x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs

2019-11-08 00:14:08 +01:00 · 2019-11-08 00:14:08 +01:00 · be004c1b69
parent 37baed7166
commit be004c1b69
3 changed files with 51 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -10,6 +10,7 @@ linux (4.19.67-2+deb10u2) UNRELEASED; urgency=medium
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
+    - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
    TSX is now disabled by default; see
    Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
  * [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
--- a/debian/patches/bugfix/x86/taa/0010-x86-speculation-taa-Fix-printing-of-TAA_MSG_SMT-on-I.patch
+++ b/debian/patches/bugfix/x86/taa/0010-x86-speculation-taa-Fix-printing-of-TAA_MSG_SMT-on-I.patch
@ -0,0 +1,49 @@
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+Date: Wed, 6 Nov 2019 20:26:46 -0600
+Subject: x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
+Origin: https://git.kernel.org/linus/012206a822a8b6ac09125bfaa210a95b9eb8f1c1
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11135
+
+For new IBRS_ALL CPUs, the Enhanced IBRS check at the beginning of
+cpu_bugs_smt_update() causes the function to return early, unintentionally
+skipping the MDS and TAA logic.
+
+This is not a problem for MDS, because there appears to be no overlap
+between IBRS_ALL and MDS-affected CPUs.  So the MDS mitigation would be
+disabled and nothing would need to be done in this function anyway.
+
+But for TAA, the TAA_MSG_SMT string will never get printed on Cascade
+Lake and newer.
+
+The check is superfluous anyway: when 'spectre_v2_enabled' is
+SPECTRE_V2_IBRS_ENHANCED, 'spectre_v2_user' is always
+SPECTRE_V2_USER_NONE, and so the 'spectre_v2_user' switch statement
+handles it appropriately by doing nothing.  So just remove the check.
+
+Fixes: 1b42f017415b ("x86/speculation/taa: Add mitigation for TSX Async Abort")
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+---
+ arch/x86/kernel/cpu/bugs.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
+index 8237b86ba6dc..10d11586f805 100644
+--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
+@@ -886,10 +886,6 @@ static void update_mds_branch_idle(void)
+ 
+ void arch_smt_update(void)
+ {
+-	/* Enhanced IBRS implies STIBP. No update required. */
+-	if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+-		return;
+-
+ 	mutex_lock(&spec_ctrl_mutex);
+ 
+ 	switch (spectre_v2_user) {
+-- 
+2.24.0
+
--- a/debian/patches/series
+++ b/debian/patches/series
@ -267,6 +267,7 @@ bugfix/x86/taa/0006-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch
 bugfix/x86/taa/0007-x86-tsx-Add-auto-option-to-the-tsx-cmdline-parameter.patch
 bugfix/x86/taa/0008-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch
 bugfix/x86/taa/0009-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch
+bugfix/x86/taa/0010-x86-speculation-taa-Fix-printing-of-TAA_MSG_SMT-on-I.patch
 bugfix/x86/itlb_multihit/0010-KVM-x86-adjust-kvm_mmu_page-member-to-save-8-bytes.patch
 bugfix/x86/itlb_multihit/0011-kvm-Convert-kvm_lock-to-a-mutex.patch
 bugfix/x86/itlb_multihit/0012-kvm-x86-Do-not-release-the-page-inside-mmu_set_spte.patch