]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1353ebb4 | 2 | /* |
1353ebb4 JF |
3 | * Copyright (C) 1994 Linus Torvalds |
4 | * | |
5 | * Cyrix stuff, June 1998 by: | |
6 | * - Rafael R. Reilova (moved everything from head.S), | |
7 | * <rreilova@ececs.uc.edu> | |
8 | * - Channing Corn (tests & fixes), | |
9 | * - Andrew D. Balsa (code cleanup). | |
10 | */ | |
11 | #include <linux/init.h> | |
12 | #include <linux/utsname.h> | |
61dc0f55 | 13 | #include <linux/cpu.h> |
caf7501a | 14 | #include <linux/module.h> |
da285121 | 15 | |
28a27752 | 16 | #include <asm/spec-ctrl.h> |
da285121 | 17 | #include <asm/cmdline.h> |
91eb1b79 | 18 | #include <asm/bugs.h> |
1353ebb4 | 19 | #include <asm/processor.h> |
7ebad705 | 20 | #include <asm/processor-flags.h> |
952f07ec | 21 | #include <asm/fpu/internal.h> |
1353ebb4 JF |
22 | #include <asm/msr.h> |
23 | #include <asm/paravirt.h> | |
24 | #include <asm/alternative.h> | |
62a67e12 | 25 | #include <asm/pgtable.h> |
d1163651 | 26 | #include <asm/set_memory.h> |
c995efd5 | 27 | #include <asm/intel-family.h> |
1353ebb4 | 28 | |
da285121 | 29 | static void __init spectre_v2_select_mitigation(void); |
24f7fc83 | 30 | static void __init ssb_select_mitigation(void); |
da285121 | 31 | |
1b86883c KRW |
32 | /* |
33 | * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any | |
34 | * writes to SPEC_CTRL contain whatever reserved bits have been set. | |
35 | */ | |
885f82bf | 36 | u64 __ro_after_init x86_spec_ctrl_base; |
1b86883c | 37 | |
1115a859 KRW |
38 | /* |
39 | * The vendor and possibly platform specific bits which can be modified in | |
40 | * x86_spec_ctrl_base. | |
41 | */ | |
42 | static u64 __ro_after_init x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS; | |
43 | ||
764f3c21 KRW |
44 | /* |
45 | * AMD specific MSR info for Speculative Store Bypass control. | |
46 | * x86_amd_ls_cfg_rds_mask is initialized in identify_boot_cpu(). | |
47 | */ | |
48 | u64 __ro_after_init x86_amd_ls_cfg_base; | |
49 | u64 __ro_after_init x86_amd_ls_cfg_rds_mask; | |
50 | ||
1353ebb4 JF |
51 | void __init check_bugs(void) |
52 | { | |
53 | identify_boot_cpu(); | |
55a36b65 | 54 | |
62a67e12 BP |
55 | if (!IS_ENABLED(CONFIG_SMP)) { |
56 | pr_info("CPU: "); | |
57 | print_cpu_info(&boot_cpu_data); | |
58 | } | |
59 | ||
1b86883c KRW |
60 | /* |
61 | * Read the SPEC_CTRL MSR to account for reserved bits which may | |
764f3c21 KRW |
62 | * have unknown values. AMD64_LS_CFG MSR is cached in the early AMD |
63 | * init code as it is not enumerated and depends on the family. | |
1b86883c KRW |
64 | */ |
65 | if (boot_cpu_has(X86_FEATURE_IBRS)) | |
66 | rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); | |
67 | ||
da285121 DW |
68 | /* Select the proper spectre mitigation before patching alternatives */ |
69 | spectre_v2_select_mitigation(); | |
70 | ||
24f7fc83 KRW |
71 | /* |
72 | * Select proper mitigation for any exposure to the Speculative Store | |
73 | * Bypass vulnerability. | |
74 | */ | |
75 | ssb_select_mitigation(); | |
76 | ||
62a67e12 | 77 | #ifdef CONFIG_X86_32 |
55a36b65 BP |
78 | /* |
79 | * Check whether we are able to run this kernel safely on SMP. | |
80 | * | |
81 | * - i386 is no longer supported. | |
82 | * - In order to run on anything without a TSC, we need to be | |
83 | * compiled for a i486. | |
84 | */ | |
85 | if (boot_cpu_data.x86 < 4) | |
86 | panic("Kernel requires i486+ for 'invlpg' and other features"); | |
87 | ||
bfe4bb15 MV |
88 | init_utsname()->machine[1] = |
89 | '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86); | |
1353ebb4 | 90 | alternative_instructions(); |
304bceda | 91 | |
4d164092 | 92 | fpu__init_check_bugs(); |
62a67e12 BP |
93 | #else /* CONFIG_X86_64 */ |
94 | alternative_instructions(); | |
95 | ||
96 | /* | |
