| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260130123340.1544-1-moontorise@cfg.kr> Date: Fri, 30 Jan 2026 21:33:38 +0900 From: Joongsun Moon-Lee <moontorise@....kr> To: x86@...nel.org, Thomas Gleixner <tglx@...nel.org>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com> Cc: "H . Peter Anvin" <hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Josh Poimboeuf <jpoimboe@...nel.org>, linux-kernel@...r.kernel.org, Joongsun Moon-Lee <moontorise@....kr> Subject: [PATCH v2 0/2] x86/cpu/intel: Add RFDS mitigation quirk for Goldmont and Tremont-D Greetings, I would like to thank Dave Hansen for the insightful feedback on the first version; the suggested refactoring has significantly improved the clarity and structure of this series. This is the second version of the patch series to support RFDS mitigation specifically for Goldmont and Tremont-D processors. While most affected processors received microcode updates [1] to enumerate the RFDS_CLEAR bit, Goldmont and Tremont-D support the VERW-based mitigation but fail to report it via MSR. This series provides an implicit quirk to enable protection for these models. Changes since v1: - Split the original patch into two parts as suggested by Dave Hansen: 1. x86/cpu: Refactor RFDS mitigation to use X86_FEATURE_RFDS_CLEAR 2. x86/cpu/intel: Add implicit RFDS mitigation for Goldmont and Tremont-D - Improved the quirk detection logic: Instead of manual revision checks, it now leverages X86_BUG_OLD_MICROCODE. Technical Note on Tremont-D: According to Intel's guidance [2], Tremont-D stepping 7 is listed as "MCU + Software" mitigatable. However, as no microcode update has been observed for this model, patch 2 identifies Tremont-D stepping 7 implicitly to enable VERW mitigation. This approach aligns with Intel's documented strategy, even though the actual VERW side-effects on this microcode cannot be independently verified. [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 [2] https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html#tab-blade-1-1 Link: https://lore.kernel.org/all/20260129154342.3867-1-moontorise@cfg.kr/ Signed-off-by: Joongsun Moon-Lee <moontorise@....kr> Joongsun Moon-Lee (2): x86/cpu: Refactor RFDS mitigation to use X86_FEATURE_RFDS_CLEAR x86/cpu/intel: Add implicit RFDS mitigation for Goldmont and Tremont-D arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kernel/cpu/bugs.c | 12 +++++------- arch/x86/kernel/cpu/intel.c | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 7 deletions(-) -- 2.52.0
Powered by blists - more mailing lists