Two x86 fixes related to TSX:
- Use either MSR_TSX_FORCE_ABORT or MSR_IA32_TSX_CTRL to disable TSX to
cover all CPUs which allow to disable it.
- Disable TSX development mode at boot so that a microcode update which
provides TSX development mode does not suddenly make the system
vulnerable to TSX Asynchronous Abort.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmJb5LYTHHRnbHhAbGlu
dXRyb25peC5kZQAKCRCmGPVMDXSYoVVbD/9cxZWkFctCiymedUZqLabkfpYSki65
MngdpCPzCNaaIdlp44lwCido5+gJsY9unXdm3OAUzLjv6SsxxpDr5njz1/C6TM1l
XmWjlkLEbG2QDPd1Ybd/lpYQORBmiukyo8v8x0yFT7ZzwvSddoDZAbeUtkQBrIin
sDTeExsewKzL2X5qXhttrHLHu1PYgurn4ThIrrG+eg2e4FNk6UUFUS3TOyMvzJDg
NWJ7N5pGy9YkR7CISq1q+qdnH55pGaUrgonDi2qBTt3EaH0fQtZP2ZtIOYr3O4nI
YCx6isrIiGUB6kSygofxmk4B+22CaUJXd2OcUxMZ/Th/a2aCK+35BtGVPXQGi6nU
d7m+ZWB7dShOiejFygS59ty+5L5kliKXYZfUASsq1CLoXH8K1xUwBMkbY5FQ2WH1
Ue4KUvjguNqsgSRAfeHdOi6B36oot0Xf9JO013Wm3V/r9hsGPtSOjWwFuVvT/euw
a9iFtruATxDssBxH/l0djCKnwwm5yuOt1OpyizcIMFnlCgRD06h/6zgAvsJK7c8d
dh6lC4D2mXP1e2wtEyZelve1tmRJ/FeReyG2V5FNU7m1mWYGm1rJZ4AEvnbrzcbC
ePwFva0lPu8GVKG6HRgHfR8PjuQ7TFmKPKytT7fboIqQpTIY+1Q75wYD4eXkSu8Q
/ltzXQz/8lz7bA==
=UQaW
-----END PGP SIGNATURE-----
Merge tag 'x86-urgent-2022-04-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
"Two x86 fixes related to TSX:
- Use either MSR_TSX_FORCE_ABORT or MSR_IA32_TSX_CTRL to disable TSX
to cover all CPUs which allow to disable it.
- Disable TSX development mode at boot so that a microcode update
which provides TSX development mode does not suddenly make the
system vulnerable to TSX Asynchronous Abort"
* tag 'x86-urgent-2022-04-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/tsx: Disable TSX development mode at boot
x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits
This commit is contained in:
Linus Torvalds
commit
3a69a44278
|
|
@ -128,9 +128,9 @@
|
|||
#define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */
|
||||
#define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */
|
||||
|
||||
/* SRBDS support */
|
||||
#define MSR_IA32_MCU_OPT_CTRL 0x00000123
|
||||
#define RNGDS_MITG_DIS BIT(0)
|
||||
#define RNGDS_MITG_DIS BIT(0) /* SRBDS support */
|
||||
#define RTM_ALLOW BIT(1) /* TSX development mode */
|
||||
|
||||
#define MSR_IA32_SYSENTER_CS 0x00000174
|
||||
#define MSR_IA32_SYSENTER_ESP 0x00000175
|
||||
|
|
|
|||
|
|
@ -1855,6 +1855,8 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c)
|
|||
validate_apic_and_package_id(c);
|
||||
x86_spec_ctrl_setup_ap();
|
||||
update_srbds_msr();
|
||||
|
||||
tsx_ap_init();
|
||||
}
|
||||
|
||||
static __init int setup_noclflush(char *arg)
|
||||
|
|
|
|||
|
|
@ -55,11 +55,10 @@ enum tsx_ctrl_states {
|
|||
extern __ro_after_init enum tsx_ctrl_states tsx_ctrl_state;
|
||||
|
||||
extern void __init tsx_init(void);
|
||||
extern void tsx_enable(void);
|
||||
extern void tsx_disable(void);
|
||||
extern void tsx_clear_cpuid(void);
|
||||
void tsx_ap_init(void);
|
||||
#else
|
||||
static inline void tsx_init(void) { }
|
||||
static inline void tsx_ap_init(void) { }
|
||||
#endif /* CONFIG_CPU_SUP_INTEL */
|
||||
|
||||
extern void get_cpu_cap(struct cpuinfo_x86 *c);
|
||||
|
|
|
|||
|
|
