Drop "x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation"

debian/changelog

@@ -480,7 +480,6 @@ linux (4.19.128-1) UNRELEASED; urgency=medium
     - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
     - CDC-ACM: heed quirk also in error handling
     - nvmem: qfprom: remove incorrect write support
-    - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
     - x86/speculation: Add SRBDS vulnerability and mitigation documentation
     - x86/speculation: Add Ivy Bridge to affected list
     - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned

debian/patches/bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch

@@ -1,383 +0,0 @@
-From: Mark Gross <mgross@linux.intel.com>
-Date: Thu, 16 Apr 2020 17:54:04 +0200
-Subject: [3/5] x86/speculation: Add Special Register Buffer Data Sampling
- (SRBDS) mitigation
-Origin: https://git.kernel.org/linus/7e5b3c267d256822407a22fdce6afdf9cd13f9fb
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-0543
-
-SRBDS is an MDS-like speculative side channel that can leak bits from the
-random number generator (RNG) across cores and threads. New microcode
-serializes the processor access during the execution of RDRAND and
-RDSEED. This ensures that the shared buffer is overwritten before it is
-released for reuse.
-
-While it is present on all affected CPU models, the microcode mitigation
-is not needed on models that enumerate ARCH_CAPABILITIES[MDS_NO] in the
-cases where TSX is not supported or has been disabled with TSX_CTRL.
-
-The mitigation is activated by default on affected processors and it
-increases latency for RDRAND and RDSEED instructions. Among other
-effects this will reduce throughput from /dev/urandom.
-
-* Enable administrator to configure the mitigation off when desired using
-  either mitigations=off or srbds=off.
-
-* Export vulnerability status via sysfs
-
-* Rename file-scoped macros to apply for non-whitelist table initializations.
-
- [ bp: Massage,
-   - s/VULNBL_INTEL_STEPPING/VULNBL_INTEL_STEPPINGS/g,
-   - do not read arch cap MSR a second time in tsx_fused_off() - just pass it in,
-   - flip check in cpu_set_bug_bits() to save an indentation level,
-   - reflow comments.
-   jpoimboe: s/Mitigated/Mitigation/ in user-visible strings
-   tglx: Dropped the fused off magic for now
- ]
-
-Signed-off-by: Mark Gross <mgross@linux.intel.com>
-Signed-off-by: Borislav Petkov <bp@suse.de>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Tony Luck <tony.luck@intel.com>
-Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
-Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
----
- .../ABI/testing/sysfs-devices-system-cpu      |   1 +
- .../admin-guide/kernel-parameters.txt         |  20 ++++
- arch/x86/include/asm/cpufeatures.h            |   2 +
- arch/x86/include/asm/msr-index.h              |   4 +
- arch/x86/kernel/cpu/bugs.c                    | 106 ++++++++++++++++++
- arch/x86/kernel/cpu/common.c                  |  31 +++++
- arch/x86/kernel/cpu/cpu.h                     |   1 +
- drivers/base/cpu.c                            |   8 ++
- 8 files changed, 173 insertions(+)
-
-diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
-index b492fb6057c9..b9c14c11efc5 100644
---- a/Documentation/ABI/testing/sysfs-devices-system-cpu
-+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
-@@ -478,6 +478,7 @@ What:		/sys/devices/system/cpu/vulnerabilities
- 		/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
- 		/sys/devices/system/cpu/vulnerabilities/l1tf
- 		/sys/devices/system/cpu/vulnerabilities/mds
-+		/sys/devices/system/cpu/vulnerabilities/srbds
- 		/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
- 		/sys/devices/system/cpu/vulnerabilities/itlb_multihit
- Date:		January 2018
-diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 1a5101b7e853..30752db57587 100644
---- a/Documentation/admin-guide/kernel-parameters.txt
-+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4415,6 +4415,26 @@
- 	spia_pedr=
- 	spia_peddr=
- 
-+	srbds=		[X86,INTEL]
-+			Control the Special Register Buffer Data Sampling
-+			(SRBDS) mitigation.
-+
-+			Certain CPUs are vulnerable to an MDS-like
-+			exploit which can leak bits from the random
-+			number generator.
-+
-+			By default, this issue is mitigated by
-+			microcode.  However, the microcode fix can cause
-+			the RDRAND and RDSEED instructions to become
-+			much slower.  Among other effects, this will
-+			result in reduced throughput from /dev/urandom.
