| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260130123340.1544-2-moontorise@cfg.kr>
Date: Fri, 30 Jan 2026 21:33:39 +0900
From: Joongsun Moon-Lee <moontorise@....kr>
To: x86@...nel.org,
Thomas Gleixner <tglx@...nel.org>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>
Cc: "H . Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Josh Poimboeuf <jpoimboe@...nel.org>,
linux-kernel@...r.kernel.org,
Joongsun Moon-Lee <moontorise@....kr>
Subject: [PATCH v2 1/2] x86/cpu: Refactor RFDS mitigation to use X86_FEATURE_RFDS_CLEAR
The current RFDS mitigation logic relies on verw_clears_cpu_reg_file(),
which directly checks the RFDS_CLEAR bit in the IA32_ARCH_CAPABILITIES MSR.
To support quirks for CPUs that mitigate RFDS but do not enumerate it,
transition to using the synthetic feature flag X86_FEATURE_RFDS_CLEAR.
Replace the MSR-bit-based check with boot_cpu_has(X86_FEATURE_RFDS_CLEAR)
and synthesize this feature bit in rfds_select_mitigation() if the
architectural RFDS_CLEAR bit is present.
Suggested-by: Dave Hansen <dave.hansen@...ux.intel.com>
Link: https://lore.kernel.org/all/20260129154342.3867-1-moontorise@cfg.kr/
Signed-off-by: Joongsun Moon-Lee <moontorise@....kr>
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/kernel/cpu/bugs.c | 12 +++++-------
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 63b0f9aa9b3e..3480d9ddc046 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -513,6 +513,7 @@
* and purposes if CLEAR_CPU_BUF_VM is set).
*/
#define X86_FEATURE_X2AVIC_EXT (21*32+20) /* AMD SVM x2AVIC support for 4k vCPUs */
+#define X86_FEATURE_RFDS_CLEAR (21*32+21) /* Clear register file via VERW */
/*
* BUG word(s)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 83f51cab0b1e..479702bc9c00 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -648,11 +648,6 @@ static const char * const rfds_strings[] = {
[RFDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode",
};
-static inline bool __init verw_clears_cpu_reg_file(void)
-{
- return (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR);
-}
-
static void __init rfds_select_mitigation(void)
{
if (!boot_cpu_has_bug(X86_BUG_RFDS)) {
@@ -670,7 +665,10 @@ static void __init rfds_select_mitigation(void)
if (rfds_mitigation == RFDS_MITIGATION_OFF)
return;
- if (verw_clears_cpu_reg_file())
+ if (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR)
+ setup_force_cpu_cap(X86_FEATURE_RFDS_CLEAR);
+
+ if (boot_cpu_has(X86_FEATURE_RFDS_CLEAR))
verw_clear_cpu_buf_mitigation_selected = true;
}
@@ -683,7 +681,7 @@ static void __init rfds_update_mitigation(void)
rfds_mitigation = RFDS_MITIGATION_VERW;
if (rfds_mitigation == RFDS_MITIGATION_VERW) {
- if (!verw_clears_cpu_reg_file())
+ if (!boot_cpu_has(X86_FEATURE_RFDS_CLEAR))
rfds_mitigation = RFDS_MITIGATION_UCODE_NEEDED;
}
--
2.52.0
Powered by blists - more mailing lists