@ -717,13 +717,6 @@ static void init_intel(struct cpuinfo_x86 *c)
|
|||
|
||||
init_intel_misc_features(c);
|
||||
|
||||
if (tsx_ctrl_state == TSX_CTRL_ENABLE)
|
||||
tsx_enable();
|
||||
else if (tsx_ctrl_state == TSX_CTRL_DISABLE)
|
||||
tsx_disable();
|
||||
else if (tsx_ctrl_state == TSX_CTRL_RTM_ALWAYS_ABORT)
|
||||
tsx_clear_cpuid();
|
||||
|
||||
split_lock_init();
|
||||
bus_lock_init();
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
enum tsx_ctrl_states tsx_ctrl_state __ro_after_init = TSX_CTRL_NOT_SUPPORTED;
|
||||
|
||||
void tsx_disable(void)
|
||||
static void tsx_disable(void)
|
||||
{
|
||||
u64 tsx;
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ void tsx_disable(void)
|
|||
wrmsrl(MSR_IA32_TSX_CTRL, tsx);
|
||||
}
|
||||
|
||||
void tsx_enable(void)
|
||||
static void tsx_enable(void)
|
||||
{
|
||||
u64 tsx;
|
||||
|
||||
|
|
@ -58,7 +58,7 @@ void tsx_enable(void)
|
|||
wrmsrl(MSR_IA32_TSX_CTRL, tsx);
|
||||
}
|
||||
|
||||
static bool __init tsx_ctrl_is_supported(void)
|
||||
static bool tsx_ctrl_is_supported(void)
|
||||
{
|
||||
u64 ia32_cap = x86_read_arch_cap_msr();
|
||||
|
||||
|
|
@ -84,7 +84,45 @@ static enum tsx_ctrl_states x86_get_tsx_auto_mode(void)
|
|||
return TSX_CTRL_ENABLE;
|
||||
}
|
||||
|
||||
void tsx_clear_cpuid(void)
|
||||
/*
|
||||
* Disabling TSX is not a trivial business.
|
||||
*
|
||||
* First of all, there's a CPUID bit: X86_FEATURE_RTM_ALWAYS_ABORT
|
||||
* which says that TSX is practically disabled (all transactions are
|
||||
* aborted by default). When that bit is set, the kernel unconditionally
|
||||
* disables TSX.
|
||||
*
|
||||
* In order to do that, however, it needs to dance a bit:
|
||||
*
|
||||
* 1. The first method to disable it is through MSR_TSX_FORCE_ABORT and
|
||||
* the MSR is present only when *two* CPUID bits are set:
|
||||
*
|
||||
* - X86_FEATURE_RTM_ALWAYS_ABORT
|
||||
* - X86_FEATURE_TSX_FORCE_ABORT
|
||||
*
|
||||
* 2. The second method is for CPUs which do not have the above-mentioned
|
||||
* MSR: those use a different MSR - MSR_IA32_TSX_CTRL and disable TSX
|
||||
* through that one. Those CPUs can also have the initially mentioned
|
||||
* CPUID bit X86_FEATURE_RTM_ALWAYS_ABORT set and for those the same strategy
|
||||
* applies: TSX gets disabled unconditionally.
|
||||
*
|
||||
* When either of the two methods are present, the kernel disables TSX and
|
||||
* clears the respective RTM and HLE feature flags.
|
||||
*
|
||||
* An additional twist in the whole thing presents late microcode loading
|
||||
* which, when done, may cause for the X86_FEATURE_RTM_ALWAYS_ABORT CPUID
|
||||
* bit to be set after the update.
|
||||
*
|
||||
* A subsequent hotplug operation on any logical CPU except the BSP will
|
||||
* cause for the supported CPUID feature bits to get re-detected and, if
|
||||
* RTM and HLE get cleared all of a sudden, but, userspace did consult
|
||||
* them before the update, then funny explosions will happen. Long story
|
||||
* short: the kernel doesn't modify CPUID feature bits after booting.
|
||||
*
|
||||
* That's why, this function's call in init_intel() doesn't clear the
|
||||
* feature flags.
