| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230615164417.3588162-7-leitao@debian.org>
Date: Thu, 15 Jun 2023 09:44:17 -0700
From: Breno Leitao <leitao@...ian.org>
To: pawan.kumar.gupta@...ux.intel.com, jpoimboe@...nel.org,
peterz@...radead.org, tglx@...utronix.de, bp@...en8.de,
Ingo Molnar <mingo@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>
Cc: leit@...com, linux-kernel@...r.kernel.org
Subject: [PATCH 2/2] x86/speculation: Print error when mitigations are disabled
If mitigations are disabled for MDS, TAA, MMIO we want to let users
aware. This is either disabled by "mitigations=off" kernel argument, or,
by CONFIG_SPECULATION_MITIGATIONS=n
Signed-off-by: Breno Leitao <leitao@...ian.org>
---
arch/x86/kernel/cpu/bugs.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 703649a29181..b678cdd95dc1 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -275,6 +275,7 @@ static void x86_amd_ssb_disable(void)
/* Default mitigation for MDS-affected CPUs */
static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
static bool mds_nosmt __ro_after_init = false;
+#define MDS_WARN_MSG "WARNING: Microarchitectural Data Sampling (MDS) speculative mitigation disabled!\n"
static const char * const mds_strings[] = {
[MDS_MITIGATION_OFF] = "Vulnerable",
@@ -284,11 +285,16 @@ static const char * const mds_strings[] = {
static void __init mds_select_mitigation(void)
{
- if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_speculative_mitigations_off()) {
+ if (!boot_cpu_has_bug(X86_BUG_MDS)) {
mds_mitigation = MDS_MITIGATION_OFF;
return;
}
+ if (cpu_speculative_mitigations_off()) {
+ pr_err(MDS_WARN_MSG);
+ mds_mitigation = MDS_MITIGATION_OFF;
+ }
+
if (mds_mitigation == MDS_MITIGATION_FULL) {
if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
mds_mitigation = MDS_MITIGATION_VMWERV;
@@ -335,6 +341,7 @@ enum taa_mitigations {
/* Default mitigation for TAA-affected CPUs */
static enum taa_mitigations taa_mitigation __ro_after_init = TAA_MITIGATION_VERW;
static bool taa_nosmt __ro_after_init;
+#define TAA_WARN_MSG "WARNING: TSX Asynchronous Abort (TAA) speculative mitigation disabled!\n"
static const char * const taa_strings[] = {
[TAA_MITIGATION_OFF] = "Vulnerable",
@@ -359,6 +366,7 @@ static void __init taa_select_mitigation(void)
}
if (cpu_speculative_mitigations_off()) {
+ pr_err(TAA_WARN_MSG);
taa_mitigation = TAA_MITIGATION_OFF;
return;
}
@@ -436,6 +444,7 @@ enum mmio_mitigations {
/* Default mitigation for Processor MMIO Stale Data vulnerabilities */
static enum mmio_mitigations mmio_mitigation __ro_after_init = MMIO_MITIGATION_VERW;
static bool mmio_nosmt __ro_after_init = false;
+#define MMIO_WARN_MSG "WARNING: MMIO Stale Data speculative mitigation disabled!\n"
static const char * const mmio_strings[] = {
[MMIO_MITIGATION_OFF] = "Vulnerable",
@@ -448,12 +457,16 @@ static void __init mmio_select_mitigation(void)
u64 ia32_cap;
if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) ||
- boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN) ||
- cpu_speculative_mitigations_off()) {
+ boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) {
mmio_mitigation = MMIO_MITIGATION_OFF;
return;
}
+ if (cpu_speculative_mitigations_off()) {
+ pr_err(MMIO_WARN_MSG);
+ mmio_mitigation = MMIO_MITIGATION_OFF;
+ }
+
if (mmio_mitigation == MMIO_MITIGATION_OFF)
return;
--
2.34.1
Powered by blists - more mailing lists