LCOV - code coverage report
Current view: top level - arch/x86/kernel/cpu - bugs.c (source / functions) Hit Total Coverage
Test: combined.info Lines: 107 512 20.9 %
Date: 2022-04-01 14:58:12 Functions: 17 51 33.3 %
Branches: 36 402 9.0 %

           Branch data     Line data    Source code
       1                 :            : // SPDX-License-Identifier: GPL-2.0
       2                 :            : /*
       3                 :            :  *  Copyright (C) 1994  Linus Torvalds
       4                 :            :  *
       5                 :            :  *  Cyrix stuff, June 1998 by:
       6                 :            :  *      - Rafael R. Reilova (moved everything from head.S),
       7                 :            :  *        <rreilova@ececs.uc.edu>
       8                 :            :  *      - Channing Corn (tests & fixes),
       9                 :            :  *      - Andrew D. Balsa (code cleanup).
      10                 :            :  */
      11                 :            : #include <linux/init.h>
      12                 :            : #include <linux/utsname.h>
      13                 :            : #include <linux/cpu.h>
      14                 :            : #include <linux/module.h>
      15                 :            : #include <linux/nospec.h>
      16                 :            : #include <linux/prctl.h>
      17                 :            : #include <linux/sched/smt.h>
      18                 :            : 
      19                 :            : #include <asm/spec-ctrl.h>
      20                 :            : #include <asm/cmdline.h>
      21                 :            : #include <asm/bugs.h>
      22                 :            : #include <asm/processor.h>
      23                 :            : #include <asm/processor-flags.h>
      24                 :            : #include <asm/fpu/internal.h>
      25                 :            : #include <asm/msr.h>
      26                 :            : #include <asm/vmx.h>
      27                 :            : #include <asm/paravirt.h>
      28                 :            : #include <asm/alternative.h>
      29                 :            : #include <asm/pgtable.h>
      30                 :            : #include <asm/set_memory.h>
      31                 :            : #include <asm/intel-family.h>
      32                 :            : #include <asm/e820/api.h>
      33                 :            : #include <asm/hypervisor.h>
      34                 :            : 
      35                 :            : #include "cpu.h"
      36                 :            : 
      37                 :            : static void __init spectre_v1_select_mitigation(void);
      38                 :            : static void __init spectre_v2_select_mitigation(void);
      39                 :            : static void __init ssb_select_mitigation(void);
      40                 :            : static void __init l1tf_select_mitigation(void);
      41                 :            : static void __init mds_select_mitigation(void);
      42                 :            : static void __init mds_print_mitigation(void);
      43                 :            : static void __init taa_select_mitigation(void);
      44                 :            : 
      45                 :            : /* The base value of the SPEC_CTRL MSR that always has to be preserved. */
      46                 :            : u64 x86_spec_ctrl_base;
      47                 :            : EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
      48                 :            : static DEFINE_MUTEX(spec_ctrl_mutex);
      49                 :            : 
      50                 :            : /*
      51                 :            :  * The vendor and possibly platform specific bits which can be modified in
      52                 :            :  * x86_spec_ctrl_base.
      53                 :            :  */
      54                 :            : static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS;
      55                 :            : 
      56                 :            : /*
      57                 :            :  * AMD specific MSR info for Speculative Store Bypass control.
      58                 :            :  * x86_amd_ls_cfg_ssbd_mask is initialized in identify_boot_cpu().
      59                 :            :  */
      60                 :            : u64 __ro_after_init x86_amd_ls_cfg_base;
      61                 :            : u64 __ro_after_init x86_amd_ls_cfg_ssbd_mask;
      62                 :            : 
      63                 :            : /* Control conditional STIBP in switch_to() */
      64                 :            : DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp);
      65                 :            : /* Control conditional IBPB in switch_mm() */
      66                 :            : DEFINE_STATIC_KEY_FALSE(switch_mm_cond_ibpb);
      67                 :            : /* Control unconditional IBPB in switch_mm() */
      68                 :            : DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
      69                 :            : 
      70                 :            : /* Control MDS CPU buffer clear before returning to user space */
      71                 :            : DEFINE_STATIC_KEY_FALSE(mds_user_clear);
      72                 :            : EXPORT_SYMBOL_GPL(mds_user_clear);
      73                 :            : /* Control MDS CPU buffer clear before idling (halt, mwait) */
      74                 :            : DEFINE_STATIC_KEY_FALSE(mds_idle_clear);
      75                 :            : EXPORT_SYMBOL_GPL(mds_idle_clear);
      76                 :            : 
      77                 :          3 : void __init check_bugs(void)
      78                 :            : {
      79                 :          3 :         identify_boot_cpu();
      80                 :            : 
      81                 :            :         /*
      82                 :            :          * identify_boot_cpu() initialized SMT support information, let the
      83                 :            :          * core code know.
      84                 :            :          */
      85                 :          3 :         cpu_smt_check_topology();
      86                 :            : 
      87                 :          3 :         if (!IS_ENABLED(CONFIG_SMP)) {
      88                 :            :                 pr_info("CPU: ");
      89                 :            :                 print_cpu_info(&boot_cpu_data);
      90                 :            :         }
      91                 :            : 
      92                 :            :         /*
      93                 :            :          * Read the SPEC_CTRL MSR to account for reserved bits which may
      94                 :            :          * have unknown values. AMD64_LS_CFG MSR is cached in the early AMD
      95                 :            :          * init code as it is not enumerated and depends on the family.
