From 68c22bc5084189c55e178df57b25928a02f4e6ba Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 23 Jun 2020 16:43:36 +0200 Subject: [PATCH] Drop "x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation" --- debian/changelog | 1 - ...Add-Special-Register-Buffer-Data-Sam.patch | 383 ------------------ debian/patches/series | 1 - 3 files changed, 385 deletions(-) delete mode 100644 debian/patches/bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch diff --git a/debian/changelog b/debian/changelog index 3b5920482..b62d4fff2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -480,7 +480,6 @@ linux (4.19.128-1) UNRELEASED; urgency=medium - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK - CDC-ACM: heed quirk also in error handling - nvmem: qfprom: remove incorrect write support - - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation - x86/speculation: Add SRBDS vulnerability and mitigation documentation - x86/speculation: Add Ivy Bridge to affected list - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned diff --git a/debian/patches/bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch b/debian/patches/bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch deleted file mode 100644 index f15d9b200..000000000 --- a/debian/patches/bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch +++ /dev/null @@ -1,383 +0,0 @@ -From: Mark Gross -Date: Thu, 16 Apr 2020 17:54:04 +0200 -Subject: [3/5] x86/speculation: Add Special Register Buffer Data Sampling - (SRBDS) mitigation -Origin: https://git.kernel.org/linus/7e5b3c267d256822407a22fdce6afdf9cd13f9fb -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-0543 - -SRBDS is an MDS-like speculative side channel that can leak bits from the -random number generator (RNG) across cores and threads. New microcode -serializes the processor access during the execution of RDRAND and -RDSEED. This ensures that the shared buffer is overwritten before it is -released for reuse. - -While it is present on all affected CPU models, the microcode mitigation -is not needed on models that enumerate ARCH_CAPABILITIES[MDS_NO] in the -cases where TSX is not supported or has been disabled with TSX_CTRL. - -The mitigation is activated by default on affected processors and it -increases latency for RDRAND and RDSEED instructions. Among other -effects this will reduce throughput from /dev/urandom. - -* Enable administrator to configure the mitigation off when desired using - either mitigations=off or srbds=off. - -* Export vulnerability status via sysfs - -* Rename file-scoped macros to apply for non-whitelist table initializations. - - [ bp: Massage, - - s/VULNBL_INTEL_STEPPING/VULNBL_INTEL_STEPPINGS/g, - - do not read arch cap MSR a second time in tsx_fused_off() - just pass it in, - - flip check in cpu_set_bug_bits() to save an indentation level, - - reflow comments. - jpoimboe: s/Mitigated/Mitigation/ in user-visible strings - tglx: Dropped the fused off magic for now - ] - -Signed-off-by: Mark Gross -Signed-off-by: Borislav Petkov -Signed-off-by: Thomas Gleixner -Reviewed-by: Tony Luck -Reviewed-by: Pawan Gupta -Reviewed-by: Josh Poimboeuf -Tested-by: Neelima Krishnan ---- - .../ABI/testing/sysfs-devices-system-cpu | 1 + - .../admin-guide/kernel-parameters.txt | 20 ++++ - arch/x86/include/asm/cpufeatures.h | 2 + - arch/x86/include/asm/msr-index.h | 4 + - arch/x86/kernel/cpu/bugs.c | 106 ++++++++++++++++++ - arch/x86/kernel/cpu/common.c | 31 +++++ - arch/x86/kernel/cpu/cpu.h | 1 + - drivers/base/cpu.c | 8 ++ - 8 files changed, 173 insertions(+) - -diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu -index b492fb6057c9..b9c14c11efc5 100644 ---- a/Documentation/ABI/testing/sysfs-devices-system-cpu -+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu -@@ -478,6 +478,7 @@ What: /sys/devices/system/cpu/vulnerabilities - /sys/devices/system/cpu/vulnerabilities/spec_store_bypass - /sys/devices/system/cpu/vulnerabilities/l1tf - /sys/devices/system/cpu/vulnerabilities/mds -+ /sys/devices/system/cpu/vulnerabilities/srbds - /sys/devices/system/cpu/vulnerabilities/tsx_async_abort - /sys/devices/system/cpu/vulnerabilities/itlb_multihit - Date: January 2018 -diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 1a5101b7e853..30752db57587 100644 ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4415,6 +4415,26 @@ - spia_pedr= - spia_peddr= - -+ srbds= [X86,INTEL] -+ Control the Special Register Buffer Data Sampling -+ (SRBDS) mitigation. -+ -+ Certain CPUs are vulnerable to an MDS-like -+ exploit which can leak bits from the random -+ number generator. -+ -+ By default, this issue is mitigated by -+ microcode. However, the microcode fix can cause -+ the RDRAND and RDSEED instructions to become -+ much slower. Among other effects, this will -+ result in reduced throughput from /dev/urandom. -+ -+ The microcode mitigation can be disabled with -+ the following option: -+ -+ off: Disable mitigation and remove -+ performance impact to RDRAND and RDSEED -+ - srcutree.counter_wrap_check [KNL] - Specifies how frequently to check for - grace-period sequence counter wrap for the -diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h -index 8c13b99b9507..9f03ac233566 100644 ---- a/arch/x86/include/asm/cpufeatures.h -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -347,6 +347,7 @@ - /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */ - #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ - #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ -+#define X86_FEATURE_SRBDS_CTRL (18*32+ 9) /* "" SRBDS mitigation MSR available */ - #define X86_FEATURE_TSX_FORCE_ABORT (18*32+13) /* "" TSX_FORCE_ABORT */ - #define X86_FEATURE_MD_CLEAR (18*32+10) /* VERW clears CPU buffers */ - #define X86_FEATURE_PCONFIG (18*32+18) /* Intel PCONFIG */ -@@ -391,5 +392,6 @@ - #define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */ - #define X86_BUG_TAA X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */ - #define X86_BUG_ITLB_MULTIHIT X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */ -+#define X86_BUG_SRBDS X86_BUG(24) /* CPU may leak RNG bits if not mitigated */ - - #endif /* _ASM_X86_CPUFEATURES_H */ -diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h -index d2c25a13e1ce..5bb11a8c245e 100644 ---- a/arch/x86/include/asm/msr-index.h -+++ b/arch/x86/include/asm/msr-index.h -@@ -110,6 +110,10 @@ - #define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */ - #define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */ - -+/* SRBDS support */ -+#define MSR_IA32_MCU_OPT_CTRL 0x00000123 -+#define RNGDS_MITG_DIS BIT(0) -+ - #define MSR_IA32_SYSENTER_CS 0x00000174 - #define MSR_IA32_SYSENTER_ESP 0x00000175 - #define MSR_IA32_SYSENTER_EIP 0x00000176 -diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c -index 2d23a448e72d..cf07437cd106 100644 ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -41,6 +41,7 @@ static void __init l1tf_select_mitigation(void); - static void __init mds_select_mitigation(void); - static void __init mds_print_mitigation(void); - static void __init taa_select_mitigation(void); -+static void __init srbds_select_mitigation(void); - - /* The base value of the SPEC_CTRL MSR that always has to be preserved. */ - u64 x86_spec_ctrl_base; -@@ -108,6 +109,7 @@ void __init check_bugs(void) - l1tf_select_mitigation(); - mds_select_mitigation(); - taa_select_mitigation(); -+ srbds_select_mitigation(); - - /* - * As MDS and TAA mitigations are inter-related, print MDS -@@ -390,6 +392,97 @@ static int __init tsx_async_abort_parse_cmdline(char *str) - } - early_param("tsx_async_abort", tsx_async_abort_parse_cmdline); - -+#undef pr_fmt -+#define pr_fmt(fmt) "SRBDS: " fmt -+ -+enum srbds_mitigations { -+ SRBDS_MITIGATION_OFF, -+ SRBDS_MITIGATION_UCODE_NEEDED, -+ SRBDS_MITIGATION_FULL, -+ SRBDS_MITIGATION_TSX_OFF, -+ SRBDS_MITIGATION_HYPERVISOR, -+}; -+ -+static enum srbds_mitigations srbds_mitigation __ro_after_init = SRBDS_MITIGATION_FULL; -+ -+static const char * const srbds_strings[] = { -+ [SRBDS_MITIGATION_OFF] = "Vulnerable", -+ [SRBDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", -+ [SRBDS_MITIGATION_FULL] = "Mitigation: Microcode", -+ [SRBDS_MITIGATION_TSX_OFF] = "Mitigation: TSX disabled", -+ [SRBDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status", -+}; -+ -+static bool srbds_off; -+ -+void update_srbds_msr(void) -+{ -+ u64 mcu_ctrl; -+ -+ if (!boot_cpu_has_bug(X86_BUG_SRBDS)) -+ return; -+ -+ if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) -+ return; -+ -+ if (srbds_mitigation == SRBDS_MITIGATION_UCODE_NEEDED) -+ return; -+ -+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); -+ -+ switch (srbds_mitigation) { -+ case SRBDS_MITIGATION_OFF: -+ case SRBDS_MITIGATION_TSX_OFF: -+ mcu_ctrl |= RNGDS_MITG_DIS; -+ break; -+ case SRBDS_MITIGATION_FULL: -+ mcu_ctrl &= ~RNGDS_MITG_DIS; -+ break; -+ default: -+ break; -+ } -+ -+ wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); -+} -+ -+static void __init srbds_select_mitigation(void) -+{ -+ u64 ia32_cap; -+ -+ if (!boot_cpu_has_bug(X86_BUG_SRBDS)) -+ return; -+ -+ /* -+ * Check to see if this is one of the MDS_NO systems supporting -+ * TSX that are only exposed to SRBDS when TSX is enabled. -+ */ -+ ia32_cap = x86_read_arch_cap_msr(); -+ if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM)) -+ srbds_mitigation = SRBDS_MITIGATION_TSX_OFF; -+ else if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) -+ srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR; -+ else if (!boot_cpu_has(X86_FEATURE_SRBDS_CTRL)) -+ srbds_mitigation = SRBDS_MITIGATION_UCODE_NEEDED; -+ else if (cpu_mitigations_off() || srbds_off) -+ srbds_mitigation = SRBDS_MITIGATION_OFF; -+ -+ update_srbds_msr(); -+ pr_info("%s\n", srbds_strings[srbds_mitigation]); -+} -+ -+static int __init srbds_parse_cmdline(char *str) -+{ -+ if (!str) -+ return -EINVAL; -+ -+ if (!boot_cpu_has_bug(X86_BUG_SRBDS)) -+ return 0; -+ -+ srbds_off = !strcmp(str, "off"); -+ return 0; -+} -+early_param("srbds", srbds_parse_cmdline); -+ - #undef pr_fmt - #define pr_fmt(fmt) "Spectre V1 : " fmt - -@@ -1491,6 +1584,11 @@ static char *ibpb_state(void) - return ""; - } - -+static ssize_t srbds_show_state(char *buf) -+{ -+ return sprintf(buf, "%s\n", srbds_strings[srbds_mitigation]); -+} -+ - static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, - char *buf, unsigned int bug) - { -@@ -1535,6 +1633,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr - case X86_BUG_ITLB_MULTIHIT: - return itlb_multihit_show_state(buf); - -+ case X86_BUG_SRBDS: -+ return srbds_show_state(buf); -+ - default: - break; - } -@@ -1581,4 +1682,9 @@ ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr - { - return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT); - } -+ -+ssize_t cpu_show_srbds(struct device *dev, struct device_attribute *attr, char *buf) -+{ -+ return cpu_show_common(dev, attr, buf, X86_BUG_SRBDS); -+} - #endif -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 375e1d459b68..2058e8c0e61d 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -1013,6 +1013,27 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { - {} - }; - -+#define VULNBL_INTEL_STEPPINGS(model, steppings, issues) \ -+ X86_MATCH_VENDOR_FAM_MODEL_STEPPINGS_FEATURE(INTEL, 6, \ -+ INTEL_FAM6_##model, steppings, \ -+ X86_FEATURE_ANY, issues) -+ -+#define SRBDS BIT(0) -+ -+static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { -+ VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS), -+ VULNBL_INTEL_STEPPINGS(HASWELL_CORE, X86_STEPPING_ANY, SRBDS), -+ VULNBL_INTEL_STEPPINGS(HASWELL_ULT, X86_STEPPING_ANY, SRBDS), -+ VULNBL_INTEL_STEPPINGS(HASWELL_GT3E, X86_STEPPING_ANY, SRBDS), -+ VULNBL_INTEL_STEPPINGS(BROADWELL_GT3E, X86_STEPPING_ANY, SRBDS), -+ VULNBL_INTEL_STEPPINGS(BROADWELL_CORE, X86_STEPPING_ANY, SRBDS), -+ VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE, X86_STEPPING_ANY, SRBDS), -+ VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP, X86_STEPPING_ANY, SRBDS), -+ VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE, X86_STEPPINGS(0x0, 0xC), SRBDS), -+ VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x0, 0xD), SRBDS), -+ {} -+}; -+ - static bool __init cpu_matches(const struct x86_cpu_id *table, unsigned long which) - { - const struct x86_cpu_id *m = x86_match_cpu(table); -@@ -1078,6 +1099,15 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) - (ia32_cap & ARCH_CAP_TSX_CTRL_MSR))) - setup_force_cpu_bug(X86_BUG_TAA); - -+ /* -+ * SRBDS affects CPUs which support RDRAND or RDSEED and are listed -+ * in the vulnerability blacklist. -+ */ -+ if ((cpu_has(c, X86_FEATURE_RDRAND) || -+ cpu_has(c, X86_FEATURE_RDSEED)) && -+ cpu_matches(cpu_vuln_blacklist, SRBDS)) -+ setup_force_cpu_bug(X86_BUG_SRBDS); -+ - if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) - return; - -@@ -1522,6 +1552,7 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c) - mtrr_ap_init(); - validate_apic_and_package_id(c); - x86_spec_ctrl_setup_ap(); -+ update_srbds_msr(); - } - - static __init int setup_noclflush(char *arg) -diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h -index 236582c90d3f..e89602d2aff5 100644 ---- a/arch/x86/kernel/cpu/cpu.h -+++ b/arch/x86/kernel/cpu/cpu.h -@@ -80,6 +80,7 @@ extern void detect_ht(struct cpuinfo_x86 *c); - unsigned int aperfmperf_get_khz(int cpu); - - extern void x86_spec_ctrl_setup_ap(void); -+extern void update_srbds_msr(void); - - extern u64 x86_read_arch_cap_msr(void); - -diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c -index f3ecf7418ed4..1df057486176 100644 ---- a/drivers/base/cpu.c -+++ b/drivers/base/cpu.c -@@ -565,6 +565,12 @@ ssize_t __weak cpu_show_itlb_multihit(struct device *dev, - return sprintf(buf, "Not affected\n"); - } - -+ssize_t __weak cpu_show_srbds(struct device *dev, -+ struct device_attribute *attr, char *buf) -+{ -+ return sprintf(buf, "Not affected\n"); -+} -+ - static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); - static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); - static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); -@@ -573,6 +579,7 @@ static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL); - static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL); - static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL); - static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL); -+static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL); - - static struct attribute *cpu_root_vulnerabilities_attrs[] = { - &dev_attr_meltdown.attr, -@@ -583,6 +590,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { - &dev_attr_mds.attr, - &dev_attr_tsx_async_abort.attr, - &dev_attr_itlb_multihit.attr, -+ &dev_attr_srbds.attr, - NULL - }; - diff --git a/debian/patches/series b/debian/patches/series index ff0bb4c97..f97faebd4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -296,7 +296,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch -bugfix/x86/srbds/0003-x86-speculation-Add-Special-Register-Buffer-Data-Sam.patch bugfix/x86/srbds/0004-x86-speculation-Add-SRBDS-vulnerability-and-mitigati.patch bugfix/x86/srbds/0005-x86-speculation-Add-Ivy-Bridge-to-affected-list.patch