-+
-+			The microcode mitigation can be disabled with
-+			the following option:
-+
-+			off:    Disable mitigation and remove
-+				performance impact to RDRAND and RDSEED
-+
- 	srcutree.counter_wrap_check [KNL]
- 			Specifies how frequently to check for
- 			grace-period sequence counter wrap for the
-diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
-index 8c13b99b9507..9f03ac233566 100644
---- a/arch/x86/include/asm/cpufeatures.h
-+++ b/arch/x86/include/asm/cpufeatures.h
-@@ -347,6 +347,7 @@
- /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */
- #define X86_FEATURE_AVX512_4VNNIW	(18*32+ 2) /* AVX-512 Neural Network Instructions */
- #define X86_FEATURE_AVX512_4FMAPS	(18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */
-+#define X86_FEATURE_SRBDS_CTRL		(18*32+ 9) /* "" SRBDS mitigation MSR available */
- #define X86_FEATURE_TSX_FORCE_ABORT	(18*32+13) /* "" TSX_FORCE_ABORT */
- #define X86_FEATURE_MD_CLEAR		(18*32+10) /* VERW clears CPU buffers */
- #define X86_FEATURE_PCONFIG		(18*32+18) /* Intel PCONFIG */
-@@ -391,5 +392,6 @@
- #define X86_BUG_SWAPGS			X86_BUG(21) /* CPU is affected by speculation through SWAPGS */
- #define X86_BUG_TAA			X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */
- #define X86_BUG_ITLB_MULTIHIT		X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */
-+#define X86_BUG_SRBDS			X86_BUG(24) /* CPU may leak RNG bits if not mitigated */
- 
- #endif /* _ASM_X86_CPUFEATURES_H */
-diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
-index d2c25a13e1ce..5bb11a8c245e 100644
---- a/arch/x86/include/asm/msr-index.h
-+++ b/arch/x86/include/asm/msr-index.h
-@@ -110,6 +110,10 @@
- #define TSX_CTRL_RTM_DISABLE		BIT(0)	/* Disable RTM feature */
- #define TSX_CTRL_CPUID_CLEAR		BIT(1)	/* Disable TSX enumeration */
- 
-+/* SRBDS support */
-+#define MSR_IA32_MCU_OPT_CTRL		0x00000123
-+#define RNGDS_MITG_DIS			BIT(0)
-+
- #define MSR_IA32_SYSENTER_CS		0x00000174
- #define MSR_IA32_SYSENTER_ESP		0x00000175
- #define MSR_IA32_SYSENTER_EIP		0x00000176
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index 2d23a448e72d..cf07437cd106 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -41,6 +41,7 @@ static void __init l1tf_select_mitigation(void);
- static void __init mds_select_mitigation(void);
- static void __init mds_print_mitigation(void);
- static void __init taa_select_mitigation(void);
-+static void __init srbds_select_mitigation(void);
- 
- /* The base value of the SPEC_CTRL MSR that always has to be preserved. */
- u64 x86_spec_ctrl_base;
-@@ -108,6 +109,7 @@ void __init check_bugs(void)
- 	l1tf_select_mitigation();
- 	mds_select_mitigation();
- 	taa_select_mitigation();
-+	srbds_select_mitigation();
- 
- 	/*
- 	 * As MDS and TAA mitigations are inter-related, print MDS
-@@ -390,6 +392,97 @@ static int __init tsx_async_abort_parse_cmdline(char *str)
- }
- early_param("tsx_async_abort", tsx_async_abort_parse_cmdline);
- 
-+#undef pr_fmt
-+#define pr_fmt(fmt)	"SRBDS: " fmt
-+
-+enum srbds_mitigations {
-+	SRBDS_MITIGATION_OFF,
-+	SRBDS_MITIGATION_UCODE_NEEDED,
-+	SRBDS_MITIGATION_FULL,
-+	SRBDS_MITIGATION_TSX_OFF,
-+	SRBDS_MITIGATION_HYPERVISOR,
-+};
-+
-+static enum srbds_mitigations srbds_mitigation __ro_after_init = SRBDS_MITIGATION_FULL;
-+
-+static const char * const srbds_strings[] = {
-+	[SRBDS_MITIGATION_OFF]		= "Vulnerable",
-+	[SRBDS_MITIGATION_UCODE_NEEDED]	= "Vulnerable: No microcode",
-+	[SRBDS_MITIGATION_FULL]		= "Mitigation: Microcode",
-+	[SRBDS_MITIGATION_TSX_OFF]	= "Mitigation: TSX disabled",