|
||||
*/
|
||||
static void tsx_clear_cpuid(void)
|
||||
{
|
||||
u64 msr;
|
||||
|
||||
|
|
@ -97,6 +135,39 @@ void tsx_clear_cpuid(void)
|
|||
rdmsrl(MSR_TSX_FORCE_ABORT, msr);
|
||||
msr |= MSR_TFA_TSX_CPUID_CLEAR;
|
||||
wrmsrl(MSR_TSX_FORCE_ABORT, msr);
|
||||
} else if (tsx_ctrl_is_supported()) {
|
||||
rdmsrl(MSR_IA32_TSX_CTRL, msr);
|
||||
msr |= TSX_CTRL_CPUID_CLEAR;
|
||||
wrmsrl(MSR_IA32_TSX_CTRL, msr);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Disable TSX development mode
|
||||
*
|
||||
* When the microcode released in Feb 2022 is applied, TSX will be disabled by
|
||||
* default on some processors. MSR 0x122 (TSX_CTRL) and MSR 0x123
|
||||
* (IA32_MCU_OPT_CTRL) can be used to re-enable TSX for development, doing so is
|
||||
* not recommended for production deployments. In particular, applying MD_CLEAR
|
||||
* flows for mitigation of the Intel TSX Asynchronous Abort (TAA) transient
|
||||
* execution attack may not be effective on these processors when Intel TSX is
|
||||
* enabled with updated microcode.
|
||||
*/
|
||||
static void tsx_dev_mode_disable(void)
|
||||
{
|
||||
u64 mcu_opt_ctrl;
|
||||
|
||||
/* Check if RTM_ALLOW exists */
|
||||
if (!boot_cpu_has_bug(X86_BUG_TAA) || !tsx_ctrl_is_supported() ||
|
||||
!cpu_feature_enabled(X86_FEATURE_SRBDS_CTRL))
|
||||
return;
|
||||
|
||||
rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_opt_ctrl);
|
||||
|
||||
if (mcu_opt_ctrl & RTM_ALLOW) {
|
||||
mcu_opt_ctrl &= ~RTM_ALLOW;
|
||||
wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_opt_ctrl);
|
||||
setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -105,14 +176,14 @@ void __init tsx_init(void)
|
|||
char arg[5] = {};
|
||||
int ret;
|
||||
|
||||
tsx_dev_mode_disable();
|
||||
|
||||
/*
|
||||
* Hardware will always abort a TSX transaction if both CPUID bits
|
||||
* RTM_ALWAYS_ABORT and TSX_FORCE_ABORT are set. In this case, it is
|
||||
* better not to enumerate CPUID.RTM and CPUID.HLE bits. Clear them
|
||||
* here.
|
||||
* Hardware will always abort a TSX transaction when the CPUID bit
|
||||
* RTM_ALWAYS_ABORT is set. In this case, it is better not to enumerate
|
||||
* CPUID.RTM and CPUID.HLE bits. Clear them here.
|
||||
*/
|
||||
if (boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) &&
|
||||
boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT)) {
|
||||
if (boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT)) {
|
||||
tsx_ctrl_state = TSX_CTRL_RTM_ALWAYS_ABORT;
|
||||
tsx_clear_cpuid();
|
||||
setup_clear_cpu_cap(X86_FEATURE_RTM);
|
||||
|
|
@ -175,3 +246,16 @@ void __init tsx_init(void)
|
|||
setup_force_cpu_cap(X86_FEATURE_HLE);
|
||||
}
|
||||
}
|
||||
|
||||
void tsx_ap_init(void)
|
||||
{
|
||||
tsx_dev_mode_disable();
|
||||
|
||||
if (tsx_ctrl_state == TSX_CTRL_ENABLE)
|
||||
tsx_enable();
|
||||
else if (tsx_ctrl_state == TSX_CTRL_DISABLE)
|
||||
tsx_disable();
|
||||
else if (tsx_ctrl_state == TSX_CTRL_RTM_ALWAYS_ABORT)
|
||||
/* See comment over that function for more details. */
|
||||
tsx_clear_cpuid();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -128,9 +128,9 @@
|
|||
#define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */
|
||||
#define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */
|
||||
|
||||
/* SRBDS support */
|
||||
#define MSR_IA32_MCU_OPT_CTRL 0x00000123
|
||||
#define RNGDS_MITG_DIS BIT(0)
|
||||
#define RNGDS_MITG_DIS BIT(0) /* SRBDS support */
|
||||
#define RTM_ALLOW BIT(1) /* TSX development mode */
|
||||
|
||||
#define MSR_IA32_SYSENTER_CS 0x00000174
|
||||
#define MSR_IA32_SYSENTER_ESP 0x00000175
|
||||
|
|
|
|||
Loading…
Reference in New Issue