97 | * Make sure the first 2MB area is not mapped by huge pages | |
98 | * There are typically fixed size MTRRs in there and overlapping | |
99 | * MTRRs into large pages causes slow downs. | |
100 | * | |
101 | * Right now we don't do that with gbpages because there seems | |
102 | * very little benefit for that case. | |
103 | */ | |
104 | if (!direct_gbpages) | |
105 | set_memory_4k((unsigned long)__va(0), 1); | |
106 | #endif | |
1353ebb4 | 107 | } |
61dc0f55 | 108 | |
da285121 DW |
109 | /* The kernel command line selection */ |
110 | enum spectre_v2_mitigation_cmd { | |
111 | SPECTRE_V2_CMD_NONE, | |
112 | SPECTRE_V2_CMD_AUTO, | |
113 | SPECTRE_V2_CMD_FORCE, | |
114 | SPECTRE_V2_CMD_RETPOLINE, | |
115 | SPECTRE_V2_CMD_RETPOLINE_GENERIC, | |
116 | SPECTRE_V2_CMD_RETPOLINE_AMD, | |
117 | }; | |
118 | ||
119 | static const char *spectre_v2_strings[] = { | |
120 | [SPECTRE_V2_NONE] = "Vulnerable", | |
121 | [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", | |
122 | [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", | |
123 | [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", | |
124 | [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", | |
125 | }; | |
126 | ||
127 | #undef pr_fmt | |
55fa19d3 | 128 | #define pr_fmt(fmt) "Spectre V2 : " fmt |
da285121 DW |
129 | |
130 | static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; | |
caf7501a | 131 | |
1b86883c KRW |
132 | void x86_spec_ctrl_set(u64 val) |
133 | { | |
1115a859 | 134 | if (val & x86_spec_ctrl_mask) |
1b86883c KRW |
135 | WARN_ONCE(1, "SPEC_CTRL MSR value 0x%16llx is unknown.\n", val); |
136 | else | |
137 | wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base | val); | |
138 | } | |
139 | EXPORT_SYMBOL_GPL(x86_spec_ctrl_set); | |
140 | ||
141 | u64 x86_spec_ctrl_get_default(void) | |
142 | { | |
885f82bf TG |
143 | u64 msrval = x86_spec_ctrl_base; |
144 | ||
145 | if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) | |
146 | msrval |= rds_tif_to_spec_ctrl(current_thread_info()->flags); | |
147 | return msrval; | |
1b86883c KRW |
148 | } |
149 | EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default); | |
150 | ||
5cf68754 KRW |
151 | void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl) |
152 | { | |
885f82bf TG |
153 | u64 host = x86_spec_ctrl_base; |
154 | ||
5cf68754 KRW |
155 | if (!boot_cpu_has(X86_FEATURE_IBRS)) |
156 | return; | |
885f82bf TG |
157 | |
158 | if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) | |
159 | host |= rds_tif_to_spec_ctrl(current_thread_info()->flags); | |
160 | ||
161 | if (host != guest_spec_ctrl) | |
5cf68754 KRW |
162 | wrmsrl(MSR_IA32_SPEC_CTRL, guest_spec_ctrl); |
163 | } | |
164 | EXPORT_SYMBOL_GPL(x86_spec_ctrl_set_guest); | |
165 | ||
166 | void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl) | |
167 | { | |
885f82bf TG |
168 | u64 host = x86_spec_ctrl_base; |
169 | ||
5cf68754 KRW |
170 | if (!boot_cpu_has(X86_FEATURE_IBRS)) |
171 | return; | |
885f82bf TG |
172 | |
173 | if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) | |
174 | host |= rds_tif_to_spec_ctrl(current_thread_info()->flags); | |
175 | ||
176 | if (host != guest_spec_ctrl) | |
177 | wrmsrl(MSR_IA32_SPEC_CTRL, host); | |
5cf68754 KRW |
178 | } |
179 | EXPORT_SYMBOL_GPL(x86_spec_ctrl_restore_host); | |
180 | ||
764f3c21 KRW |
181 | static void x86_amd_rds_enable(void) |
182 | { | |
183 | u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_rds_mask; | |
184 | ||
185 | if (boot_cpu_has(X86_FEATURE_AMD_RDS)) | |
186 | wrmsrl(MSR_AMD64_LS_CFG, msrval); | |
187 | } | |
188 | ||
caf7501a | 189 | #ifdef RETPOLINE |
e383095c TG |
190 | static bool spectre_v2_bad_module; |
191 | ||
caf7501a AK |
192 | bool retpoline_module_ok(bool has_retpoline) |
193 | { | |