      96                 :            :          */
      97         [ -  + ]:          3 :         if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
      98                 :          0 :                 rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
      99                 :            : 
     100                 :            :         /* Allow STIBP in MSR_SPEC_CTRL if supported */
     101         [ -  + ]:          3 :         if (boot_cpu_has(X86_FEATURE_STIBP))
     102                 :          0 :                 x86_spec_ctrl_mask |= SPEC_CTRL_STIBP;
     103                 :            : 
     104                 :            :         /* Select the proper CPU mitigations before patching alternatives: */
     105                 :          3 :         spectre_v1_select_mitigation();
     106                 :          3 :         spectre_v2_select_mitigation();
     107                 :          3 :         ssb_select_mitigation();
     108                 :          3 :         l1tf_select_mitigation();
     109                 :          3 :         mds_select_mitigation();
     110                 :          3 :         taa_select_mitigation();
     111                 :            : 
     112                 :            :         /*
     113                 :            :          * As MDS and TAA mitigations are inter-related, print MDS
     114                 :            :          * mitigation until after TAA mitigation selection is done.
     115                 :            :          */
     116                 :          3 :         mds_print_mitigation();
     117                 :            : 
     118                 :          3 :         arch_smt_update();
     119                 :            : 
     120                 :            : #ifdef CONFIG_X86_32
     121                 :            :         /*
     122                 :            :          * Check whether we are able to run this kernel safely on SMP.
     123                 :            :          *
     124                 :            :          * - i386 is no longer supported.
     125                 :            :          * - In order to run on anything without a TSC, we need to be
     126                 :            :          *   compiled for a i486.
     127                 :            :          */
     128                 :            :         if (boot_cpu_data.x86 < 4)
     129                 :            :                 panic("Kernel requires i486+ for 'invlpg' and other features");
     130                 :            : 
     131                 :            :         init_utsname()->machine[1] =
     132                 :            :                 '0' + (boot_cpu_data.x86 > 6 ? 6 : boot_cpu_data.x86);
     133                 :            :         alternative_instructions();
     134                 :            : 
     135                 :            :         fpu__init_check_bugs();
     136                 :            : #else /* CONFIG_X86_64 */
     137                 :          3 :         alternative_instructions();
     138                 :            : 
     139                 :            :         /*
     140                 :            :          * Make sure the first 2MB area is not mapped by huge pages
     141                 :            :          * There are typically fixed size MTRRs in there and overlapping
     142                 :            :          * MTRRs into large pages causes slow downs.
     143                 :            :          *
     144                 :            :          * Right now we don't do that with gbpages because there seems
     145                 :            :          * very little benefit for that case.
     146                 :            :          */
     147         [ +  - ]:          3 :         if (!direct_gbpages)
     148                 :          3 :                 set_memory_4k((unsigned long)__va(0), 1);
     149                 :            : #endif
     150                 :          3 : }
     151                 :            : 
     152                 :            : void
     153                 :          0 : x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
     154                 :            : {
     155                 :          0 :         u64 msrval, guestval, hostval = x86_spec_ctrl_base;
     156      [ #  #  # ]:          0 :         struct thread_info *ti = current_thread_info();
     157                 :            : 
     158                 :            :         /* Is MSR_SPEC_CTRL implemented ? */
     159      [ #  #  # ]:          0 :         if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
     160                 :            :                 /*
     161                 :            :                  * Restrict guest_spec_ctrl to supported values. Clear the
     162                 :            :                  * modifiable bits in the host base value and or the
     163                 :            :                  * modifiable bits from the guest value.
     164                 :            :                  */
     165                 :          0 :                 guestval = hostval & ~x86_spec_ctrl_mask;
     166                 :          0 :                 guestval |= guest_spec_ctrl & x86_spec_ctrl_mask;
     167                 :            : 
     168                 :            :                 /* SSBD controlled in MSR_SPEC_CTRL */
     169      [ #  #  # ]:          0 :                 if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
     170                 :            :                     static_cpu_has(X86_FEATURE_AMD_SSBD))
     171                 :          0 :                         hostval |= ssbd_tif_to_spec_ctrl(ti->flags);
     172                 :            : 
     173                 :            :                 /* Conditional STIBP enabled? */
     174   [ #  #  #  # ]:          0 :                 if (static_branch_unlikely(&switch_to_cond_stibp))
     175                 :          0 :                         hostval |= stibp_tif_to_spec_ctrl(ti->flags);
     176                 :            : 
     177         [ #  # ]:          0 :                 if (hostval != guestval) {
     178         [ #  # ]:          0 :                         msrval = setguest ? guestval : hostval;
     179                 :          0 :                         wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
     180                 :            :                 }
     181                 :            :         }
     182                 :            : 
     183                 :            :         /*
     184                 :            :          * If SSBD is not handled in MSR_SPEC_CTRL on AMD, update
     185                 :            :          * MSR_AMD64_L2_CFG or MSR_VIRT_SPEC_CTRL if supported.
     186                 :            :          */
     187      [ #  #  # ]:          0 :         if (!static_cpu_has(X86_FEATURE_LS_CFG_SSBD) &&
     188                 :            :             !static_cpu_has(X86_FEATURE_VIRT_SSBD))
     189                 :            :                 return;
     190                 :            : 
     191                 :            :         /*
     192                 :            :          * If the host has SSBD mitigation enabled, force it in the host's
     193                 :            :          * virtual MSR value. If its not permanently enabled, evaluate
     194                 :            :          * current's TIF_SSBD thread flag.