-+	[SRBDS_MITIGATION_HYPERVISOR]	= "Unknown: Dependent on hypervisor status",
-+};
-+
-+static bool srbds_off;
-+
-+void update_srbds_msr(void)
-+{
-+	u64 mcu_ctrl;
-+
-+	if (!boot_cpu_has_bug(X86_BUG_SRBDS))
-+		return;
-+
-+	if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
-+		return;
-+
-+	if (srbds_mitigation == SRBDS_MITIGATION_UCODE_NEEDED)
-+		return;
-+
-+	rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
-+
-+	switch (srbds_mitigation) {
-+	case SRBDS_MITIGATION_OFF:
-+	case SRBDS_MITIGATION_TSX_OFF:
-+		mcu_ctrl |= RNGDS_MITG_DIS;
-+		break;
-+	case SRBDS_MITIGATION_FULL:
-+		mcu_ctrl &= ~RNGDS_MITG_DIS;
-+		break;
-+	default:
-+		break;
-+	}
-+
-+	wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
-+}
-+
-+static void __init srbds_select_mitigation(void)
-+{
-+	u64 ia32_cap;
-+
-+	if (!boot_cpu_has_bug(X86_BUG_SRBDS))
-+		return;
-+
-+	/*
-+	 * Check to see if this is one of the MDS_NO systems supporting
-+	 * TSX that are only exposed to SRBDS when TSX is enabled.
-+	 */
-+	ia32_cap = x86_read_arch_cap_msr();
-+	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM))
-+		srbds_mitigation = SRBDS_MITIGATION_TSX_OFF;
-+	else if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
-+		srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR;
-+	else if (!boot_cpu_has(X86_FEATURE_SRBDS_CTRL))
-+		srbds_mitigation = SRBDS_MITIGATION_UCODE_NEEDED;
-+	else if (cpu_mitigations_off() || srbds_off)
-+		srbds_mitigation = SRBDS_MITIGATION_OFF;
-+
-+	update_srbds_msr();
-+	pr_info("%s\n", srbds_strings[srbds_mitigation]);
-+}
-+
-+static int __init srbds_parse_cmdline(char *str)
-+{
-+	if (!str)
-+		return -EINVAL;
-+
-+	if (!boot_cpu_has_bug(X86_BUG_SRBDS))
-+		return 0;
-+
-+	srbds_off = !strcmp(str, "off");
-+	return 0;
-+}
-+early_param("srbds", srbds_parse_cmdline);
-+
- #undef pr_fmt
- #define pr_fmt(fmt)     "Spectre V1 : " fmt
- 
-@@ -1491,6 +1584,11 @@ static char *ibpb_state(void)
- 	return "";
- }
- 
-+static ssize_t srbds_show_state(char *buf)
-+{
-+	return sprintf(buf, "%s\n", srbds_strings[srbds_mitigation]);
-+}
-+
- static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
- 			       char *buf, unsigned int bug)
- {
-@@ -1535,6 +1633,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
- 	case X86_BUG_ITLB_MULTIHIT:
- 		return itlb_multihit_show_state(buf);
- 
-+	case X86_BUG_SRBDS:
-+		return srbds_show_state(buf);
-+
- 	default:
- 		break;
- 	}
-@@ -1581,4 +1682,9 @@ ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr
- {
- 	return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT);
- }
-+
-+ssize_t cpu_show_srbds(struct device *dev, struct device_attribute *attr, char *buf)
-+{
-+	return cpu_show_common(dev, attr, buf, X86_BUG_SRBDS);
-+}
- #endif
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 375e1d459b68..2058e8c0e61d 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -1013,6 +1013,27 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
- 	{}
- };
- 
-+#define VULNBL_INTEL_STEPPINGS(model, steppings, issues)		   \
-+	X86_MATCH_VENDOR_FAM_MODEL_STEPPINGS_FEATURE(INTEL, 6,		   \
-+					    INTEL_FAM6_##model, steppings, \
-+					    X86_FEATURE_ANY, issues)
-+
-+#define SRBDS		BIT(0)
-+
-+static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
-+	VULNBL_INTEL_STEPPINGS(IVYBRIDGE,	X86_STEPPING_ANY,		SRBDS),
-+	VULNBL_INTEL_STEPPINGS(HASWELL_CORE,	X86_STEPPING_ANY,		SRBDS),
-+	VULNBL_INTEL_STEPPINGS(HASWELL_ULT,	X86_STEPPING_ANY,		SRBDS),
