||
and X86_INTEL_TSX_MODE_AUTO to control the TSX feature. The config
|
||||
setting can be overridden by the tsx cmdline options.
|
||||
|
||||
Suggested-by: Borislav Petkov <bpetkov@suse.de>
|
||||
Signed-off-by: Michal Hocko <mhocko@suse.com>
|
||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
||||
Cc: Ingo Molnar <mingo@redhat.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: Tony Luck <tony.luck@intel.com>
|
||||
Cc: x86-ml <x86@kernel.org>
|
||||
---
|
||||
arch/x86/Kconfig | 45 +++++++++++++++++++++++++++++++++++++++
|
||||
arch/x86/kernel/cpu/tsx.c | 22 +++++++++++++------
|
||||
2 files changed, 61 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index e76d16ac2776..a47343bb439c 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1903,6 +1903,51 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
|
||||
|
||||
If unsure, say y.
|
||||
|
||||
+choice
|
||||
+ prompt "TSX enable mode"
|
||||
+ depends on CPU_SUP_INTEL
|
||||
+ default X86_INTEL_TSX_MODE_OFF
|
||||
+ help
|
||||
+ Intel's TSX (Transactional Synchronization Extensions) feature
|
||||
+ allows to optimize locking protocols through lock elision which
|
||||
+ can lead to a noticeable performance boost.
|
||||
+
|
||||
+ On the other hand it has been shown that TSX can be exploited
|
||||
+ to form side channel attacks (e.g. TAA) and chances are there
|
||||
+ will be more of those attacks discovered in the future.
|
||||
+
|
||||
+ Therefore TSX is not enabled by default (aka tsx=off). An admin
|
||||
+ might override this decision by tsx=on command line parameter. This
|
||||
+ has a risk that TSX will get enabled also on platforms which are
|
||||
+ known to be vulnerable to attacks like TAA and a safer option is to
|
||||
+ use tsx=auto command line parameter.
|
||||
+
|
||||
+ This options allows to set the default tsx mode between tsx=on, off
|
||||
+ and auto. See Documentation/admin-guide/kernel-parameters.txt for more
|
||||
+ details.
|
||||
+
|
||||
+ Say off if not sure, auto if TSX is in use but it should be used on safe
|
||||
+ platforms or on if TSX is in use and the security aspect of tsx is not
|
||||
+ relevant.
|
||||
+
|
||||
+config X86_INTEL_TSX_MODE_OFF
|
||||
+ bool "off"
|
||||
+ help
|
||||
+ TSX is always disabled - equals tsx=off command line parameter.
|
||||
+
|
||||
+config X86_INTEL_TSX_MODE_ON
|
||||
+ bool "on"
|
||||
+ help
|
||||
+ TSX is always enabled on TSX capable HW - equals tsx=on command line
|
||||
+ parameter.
|
||||
+
|
||||
+config X86_INTEL_TSX_MODE_AUTO
|
||||
+ bool "auto"
|
||||
+ help
|
||||
+ TSX is enabled on TSX capable HW that is believed to be safe against
|
||||
+ side channel attacks- equals tsx=auto command line parameter.
|
||||
+endchoice
|
||||
+
|
||||
config EFI
|
||||
bool "EFI runtime service support"
|
||||
depends on ACPI
|
||||
diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
|
||||
index 89ab91eacd4f..ab400f8bbfe1 100644
|
||||
--- a/arch/x86/kernel/cpu/tsx.c
|
||||
+++ b/arch/x86/kernel/cpu/tsx.c
|
||||
@@ -67,6 +67,14 @@ static bool __init tsx_ctrl_is_supported(void)
|
||||
return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
|
||||
}
|
||||
|
||||
+static enum tsx_ctrl_states x86_get_tsx_auto_mode(void)
|
||||
+{
|
||||
+ if (boot_cpu_has_bug(X86_BUG_TAA))
|
||||
+ return TSX_CTRL_DISABLE;
|
||||
+
|
||||
+ return TSX_CTRL_ENABLE;
|
||||
+}
|
||||
+
|
||||
void __init tsx_init(void)
|
||||
{
|
||||
char arg[5] = {};
|
||||
@@ -82,17 +90,19 @@ void __init tsx_init(void)
|
||||
} else if (!strcmp(arg, "off")) {
|
||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
} else if (!strcmp(arg, "auto")) {
|
||||
- if (boot_cpu_has_bug(X86_BUG_TAA))
|
||||
- tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
- else
|
||||
- tsx_ctrl_state = TSX_CTRL_ENABLE;
|
||||
+ tsx_ctrl_state = x86_get_tsx_auto_mode();
|
||||
} else {
|
||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
pr_err("tsx: invalid option, defaulting to off\n");
|
||||
}
|
||||
} else {
|
||||
- /* tsx= not provided, defaulting to off */
|
||||
- tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
+ /* tsx= not provided */
|
||||
+ if (IS_ENABLED(CONFIG_X86_INTEL_TSX_MODE_AUTO))
|
||||
+ tsx_ctrl_state = x86_get_tsx_auto_mode();
|
||||
+ else if (IS_ENABLED(CONFIG_X86_INTEL_TSX_MODE_OFF))
|
||||
+ tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||
+ else
|
||||
+ tsx_ctrl_state = TSX_CTRL_ENABLE;
|
||||
}
|
||||
|
||||
if (tsx_ctrl_state == TSX_CTRL_DISABLE) {
|
|
@ -270,15 +270,15 @@ bugfix/x86/itlb_multihit/0009-x86-Add-ITLB_MULTIHIT-bug-infrastructure.patch
|
|||
bugfix/x86/itlb_multihit/0010-kvm-mmu-ITLB_MULTIHIT-mitigation.patch
|
||||
bugfix/x86/itlb_multihit/0011-kvm-Add-helper-function-for-creating-VM-worker.patch
|
||||
bugfix/x86/itlb_multihit/0012-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
|
||||
bugfix/x86/taa/0013-TAAv6-1.patch
|
||||
bugfix/x86/taa/0014-TAAv6-2.patch
|
||||
bugfix/x86/taa/0015-TAAv6-3.patch
|
||||
bugfix/x86/taa/0016-TAAv6-4.patch
|
||||
bugfix/x86/taa/0017-TAAv6-5.patch
|
||||
bugfix/x86/taa/0018-TAAv6-6.patch
|
||||
bugfix/x86/taa/0019-TAAv6-7.patch
|
||||
bugfix/x86/taa/0020-TAAv6-8.patch
|
||||
bugfix/x86/taa/0021-TAAv6-9.patch
|
||||
bugfix/x86/taa/0013-x86-msr-Add-the-IA32_TSX_CTRL-MSR.patch
|
||||
bugfix/x86/taa/0014-x86-cpu-Add-a-helper-function-x86_read_arch_cap_msr.patch
|
||||
bugfix/x86/taa/0015-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch
|
||||
bugfix/x86/taa/0016-x86-speculation-taa-Add-mitigation-for-TSX-Async-Abo.patch
|
||||
bugfix/x86/taa/0017-x86-speculation-taa-Add-sysfs-reporting-for-TSX-Asyn.patch
|
||||
bugfix/x86/taa/0018-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch
|
||||
bugfix/x86/taa/0019-x86-tsx-Add-auto-option-to-the-tsx-cmdline-parameter.patch
|
||||
bugfix/x86/taa/0020-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch
|
||||
bugfix/x86/taa/0021-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch
|
||||
|
||||
# ABI maintenance
|
||||
debian/abi/powerpc-avoid-abi-change-for-disabling-tm.patch
|
||||
|
|
Loading…
Reference in New Issue