     195                 :            :          */
     196      [ #  #  # ]:          0 :         if (static_cpu_has(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE))
     197                 :            :                 hostval = SPEC_CTRL_SSBD;
     198                 :            :         else
     199                 :          0 :                 hostval = ssbd_tif_to_spec_ctrl(ti->flags);
     200                 :            : 
     201                 :            :         /* Sanitize the guest value */
     202                 :          0 :         guestval = guest_virt_spec_ctrl & SPEC_CTRL_SSBD;
     203                 :            : 
     204         [ #  # ]:          0 :         if (hostval != guestval) {
     205                 :          0 :                 unsigned long tif;
     206                 :            : 
     207         [ #  # ]:          0 :                 tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) :
     208                 :            :                                  ssbd_spec_ctrl_to_tif(hostval);
     209                 :            : 
     210                 :          0 :                 speculation_ctrl_update(tif);
     211                 :            :         }
     212                 :            : }
     213                 :            : EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl);
     214                 :            : 
     215                 :          0 : static void x86_amd_ssb_disable(void)
     216                 :            : {
     217                 :          0 :         u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
     218                 :            : 
     219         [ #  # ]:          0 :         if (boot_cpu_has(X86_FEATURE_VIRT_SSBD))
     220                 :          0 :                 wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, SPEC_CTRL_SSBD);
     221         [ #  # ]:          0 :         else if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
     222                 :          0 :                 wrmsrl(MSR_AMD64_LS_CFG, msrval);
     223                 :          0 : }
     224                 :            : 
     225                 :            : #undef pr_fmt
     226                 :            : #define pr_fmt(fmt)     "MDS: " fmt
     227                 :            : 
     228                 :            : /* Default mitigation for MDS-affected CPUs */
     229                 :            : static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
     230                 :            : static bool mds_nosmt __ro_after_init = false;
     231                 :            : 
     232                 :            : static const char * const mds_strings[] = {
     233                 :            :         [MDS_MITIGATION_OFF]    = "Vulnerable",
     234                 :            :         [MDS_MITIGATION_FULL]   = "Mitigation: Clear CPU buffers",
     235                 :            :         [MDS_MITIGATION_VMWERV] = "Vulnerable: Clear CPU buffers attempted, no microcode",
     236                 :            : };
     237                 :            : 
     238                 :          3 : static void __init mds_select_mitigation(void)
     239                 :            : {
     240   [ -  +  -  - ]:          3 :         if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
     241                 :          3 :                 mds_mitigation = MDS_MITIGATION_OFF;
     242                 :          3 :                 return;
     243                 :            :         }
     244                 :            : 
     245         [ #  # ]:          0 :         if (mds_mitigation == MDS_MITIGATION_FULL) {
     246         [ #  # ]:          0 :                 if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
     247                 :          0 :                         mds_mitigation = MDS_MITIGATION_VMWERV;
     248                 :            : 
     249                 :          0 :                 static_branch_enable(&mds_user_clear);
     250                 :            : 
     251         [ #  # ]:          0 :                 if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
     252   [ #  #  #  # ]:          0 :                     (mds_nosmt || cpu_mitigations_auto_nosmt()))
     253                 :          0 :                         cpu_smt_disable(false);
     254                 :            :         }
     255                 :            : }
     256                 :            : 
     257                 :          3 : static void __init mds_print_mitigation(void)
     258                 :            : {
     259   [ -  +  -  - ]:          3 :         if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off())
     260                 :          3 :                 return;
     261                 :            : 
     262                 :          0 :         pr_info("%s\n", mds_strings[mds_mitigation]);
     263                 :            : }
     264                 :            : 
     265                 :          0 : static int __init mds_cmdline(char *str)
     266                 :            : {
     267         [ #  # ]:          0 :         if (!boot_cpu_has_bug(X86_BUG_MDS))
     268                 :            :                 return 0;
     269                 :            : 
     270         [ #  # ]:          0 :         if (!str)
     271                 :            :                 return -EINVAL;
     272                 :            : 
     273         [ #  # ]:          0 :         if (!strcmp(str, "off"))
     274                 :          0 :                 mds_mitigation = MDS_MITIGATION_OFF;
     275         [ #  # ]:          0 :         else if (!strcmp(str, "full"))
     276                 :          0 :                 mds_mitigation = MDS_MITIGATION_FULL;
     277         [ #  # ]:          0 :         else if (!strcmp(str, "full,nosmt")) {
     278                 :          0 :                 mds_mitigation = MDS_MITIGATION_FULL;
     279                 :          0 :                 mds_nosmt = true;
     280                 :            :         }
     281                 :            : 
     282                 :            :         return 0;
     283                 :            : }
