• Thomas Gleixner's avatar
    x86/speculation/mds: Conditionally clear CPU buffers on idle entry · 9c1043b2
    Thomas Gleixner authored
    Add a static key which controls the invocation of the CPU buffer clear
    mechanism on idle entry. This is independent of other MDS mitigations
    because the idle entry invocation to mitigate the potential leakage due to
    store buffer repartitioning is only necessary on SMT systems.
    
    Add the actual invocations to the different halt/mwait variants which
    covers all usage sites. mwaitx is not patched as it's not available on
    Intel CPUs.
    
    The buffer clear is only invoked before entering the C-State to prevent
    that stale data from the idling CPU is spilled to the Hyper-Thread sibling
    after the Store buffer got repartitioned and all entries are available to
    the non idle sibling.
    
    When coming out of idle the store buffer is partitioned again so each
    sibling has half of it available. Now CPU which returned from idle could be
    speculatively exposed to contents of the sibling, but the buffers are
    flushed either on exit to user space or on VMENTER.
    
    When later on conditional buffer clearing is implemented on top of this,
    then there is no action required either because before returning to user
    space the context switch will set the condition flag which causes a flush
    on the return to user path.
    
    Note, that the buffer clearing on idle is only sensible on CPUs which are
    solely affected by MSBDS and not any other variant of MDS because the other
    MDS variants cannot be mitigated when SMT is enabled, so the buffer
    clearing on idle would be a window dressing exercise.
    
    This intentionally does not handle the case in the acpi/processor_idle
    driver which uses the legacy IO port interface for C-State transitions for
    two reasons:
    
     - The acpi/processor_idle driver was replaced by the intel_idle driver
       almost a decade ago. Anything Nehalem upwards supports it and defaults
       to that new driver.
    
     - The legacy IO port interface is likely to be used on older and therefore
       unaffected CPUs or on systems which do not receive microcode updates
       anymore, so there is no point in adding that.
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
    Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    
    CVE-2018-12126
    CVE-2018-12127
    CVE-2018-12130
    
    (backported from commit 131ddbba14bc156defba98235818f3fb0cd9537e)
    [juergh: Adjusted context.]
    Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
    Acked-by: default avatarTyler Hicks <tyhicks@canonical.com>
    Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    9c1043b2
bugs.c 25.5 KB