-+	VULNBL_INTEL_STEPPINGS(HASWELL_GT3E,	X86_STEPPING_ANY,		SRBDS),
-+	VULNBL_INTEL_STEPPINGS(BROADWELL_GT3E,	X86_STEPPING_ANY,		SRBDS),
-+	VULNBL_INTEL_STEPPINGS(BROADWELL_CORE,	X86_STEPPING_ANY,		SRBDS),
-+	VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE,	X86_STEPPING_ANY,		SRBDS),
-+	VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP,	X86_STEPPING_ANY,		SRBDS),
-+	VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE,	X86_STEPPINGS(0x0, 0xC),	SRBDS),
-+	VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x0, 0xD),	SRBDS),
-+	{}
-+};
-+
- static bool __init cpu_matches(const struct x86_cpu_id *table, unsigned long which)
- {
- 	const struct x86_cpu_id *m = x86_match_cpu(table);
-@@ -1078,6 +1099,15 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
- 	     (ia32_cap & ARCH_CAP_TSX_CTRL_MSR)))
- 		setup_force_cpu_bug(X86_BUG_TAA);
- 
-+	/*
-+	 * SRBDS affects CPUs which support RDRAND or RDSEED and are listed
-+	 * in the vulnerability blacklist.
-+	 */
-+	if ((cpu_has(c, X86_FEATURE_RDRAND) ||
-+	     cpu_has(c, X86_FEATURE_RDSEED)) &&
-+	    cpu_matches(cpu_vuln_blacklist, SRBDS))
-+		    setup_force_cpu_bug(X86_BUG_SRBDS);
-+
- 	if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
- 		return;
- 
-@@ -1522,6 +1552,7 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c)
- 	mtrr_ap_init();
- 	validate_apic_and_package_id(c);
- 	x86_spec_ctrl_setup_ap();
-+	update_srbds_msr();
- }
- 
- static __init int setup_noclflush(char *arg)
-diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
-index 236582c90d3f..e89602d2aff5 100644
---- a/arch/x86/kernel/cpu/cpu.h
-+++ b/arch/x86/kernel/cpu/cpu.h
-@@ -80,6 +80,7 @@ extern void detect_ht(struct cpuinfo_x86 *c);
- unsigned int aperfmperf_get_khz(int cpu);
- 
- extern void x86_spec_ctrl_setup_ap(void);
-+extern void update_srbds_msr(void);
- 
- extern u64 x86_read_arch_cap_msr(void);
- 
-diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
-index f3ecf7418ed4..1df057486176 100644
---- a/drivers/base/cpu.c
-+++ b/drivers/base/cpu.c
-@@ -565,6 +565,12 @@ ssize_t __weak cpu_show_itlb_multihit(struct device *dev,
- 	return sprintf(buf, "Not affected\n");
- }
- 
-+ssize_t __weak cpu_show_srbds(struct device *dev,
-+			      struct device_attribute *attr, char *buf)
-+{
-+	return sprintf(buf, "Not affected\n");
-+}
-+
- static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
- static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
- static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
-@@ -573,6 +579,7 @@ static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL);
- static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL);
- static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL);
- static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL);
-+static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL);
- 
- static struct attribute *cpu_root_vulnerabilities_attrs[] = {
- 	&dev_attr_meltdown.attr,
-@@ -583,6 +590,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
- 	&dev_attr_mds.attr,
- 	&dev_attr_tsx_async_abort.attr,
- 	&dev_attr_itlb_multihit.attr,
-+	&dev_attr_srbds.attr,
- 	NULL
- };
- 

debian/patches/series

@@ -296,7 +296,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 debian/ntfs-mark-it-as-broken.patch
-bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch
 bugfix/x86/srbds/0004-x86-speculation-Add-SRBDS-vulnerability-and-mitigati.patch
 bugfix/x86/srbds/0005-x86-speculation-Add-Ivy-Bridge-to-affected-list.patch