     284                 :            : early_param("mds", mds_cmdline);
     285                 :            : 
     286                 :            : #undef pr_fmt
     287                 :            : #define pr_fmt(fmt)     "TAA: " fmt
     288                 :            : 
     289                 :            : enum taa_mitigations {
     290                 :            :         TAA_MITIGATION_OFF,
     291                 :            :         TAA_MITIGATION_UCODE_NEEDED,
     292                 :            :         TAA_MITIGATION_VERW,
     293                 :            :         TAA_MITIGATION_TSX_DISABLED,
     294                 :            : };
     295                 :            : 
     296                 :            : /* Default mitigation for TAA-affected CPUs */
     297                 :            : static enum taa_mitigations taa_mitigation __ro_after_init = TAA_MITIGATION_VERW;
     298                 :            : static bool taa_nosmt __ro_after_init;
     299                 :            : 
     300                 :            : static const char * const taa_strings[] = {
     301                 :            :         [TAA_MITIGATION_OFF]            = "Vulnerable",
     302                 :            :         [TAA_MITIGATION_UCODE_NEEDED]   = "Vulnerable: Clear CPU buffers attempted, no microcode",
     303                 :            :         [TAA_MITIGATION_VERW]           = "Mitigation: Clear CPU buffers",
     304                 :            :         [TAA_MITIGATION_TSX_DISABLED]   = "Mitigation: TSX disabled",
     305                 :            : };
     306                 :            : 
     307                 :          3 : static void __init taa_select_mitigation(void)
     308                 :            : {
     309                 :          3 :         u64 ia32_cap;
     310                 :            : 
     311         [ +  - ]:          3 :         if (!boot_cpu_has_bug(X86_BUG_TAA)) {
     312                 :          3 :                 taa_mitigation = TAA_MITIGATION_OFF;
     313                 :          3 :                 return;
     314                 :            :         }
     315                 :            : 
     316                 :            :         /* TSX previously disabled by tsx=off */
     317         [ #  # ]:          0 :         if (!boot_cpu_has(X86_FEATURE_RTM)) {
     318                 :          0 :                 taa_mitigation = TAA_MITIGATION_TSX_DISABLED;
     319                 :          0 :                 goto out;
     320                 :            :         }
     321                 :            : 
     322         [ #  # ]:          0 :         if (cpu_mitigations_off()) {
     323                 :          0 :                 taa_mitigation = TAA_MITIGATION_OFF;
     324                 :          0 :                 return;
     325                 :            :         }
     326                 :            : 
     327                 :            :         /*
     328                 :            :          * TAA mitigation via VERW is turned off if both
     329                 :            :          * tsx_async_abort=off and mds=off are specified.
     330                 :            :          */
     331         [ #  # ]:          0 :         if (taa_mitigation == TAA_MITIGATION_OFF &&
     332         [ #  # ]:          0 :             mds_mitigation == MDS_MITIGATION_OFF)
     333                 :          0 :                 goto out;
     334                 :            : 
     335         [ #  # ]:          0 :         if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
     336                 :          0 :                 taa_mitigation = TAA_MITIGATION_VERW;
     337                 :            :         else
     338                 :          0 :                 taa_mitigation = TAA_MITIGATION_UCODE_NEEDED;
     339                 :            : 
     340                 :            :         /*
     341                 :            :          * VERW doesn't clear the CPU buffers when MD_CLEAR=1 and MDS_NO=1.
     342                 :            :          * A microcode update fixes this behavior to clear CPU buffers. It also
     343                 :            :          * adds support for MSR_IA32_TSX_CTRL which is enumerated by the
     344                 :            :          * ARCH_CAP_TSX_CTRL_MSR bit.
     345                 :            :          *
     346                 :            :          * On MDS_NO=1 CPUs if ARCH_CAP_TSX_CTRL_MSR is not set, microcode
     347                 :            :          * update is required.
     348                 :            :          */
     349                 :          0 :         ia32_cap = x86_read_arch_cap_msr();
     350         [ #  # ]:          0 :         if ( (ia32_cap & ARCH_CAP_MDS_NO) &&
     351                 :            :             !(ia32_cap & ARCH_CAP_TSX_CTRL_MSR))
     352                 :          0 :                 taa_mitigation = TAA_MITIGATION_UCODE_NEEDED;
     353                 :            : 
     354                 :            :         /*
     355                 :            :          * TSX is enabled, select alternate mitigation for TAA which is
     356                 :            :          * the same as MDS. Enable MDS static branch to clear CPU buffers.
     357                 :            :          *
     358                 :            :          * For guests that can't determine whether the correct microcode is
     359                 :            :          * present on host, enable the mitigation for UCODE_NEEDED as well.
     360                 :            :          */
     361                 :          0 :         static_branch_enable(&mds_user_clear);
     362                 :            : 
     363   [ #  #  #  # ]:          0 :         if (taa_nosmt || cpu_mitigations_auto_nosmt())
     364                 :          0 :                 cpu_smt_disable(false);
     365                 :            : 
     366                 :            :         /*
     367                 :            :          * Update MDS mitigation, if necessary, as the mds_user_clear is
     368                 :            :          * now enabled for TAA mitigation.