194 | if (spectre_v2_enabled == SPECTRE_V2_NONE || has_retpoline) | |
195 | return true; | |
196 | ||
e698dcdf | 197 | pr_err("System may be vulnerable to spectre v2\n"); |
caf7501a AK |
198 | spectre_v2_bad_module = true; |
199 | return false; | |
200 | } | |
e383095c TG |
201 | |
202 | static inline const char *spectre_v2_module_string(void) | |
203 | { | |
204 | return spectre_v2_bad_module ? " - vulnerable module loaded" : ""; | |
205 | } | |
206 | #else | |
207 | static inline const char *spectre_v2_module_string(void) { return ""; } | |
caf7501a | 208 | #endif |
da285121 DW |
209 | |
210 | static void __init spec2_print_if_insecure(const char *reason) | |
211 | { | |
212 | if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) | |
9005c683 | 213 | pr_info("%s selected on command line.\n", reason); |
da285121 DW |
214 | } |
215 | ||
216 | static void __init spec2_print_if_secure(const char *reason) | |
217 | { | |
218 | if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) | |
9005c683 | 219 | pr_info("%s selected on command line.\n", reason); |
da285121 DW |
220 | } |
221 | ||
222 | static inline bool retp_compiler(void) | |
223 | { | |
224 | return __is_defined(RETPOLINE); | |
225 | } | |
226 | ||
227 | static inline bool match_option(const char *arg, int arglen, const char *opt) | |
228 | { | |
229 | int len = strlen(opt); | |
230 | ||
231 | return len == arglen && !strncmp(arg, opt, len); | |
232 | } | |
233 | ||
9005c683 KA |
234 | static const struct { |
235 | const char *option; | |
236 | enum spectre_v2_mitigation_cmd cmd; | |
237 | bool secure; | |
238 | } mitigation_options[] = { | |
239 | { "off", SPECTRE_V2_CMD_NONE, false }, | |
240 | { "on", SPECTRE_V2_CMD_FORCE, true }, | |
241 | { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, | |
242 | { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, | |
243 | { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, | |
244 | { "auto", SPECTRE_V2_CMD_AUTO, false }, | |
245 | }; | |
246 | ||
da285121 DW |
247 | static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) |
248 | { | |
249 | char arg[20]; | |
9005c683 KA |
250 | int ret, i; |
251 | enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; | |
252 | ||
253 | if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) | |
254 | return SPECTRE_V2_CMD_NONE; | |
255 | else { | |
21e433bd | 256 | ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); |
9005c683 KA |
257 | if (ret < 0) |
258 | return SPECTRE_V2_CMD_AUTO; | |
259 | ||
260 | for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { | |
261 | if (!match_option(arg, ret, mitigation_options[i].option)) | |
262 | continue; | |
263 | cmd = mitigation_options[i].cmd; | |
264 | break; | |
265 | } | |
266 | ||
267 | if (i >= ARRAY_SIZE(mitigation_options)) { | |
9de29eac | 268 | pr_err("unknown option (%s). Switching to AUTO select\n", arg); |
da285121 DW |
269 | return SPECTRE_V2_CMD_AUTO; |
270 | } | |
271 | } | |
272 | ||
9005c683 KA |
273 | if ((cmd == SPECTRE_V2_CMD_RETPOLINE || |
274 | cmd == SPECTRE_V2_CMD_RETPOLINE_AMD || | |
275 | cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC) && | |
276 | !IS_ENABLED(CONFIG_RETPOLINE)) { | |
21e433bd | 277 | pr_err("%s selected but not compiled in. Switching to AUTO select\n", mitigation_options[i].option); |
da285121 | 278 | return SPECTRE_V2_CMD_AUTO; |
9005c683 KA |
279 | } |
280 | ||
281 | if (cmd == SPECTRE_V2_CMD_RETPOLINE_AMD && | |
282 | boot_cpu_data.x86_vendor != X86_VENDOR_AMD) { | |
283 | pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n"); | |
284 | return SPECTRE_V2_CMD_AUTO; | |
285 | } | |
286 | ||
287 | if (mitigation_options[i].secure) | |
288 | spec2_print_if_secure(mitigation_options[i].option); | |
289 | else | |
290 | spec2_print_if_insecure(mitigation_options[i].option); | |