     369                 :            :          */
     370   [ #  #  #  # ]:          0 :         if (mds_mitigation == MDS_MITIGATION_OFF &&
     371                 :            :             boot_cpu_has_bug(X86_BUG_MDS)) {
     372                 :          0 :                 mds_mitigation = MDS_MITIGATION_FULL;
     373                 :          0 :                 mds_select_mitigation();
     374                 :            :         }
     375                 :          0 : out:
     376                 :          0 :         pr_info("%s\n", taa_strings[taa_mitigation]);
     377                 :            : }
     378                 :            : 
     379                 :          0 : static int __init tsx_async_abort_parse_cmdline(char *str)
     380                 :            : {
     381         [ #  # ]:          0 :         if (!boot_cpu_has_bug(X86_BUG_TAA))
     382                 :            :                 return 0;
     383                 :            : 
     384         [ #  # ]:          0 :         if (!str)
     385                 :            :                 return -EINVAL;
     386                 :            : 
     387         [ #  # ]:          0 :         if (!strcmp(str, "off")) {
     388                 :          0 :                 taa_mitigation = TAA_MITIGATION_OFF;
     389         [ #  # ]:          0 :         } else if (!strcmp(str, "full")) {
     390                 :          0 :                 taa_mitigation = TAA_MITIGATION_VERW;
     391         [ #  # ]:          0 :         } else if (!strcmp(str, "full,nosmt")) {
     392                 :          0 :                 taa_mitigation = TAA_MITIGATION_VERW;
     393                 :          0 :                 taa_nosmt = true;
     394                 :            :         }
     395                 :            : 
     396                 :            :         return 0;
     397                 :            : }
     398                 :            : early_param("tsx_async_abort", tsx_async_abort_parse_cmdline);
     399                 :            : 
     400                 :            : #undef pr_fmt
     401                 :            : #define pr_fmt(fmt)     "Spectre V1 : " fmt
     402                 :            : 
     403                 :            : enum spectre_v1_mitigation {
     404                 :            :         SPECTRE_V1_MITIGATION_NONE,
     405                 :            :         SPECTRE_V1_MITIGATION_AUTO,
     406                 :            : };
     407                 :            : 
     408                 :            : static enum spectre_v1_mitigation spectre_v1_mitigation __ro_after_init =
     409                 :            :         SPECTRE_V1_MITIGATION_AUTO;
     410                 :            : 
     411                 :            : static const char * const spectre_v1_strings[] = {
     412                 :            :         [SPECTRE_V1_MITIGATION_NONE] = "Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers",
     413                 :            :         [SPECTRE_V1_MITIGATION_AUTO] = "Mitigation: usercopy/swapgs barriers and __user pointer sanitization",
     414                 :            : };
     415                 :            : 
     416                 :            : /*
     417                 :            :  * Does SMAP provide full mitigation against speculative kernel access to
     418                 :            :  * userspace?
     419                 :            :  */
     420                 :          3 : static bool smap_works_speculatively(void)
     421                 :            : {
     422         [ -  + ]:          3 :         if (!boot_cpu_has(X86_FEATURE_SMAP))
     423                 :            :                 return false;
     424                 :            : 
     425                 :            :         /*
     426                 :            :          * On CPUs which are vulnerable to Meltdown, SMAP does not
     427                 :            :          * prevent speculative access to user data in the L1 cache.
     428                 :            :          * Consider SMAP to be non-functional as a mitigation on these
     429                 :            :          * CPUs.
     430                 :            :          */
     431         [ #  # ]:          0 :         if (boot_cpu_has(X86_BUG_CPU_MELTDOWN))
     432                 :          0 :                 return false;
     433                 :            : 
     434                 :            :         return true;
     435                 :            : }
     436                 :            : 
     437                 :          3 : static void __init spectre_v1_select_mitigation(void)
     438                 :            : {
     439   [ +  -  -  + ]:          3 :         if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) {
     440                 :          0 :                 spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE;
     441                 :          0 :                 return;
     442                 :            :         }
     443                 :            : 
     444         [ +  - ]:          3 :         if (spectre_v1_mitigation == SPECTRE_V1_MITIGATION_AUTO) {
     445                 :            :                 /*
     446                 :            :                  * With Spectre v1, a user can speculatively control either
     447                 :            :                  * path of a conditional swapgs with a user-controlled GS
     448                 :            :                  * value.  The mitigation is to add lfences to both code paths.
     449                 :            :                  *
     450                 :            :                  * If FSGSBASE is enabled, the user can put a kernel address in
     451                 :            :                  * GS, in which case SMAP provides no protection.
     452                 :            :                  *
     453                 :            :                  * [ NOTE: Don't check for X86_FEATURE_FSGSBASE until the
     454                 :            :                  *         FSGSBASE enablement patches have been merged. ]
     455                 :            :                  *
     456                 :            :                  * If FSGSBASE is disabled, the user can only put a user space
     457                 :            :                  * address in GS.  That makes an attack harder, but still
     458                 :            :                  * possible if there's no SMAP protection.
     459                 :            :                  */
     460         [ +  - ]:          3 :                 if (!smap_works_speculatively()) {
     461                 :            :                         /*
     462                 :            :                          * Mitigation can be provided from SWAPGS itself or
     463                 :            :                          * PTI as the CR3 write in the Meltdown mitigation
     464                 :            :                          * is serializing.
     465                 :            :                          *
     466                 :            :                          * If neither is there, mitigate with an LFENCE to
     467                 :            :                          * stop speculation through swapgs.
     468                 :            :                          */
     469   [ -  +  -  - ]:          3 :                         if (boot_cpu_has_bug(X86_BUG_SWAPGS) &&
     470                 :            :                             !boot_cpu_has(X86_FEATURE_PTI))
     471                 :          0 :                                 setup_force_cpu_cap(X86_FEATURE_FENCE_SWAPGS_USER);
     472                 :            : 
     473                 :            :                         /*
     474                 :            :                          * Enable lfences in the kernel entry (non-swapgs)
     475                 :            :                          * paths, to prevent user entry from speculatively
     476                 :            :                          * skipping swapgs.