291 | ||
292 | return cmd; | |
da285121 DW |
293 | } |
294 | ||
c995efd5 DW |
295 | /* Check for Skylake-like CPUs (for RSB handling) */ |
296 | static bool __init is_skylake_era(void) | |
297 | { | |
298 | if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && | |
299 | boot_cpu_data.x86 == 6) { | |
300 | switch (boot_cpu_data.x86_model) { | |
301 | case INTEL_FAM6_SKYLAKE_MOBILE: | |
302 | case INTEL_FAM6_SKYLAKE_DESKTOP: | |
303 | case INTEL_FAM6_SKYLAKE_X: | |
304 | case INTEL_FAM6_KABYLAKE_MOBILE: | |
305 | case INTEL_FAM6_KABYLAKE_DESKTOP: | |
306 | return true; | |
307 | } | |
308 | } | |
309 | return false; | |
310 | } | |
311 | ||
da285121 DW |
312 | static void __init spectre_v2_select_mitigation(void) |
313 | { | |
314 | enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); | |
315 | enum spectre_v2_mitigation mode = SPECTRE_V2_NONE; | |
316 | ||
317 | /* | |
318 | * If the CPU is not affected and the command line mode is NONE or AUTO | |
319 | * then nothing to do. | |
320 | */ | |
321 | if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && | |
322 | (cmd == SPECTRE_V2_CMD_NONE || cmd == SPECTRE_V2_CMD_AUTO)) | |
323 | return; | |
324 | ||
325 | switch (cmd) { | |
326 | case SPECTRE_V2_CMD_NONE: | |
327 | return; | |
328 | ||
329 | case SPECTRE_V2_CMD_FORCE: | |
da285121 | 330 | case SPECTRE_V2_CMD_AUTO: |
9471eee9 DL |
331 | if (IS_ENABLED(CONFIG_RETPOLINE)) |
332 | goto retpoline_auto; | |
333 | break; | |
da285121 DW |
334 | case SPECTRE_V2_CMD_RETPOLINE_AMD: |
335 | if (IS_ENABLED(CONFIG_RETPOLINE)) | |
336 | goto retpoline_amd; | |
337 | break; | |
338 | case SPECTRE_V2_CMD_RETPOLINE_GENERIC: | |
339 | if (IS_ENABLED(CONFIG_RETPOLINE)) | |
340 | goto retpoline_generic; | |
341 | break; | |
342 | case SPECTRE_V2_CMD_RETPOLINE: | |
343 | if (IS_ENABLED(CONFIG_RETPOLINE)) | |
344 | goto retpoline_auto; | |
345 | break; | |
346 | } | |
21e433bd | 347 | pr_err("Spectre mitigation: kernel not compiled with retpoline; no mitigation available!"); |
da285121 DW |
348 | return; |
349 | ||
350 | retpoline_auto: | |
351 | if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { | |
352 | retpoline_amd: | |
353 | if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { | |
21e433bd | 354 | pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n"); |
da285121 DW |
355 | goto retpoline_generic; |
356 | } | |
357 | mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : | |
358 | SPECTRE_V2_RETPOLINE_MINIMAL_AMD; | |
359 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); | |
360 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE); | |
361 | } else { | |
362 | retpoline_generic: | |
363 | mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC : | |
364 | SPECTRE_V2_RETPOLINE_MINIMAL; | |
365 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE); | |
366 | } | |
367 | ||
368 | spectre_v2_enabled = mode; | |
369 | pr_info("%s\n", spectre_v2_strings[mode]); | |
c995efd5 DW |
370 | |
371 | /* | |
21e433bd | 372 | * If neither SMEP nor PTI are available, there is a risk of |
c995efd5 DW |
373 | * hitting userspace addresses in the RSB after a context switch |
374 | * from a shallow call stack to a deeper one. To prevent this fill | |
375 | * the entire RSB, even when using IBRS. | |
376 | * | |
377 | * Skylake era CPUs have a separate issue with *underflow* of the | |
378 | * RSB, when they will predict 'ret' targets from the generic BTB. | |
379 | * The proper mitigation for this is IBRS. If IBRS is not supported | |
380 | * or deactivated in favour of retpolines the RSB fill on context | |
381 | * switch is required. | |
382 | */ | |
383 | if ((!boot_cpu_has(X86_FEATURE_PTI) && | |
384 | !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { | |
385 | setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); | |
21e433bd | 386 | pr_info("Spectre v2 mitigation: Filling RSB on context switch\n"); |
c995efd5 | 387 | } |
20ffa1ca DW |
388 | |
389 | /* Initialize Indirect Branch Prediction Barrier if supported */ | |
2961298e DW |
390 | if (boot_cpu_has(X86_FEATURE_IBPB)) { |
391 | setup_force_cpu_cap(X86_FEATURE_USE_IBPB); | |
21e433bd | 392 | pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); |
20ffa1ca | 393 | } |
dd84441a DW |
394 | |
395 | /* | |
396 | * Retpoline means the kernel is safe because it has no indirect | |
397 | * branches. But firmware isn't, so use IBRS to protect that. | |
398 | */ | |
399 | if (boot_cpu_has(X86_FEATURE_IBRS)) { | |
400 | setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); | |
401 | pr_info("Enabling Restricted Speculation for firmware calls\n"); | |
402 | } | |
da285121 DW |
403 | } |
404 | ||
24f7fc83 KRW |
405 | #undef pr_fmt |
406 | #define pr_fmt(fmt) "Speculative Store Bypass: " fmt | |
407 | ||
408 | static enum ssb_mitigation ssb_mode = SPEC_STORE_BYPASS_NONE; | |
409 | ||
410 | /* The kernel command line selection */ | |
411 | enum ssb_mitigation_cmd { | |
412 | SPEC_STORE_BYPASS_CMD_NONE, | |
413 | SPEC_STORE_BYPASS_CMD_AUTO, | |
414 | SPEC_STORE_BYPASS_CMD_ON, | |
415 | }; | |
416 | ||
417 | static const char *ssb_strings[] = { | |
418 | [SPEC_STORE_BYPASS_NONE] = "Vulnerable", | |
419 | [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled" | |
420 | }; | |
421 | ||
422 | static const struct { | |
423 | const char *option; | |
424 | enum ssb_mitigation_cmd cmd; | |
425 | } ssb_mitigation_options[] = { | |
426 | { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ | |
427 | { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ | |
428 | { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ | |
429 | }; | |
430 | ||
431 | static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) | |
432 | { | |
433 | enum ssb_mitigation_cmd cmd = SPEC_STORE_BYPASS_CMD_AUTO; | |
434 | char arg[20]; | |
435 | int ret, i; | |
436 | ||
437 | if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) { | |
438 | return SPEC_STORE_BYPASS_CMD_NONE; | |
439 | } else { | |
440 | ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable", | |
441 | arg, sizeof(arg)); | |
442 | if (ret < 0) | |
443 | return SPEC_STORE_BYPASS_CMD_AUTO; | |
444 | ||
445 | for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { | |
446 | if (!match_option(arg, ret, ssb_mitigation_options[i].option)) | |
447 | continue; | |
448 | ||
449 | cmd = ssb_mitigation_options[i].cmd; | |
450 | break; | |
451 | } | |
452 | ||
453 | if (i >= ARRAY_SIZE(ssb_mitigation_options)) { | |
454 | pr_err("unknown option (%s). Switching to AUTO select\n", arg); | |
455 | return SPEC_STORE_BYPASS_CMD_AUTO; | |
456 | } | |
457 | } | |
458 | ||
459 | return cmd; | |
460 | } | |
461 | ||
462 | static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void) | |
463 | { | |
464 | enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE; | |
465 | enum ssb_mitigation_cmd cmd; | |
466 | ||
467 | if (!boot_cpu_has(X86_FEATURE_RDS)) | |
468 | return mode; | |
469 | ||
470 | cmd = ssb_parse_cmdline(); | |
471 | if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) && | |
472 | (cmd == SPEC_STORE_BYPASS_CMD_NONE || | |
473 | cmd == SPEC_STORE_BYPASS_CMD_AUTO)) | |
474 | return mode; | |
475 | ||
476 | switch (cmd) { | |
477 | case SPEC_STORE_BYPASS_CMD_AUTO: | |
764f3c21 KRW |
478 | /* |
479 | * AMD platforms by default don't need SSB mitigation. | |
480 | */ | |
481 | if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) | |
482 | break; | |
24f7fc83 KRW |
483 | case SPEC_STORE_BYPASS_CMD_ON: |
484 | mode = SPEC_STORE_BYPASS_DISABLE; | |
485 | break; | |
486 | case SPEC_STORE_BYPASS_CMD_NONE: | |
487 | break; | |
488 | } | |
489 | ||
77243971 KRW |
490 | /* |
491 | * We have three CPU feature flags that are in play here: | |
492 | * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. | |
493 | * - X86_FEATURE_RDS - CPU is able to turn off speculative store bypass | |
494 | * - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation | |
495 | */ | |
496 | if (mode != SPEC_STORE_BYPASS_NONE) { | |
24f7fc83 | 497 | setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE); |
77243971 KRW |
498 | /* |
499 | * Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD uses | |
500 | * a completely different MSR and bit dependent on family. | |
501 | */ | |
502 | switch (boot_cpu_data.x86_vendor) { | |
503 | case X86_VENDOR_INTEL: | |
504 | x86_spec_ctrl_base |= SPEC_CTRL_RDS; | |
1115a859 | 505 | x86_spec_ctrl_mask &= ~SPEC_CTRL_RDS; |
77243971 KRW |
506 | x86_spec_ctrl_set(SPEC_CTRL_RDS); |
507 | break; | |
508 | case X86_VENDOR_AMD: | |
764f3c21 | 509 | x86_amd_rds_enable(); |
77243971 KRW |
510 | break; |
511 | } | |
512 | } | |
513 | ||
24f7fc83 KRW |
514 | return mode; |
515 | } | |
516 | ||
517 | static void ssb_select_mitigation() | |
518 | { | |
519 | ssb_mode = __ssb_select_mitigation(); | |
520 | ||
521 | if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) | |
522 | pr_info("%s\n", ssb_strings[ssb_mode]); | |
523 | } | |
524 | ||
da285121 DW |
525 | #undef pr_fmt |
526 | ||
77243971 KRW |
527 | void x86_spec_ctrl_setup_ap(void) |
528 | { | |
529 | if (boot_cpu_has(X86_FEATURE_IBRS)) | |
1115a859 | 530 | x86_spec_ctrl_set(x86_spec_ctrl_base & ~x86_spec_ctrl_mask); |
764f3c21 KRW |
531 | |
532 | if (ssb_mode == SPEC_STORE_BYPASS_DISABLE) | |
533 | x86_amd_rds_enable(); | |
77243971 KRW |
534 | } |
535 | ||
61dc0f55 | 536 | #ifdef CONFIG_SYSFS |
d1059518 KRW |
537 | |
538 | ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, | |
539 | char *buf, unsigned int bug) | |
61dc0f55 | 540 | { |
d1059518 | 541 | if (!boot_cpu_has_bug(bug)) |
61dc0f55 | 542 | return sprintf(buf, "Not affected\n"); |
d1059518 KRW |
543 | |
544 | switch (bug) { | |
545 | case X86_BUG_CPU_MELTDOWN: | |
546 | if (boot_cpu_has(X86_FEATURE_PTI)) | |
547 | return sprintf(buf, "Mitigation: PTI\n"); | |
548 | ||
549 | break; | |
550 | ||
551 | case X86_BUG_SPECTRE_V1: | |
552 | return sprintf(buf, "Mitigation: __user pointer sanitization\n"); | |
553 | ||
554 | case X86_BUG_SPECTRE_V2: | |
555 | return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], | |
556 | boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", | |
557 | boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", | |
558 | spectre_v2_module_string()); | |
559 | ||
24f7fc83 KRW |
560 | case X86_BUG_SPEC_STORE_BYPASS: |
561 | return sprintf(buf, "%s\n", ssb_strings[ssb_mode]); | |
562 | ||
d1059518 KRW |
563 | default: |
564 | break; | |
565 | } | |
566 | ||
61dc0f55 TG |
567 | return sprintf(buf, "Vulnerable\n"); |
568 | } | |
569 | ||
d1059518 KRW |
570 | ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) |
571 | { | |
572 | return cpu_show_common(dev, attr, buf, X86_BUG_CPU_MELTDOWN); | |
573 | } | |
574 | ||
21e433bd | 575 | ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) |
61dc0f55 | 576 | { |
d1059518 | 577 | return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V1); |
61dc0f55 TG |
578 | } |
579 | ||
21e433bd | 580 | ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) |
61dc0f55 | 581 | { |
d1059518 | 582 | return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V2); |
61dc0f55 | 583 | } |
c456442c KRW |
584 | |
585 | ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf) | |
586 | { | |
587 | return cpu_show_common(dev, attr, buf, X86_BUG_SPEC_STORE_BYPASS); | |
588 | } | |
61dc0f55 | 589 | #endif |