     477                 :            :                          */
     478                 :          6 :                         setup_force_cpu_cap(X86_FEATURE_FENCE_SWAPGS_KERNEL);
     479                 :            :                 }
     480                 :            :         }
     481                 :            : 
     482                 :          3 :         pr_info("%s\n", spectre_v1_strings[spectre_v1_mitigation]);
     483                 :            : }
     484                 :            : 
     485                 :          0 : static int __init nospectre_v1_cmdline(char *str)
     486                 :            : {
     487                 :          0 :         spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE;
     488                 :          0 :         return 0;
     489                 :            : }
     490                 :            : early_param("nospectre_v1", nospectre_v1_cmdline);
     491                 :            : 
     492                 :            : #undef pr_fmt
     493                 :            : #define pr_fmt(fmt)     "Spectre V2 : " fmt
     494                 :            : 
     495                 :            : static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
     496                 :            :         SPECTRE_V2_NONE;
     497                 :            : 
     498                 :            : static enum spectre_v2_user_mitigation spectre_v2_user __ro_after_init =
     499                 :            :         SPECTRE_V2_USER_NONE;
     500                 :            : 
     501                 :            : #ifdef CONFIG_RETPOLINE
     502                 :            : static bool spectre_v2_bad_module;
     503                 :            : 
     504                 :          9 : bool retpoline_module_ok(bool has_retpoline)
     505                 :            : {
     506   [ +  -  -  + ]:          9 :         if (spectre_v2_enabled == SPECTRE_V2_NONE || has_retpoline)
     507                 :            :                 return true;
     508                 :            : 
     509                 :          0 :         pr_err("System may be vulnerable to spectre v2\n");
     510                 :          0 :         spectre_v2_bad_module = true;
     511                 :          0 :         return false;
     512                 :            : }
     513                 :            : 
     514                 :            : static inline const char *spectre_v2_module_string(void)
     515                 :            : {
     516                 :            :         return spectre_v2_bad_module ? " - vulnerable module loaded" : "";
     517                 :            : }
     518                 :            : #else
     519                 :            : static inline const char *spectre_v2_module_string(void) { return ""; }
     520                 :            : #endif
     521                 :            : 
     522                 :          0 : static inline bool match_option(const char *arg, int arglen, const char *opt)
     523                 :            : {
     524                 :          0 :         int len = strlen(opt);
     525                 :            : 
     526   [ #  #  #  # ]:          0 :         return len == arglen && !strncmp(arg, opt, len);
     527                 :            : }
     528                 :            : 
     529                 :            : /* The kernel command line selection for spectre v2 */
     530                 :            : enum spectre_v2_mitigation_cmd {
     531                 :            :         SPECTRE_V2_CMD_NONE,
     532                 :            :         SPECTRE_V2_CMD_AUTO,
     533                 :            :         SPECTRE_V2_CMD_FORCE,
     534                 :            :         SPECTRE_V2_CMD_RETPOLINE,
     535                 :            :         SPECTRE_V2_CMD_RETPOLINE_GENERIC,
     536                 :            :         SPECTRE_V2_CMD_RETPOLINE_AMD,
     537                 :            : };
     538                 :            : 
     539                 :            : enum spectre_v2_user_cmd {
     540                 :            :         SPECTRE_V2_USER_CMD_NONE,
     541                 :            :         SPECTRE_V2_USER_CMD_AUTO,
     542                 :            :         SPECTRE_V2_USER_CMD_FORCE,
     543                 :            :         SPECTRE_V2_USER_CMD_PRCTL,
     544                 :            :         SPECTRE_V2_USER_CMD_PRCTL_IBPB,
     545                 :            :         SPECTRE_V2_USER_CMD_SECCOMP,
     546                 :            :         SPECTRE_V2_USER_CMD_SECCOMP_IBPB,
     547                 :            : };
     548                 :            : 
     549                 :            : static const char * const spectre_v2_user_strings[] = {
     550                 :            :         [SPECTRE_V2_USER_NONE]                  = "User space: Vulnerable",
     551                 :            :         [SPECTRE_V2_USER_STRICT]                = "User space: Mitigation: STIBP protection",
     552                 :            :         [SPECTRE_V2_USER_STRICT_PREFERRED]      = "User space: Mitigation: STIBP always-on protection",
     553                 :            :         [SPECTRE_V2_USER_PRCTL]                 = "User space: Mitigation: STIBP via prctl",
     554                 :            :         [SPECTRE_V2_USER_SECCOMP]               = "User space: Mitigation: STIBP via seccomp and prctl",
     555                 :            : };
     556                 :            : 
     557                 :            : static const struct {
     558                 :            :         const char                      *option;
     559                 :            :         enum spectre_v2_user_cmd        cmd;
     560                 :            :         bool                            secure;
     561                 :            : } v2_user_options[] __initconst = {
     562                 :            :         { "auto",             SPECTRE_V2_USER_CMD_AUTO,               false },
     563                 :            :         { "off",              SPECTRE_V2_USER_CMD_NONE,               false },
     564                 :            :         { "on",                       SPECTRE_V2_USER_CMD_FORCE,              true  },
     565                 :            :         { "prctl",            SPECTRE_V2_USER_CMD_PRCTL,              false },
     566                 :            :         { "prctl,ibpb",               SPECTRE_V2_USER_CMD_PRCTL_IBPB,         false },
     567                 :            :         { "seccomp",          SPECTRE_V2_USER_CMD_SECCOMP,            false },
     568                 :            :         { "seccomp,ibpb",     SPECTRE_V2_USER_CMD_SECCOMP_IBPB,       false },
     569                 :            : };
     570                 :            : 
     571                 :          0 : static void __init spec_v2_user_print_cond(const char *reason, bool secure)
     572                 :            : {
     573         [ #  # ]:          0 :         if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
     574                 :          0 :                 pr_info("spectre_v2_user=%s forced on command line.\n", reason);
     575                 :          0 : }
     576                 :            : 
     577                 :            : static enum spectre_v2_user_cmd __init
     578                 :          0 : spectre_v2_parse_user_cmdline(enum spectre_v2_mitigation_cmd v2_cmd)
     579                 :            : {
     580                 :          0 :         char arg[20];
     581                 :          0 :         int ret, i;
     582                 :            : 
     583      [ #  #  # ]:          0 :         switch (v2_cmd) {
     584                 :            :         case SPECTRE_V2_CMD_NONE:
     585                 :            :                 return SPECTRE_V2_USER_CMD_NONE;
     586                 :          0 :         case SPECTRE_V2_CMD_FORCE:
     587                 :          0 :                 return SPECTRE_V2_USER_CMD_FORCE;
     588                 :            :         default:
     589                 :          0 :                 break;
     590                 :            :         }
     591                 :            : 
     592                 :          0 :         ret = cmdline_find_option(boot_command_line, "spectre_v2_user",
     593                 :            :                                   arg, sizeof(arg));
     594         [ #  # ]:          0 :         if (ret < 0)
     595                 :            :                 return SPECTRE_V2_USER_CMD_AUTO;
     596                 :            : 
     597         [ #  # ]:          0 :         for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) {
     598         [ #  # ]:          0 :                 if (match_option(arg, ret, v2_user_options[i].option)) {
     599                 :          0 :                         spec_v2_user_print_cond(v2_user_options[i].option,
     600                 :          0 :                                                 v2_user_options[i].secure);
     601                 :          0 :                         return v2_user_options[i].cmd;
     602                 :            :                 }
     603                 :            :         }
     604                 :            : 
     605                 :          0 :         pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg);
     606                 :          0 :         return SPECTRE_V2_USER_CMD_AUTO;
     607                 :            : }
     608                 :            : 
     609                 :            : static void __init
     610                 :          3 : spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
     611                 :            : {
     612                 :          3 :         enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE;
     613                 :          3 :         bool smt_possible = IS_ENABLED(CONFIG_SMP);
     614                 :          3 :         enum spectre_v2_user_cmd cmd;
     615                 :            : 
     616   [ +  -  -  + ]:          6 :         if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP))
     617                 :            :                 return;
     618                 :            : 
     619         [ #  # ]:          0 :         if (cpu_smt_control == CPU_SMT_FORCE_DISABLED ||
     620                 :            :             cpu_smt_control == CPU_SMT_NOT_SUPPORTED)
     621                 :          0 :                 smt_possible = false;
     622                 :            : 
     623                 :          0 :         cmd = spectre_v2_parse_user_cmdline(v2_cmd);
     624   [ #  #  #  #  :          0 :         switch (cmd) {
                      # ]
     625                 :          0 :         case SPECTRE_V2_USER_CMD_NONE:
     626                 :          0 :                 goto set_mode;
     627                 :            :         case SPECTRE_V2_USER_CMD_FORCE:
     628                 :            :                 mode = SPECTRE_V2_USER_STRICT;
     629                 :            :                 break;
     630                 :            :         case SPECTRE_V2_USER_CMD_PRCTL:
     631                 :            :         case SPECTRE_V2_USER_CMD_PRCTL_IBPB:
     632                 :          0 :                 mode = SPECTRE_V2_USER_PRCTL;
     633                 :          0 :                 break;
     634                 :            :         case SPECTRE_V2_USER_CMD_AUTO:
     635                 :            :         case SPECTRE_V2_USER_CMD_SECCOMP:
     636                 :            :         case SPECTRE_V2_USER_CMD_SECCOMP_IBPB:
     637                 :          0 :                 if (IS_ENABLED(CONFIG_SECCOMP))
     638                 :          0 :                         mode = SPECTRE_V2_USER_SECCOMP;
     639                 :            :                 else
     640                 :            :                         mode = SPECTRE_V2_USER_PRCTL;
     641                 :          0 :                 break;
     642                 :            :         }
     643                 :            : 
     644                 :            :         /*
     645                 :            :          * At this point, an STIBP mode other than "off" has been set.
     646                 :            :          * If STIBP support is not being forced, check if STIBP always-on
     647                 :            :          * is preferred.
     648                 :            :          */
     649         [ #  # ]:          0 :         if (mode != SPECTRE_V2_USER_STRICT &&
     650                 :            :             boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON))
     651                 :          0 :                 mode = SPECTRE_V2_USER_STRICT_PREFERRED;
     652                 :            : 
     653                 :            :         /* Initialize Indirect Branch Prediction Barrier */
     654         [ #  # ]:          0 :         if (boot_cpu_has(X86_FEATURE_IBPB)) {
     655                 :          0 :                 setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
     656                 :            : 
     657      [ #  #  # ]:          0 :                 switch (cmd) {
     658                 :          0 :                 case SPECTRE_V2_USER_CMD_FORCE:
     659                 :            :                 case SPECTRE_V2_USER_CMD_PRCTL_IBPB:
     660                 :            :                 case SPECTRE_V2_USER_CMD_SECCOMP_IBPB:
     661                 :          0 :                         static_branch_enable(&switch_mm_always_ibpb);
     662                 :          0 :                         break;
     663                 :          0 :                 case SPECTRE_V2_USER_CMD_PRCTL:
     664                 :            :                 case SPECTRE_V2_USER_CMD_AUTO:
     665                 :            :                 case SPECTRE_V2_USER_CMD_SECCOMP:
     666                 :          0 :                         static_branch_enable(&switch_mm_cond_ibpb);
     667                 :          0 :                         break;
     668                 :            :                 default:
     669                 :            :                         break;
     670                 :            :                 }
     671                 :            : 
     672         [ #  # ]:          0 :                 pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n",
     673                 :            :                         static_key_enabled(&switch_mm_always_ibpb) ?
     674                 :            :                         "always-on" : "conditional");
     675                 :            :         }
     676                 :            : 
     677                 :            :         /* If enhanced IBRS is enabled no STIBP required */
     678         [ #  # ]:          0 :         if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
     679                 :            :                 return;
     680                 :            : 
     681                 :            :         /*
     682                 :            :          * If SMT is not possible or STIBP is not available clear the STIBP
     683                 :            :          * mode.
     684                 :            :          */
     685   [ #  #  #  # ]:          0 :         if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP))
     686                 :            :                 mode = SPECTRE_V2_USER_NONE;
     687                 :          0 : set_mode:
     688                 :          0 :         spectre_v2_user = mode;
     689                 :            :         /* Only print the STIBP mode when SMT possible */
     690         [ #  # ]:          0 :         if (smt_possible)
     691                 :          0 :                 pr_info("%s\n", spectre_v2_user_strings[mode]);
     692                 :            : }
     693                 :            : 
     694                 :            : static const char * const spectre_v2_strings[] = {
     695                 :            :         [SPECTRE_V2_NONE]                       = "Vulnerable",
     696                 :            :         [SPECTRE_V2_RETPOLINE_GENERIC]          = "Mitigation: Full generic retpoline",
     697                 :            :         [SPECTRE_V2_RETPOLINE_AMD]              = "Mitigation: Full AMD retpoline",
     698                 :            :         [SPECTRE_V2_IBRS_ENHANCED]              = "Mitigation: Enhanced IBRS",
     699                 :            : };
     700                 :            : 
     701                 :            : static const struct {
     702                 :            :         const char *option;
     703                 :            :         enum spectre_v2_mitigation_cmd cmd;
     704                 :            :         bool secure;
     705                 :            : } mitigation_options[] __initconst = {
     706                 :            :         { "off",              SPECTRE_V2_CMD_NONE,              false },
     707                 :            :         { "on",                       SPECTRE_V2_CMD_FORCE,             true  },
     708                 :            :         { "retpoline",                SPECTRE_V2_CMD_RETPOLINE,         false },
     709                 :            :         { "retpoline,amd",    SPECTRE_V2_CMD_RETPOLINE_AMD,     false },
     710                 :            :         { "retpoline,generic",        SPECTRE_V2_CMD_RETPOLINE_GENERIC, false },
     711                 :            :         { "auto",             SPECTRE_V2_CMD_AUTO,              false },
     712                 :            : };
     713                 :            : 
     714                 :          0 : static void __init spec_v2_print_cond(const char *reason, bool secure)
     715                 :            : {
     716         [ #  # ]:          0 :         if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
     717                 :          0 :                 pr_info("%s selected on command line.\n", reason);
     718                 :          0 : }
     719                 :            : 
     720                 :          3 : static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
     721                 :            : {
     722                 :          3 :         enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO;
     723                 :          3 :         char arg[20];
     724                 :          3 :         int ret, i;
     725                 :            : 
     726   [ +  -  -  + ]:          6 :         if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") ||
     727                 :          3 :             cpu_mitigations_off())
     728                 :          0 :                 return SPECTRE_V2_CMD_NONE;
     729                 :            : 
     730                 :          3 :         ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
     731         [ -  + ]:          3 :         if (ret < 0)
     732                 :            :                 return SPECTRE_V2_CMD_AUTO;
     733                 :            : 
     734         [ #  # ]:          0 :         for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) {
     735         [ #  # ]:          0 :                 if (!match_option(arg, ret, mitigation_options[i].option))
     736                 :          0 :                         continue;
     737                 :          0 :                 cmd = mitigation_options[i].cmd;
     738                 :          0 :                 break;
     739                 :            :         }
     740                 :            : 
     741         [ #  # ]:          0 :         if (i >= ARRAY_SIZE(mitigation_options)) {
     742                 :          0 :                 pr_err("unknown option (%s). Switching to AUTO select\n", arg);
     743                 :          0 :                 return SPECTRE_V2_CMD_AUTO;
     744                 :            :         }
     745                 :            : 
     746                 :          0 :         if ((cmd == SPECTRE_V2_CMD_RETPOLINE ||
     747                 :            :              cmd == SPECTRE_V2_CMD_RETPOLINE_AMD ||
     748                 :            :              cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC) &&
     749                 :            :             !IS_ENABLED(CONFIG_RETPOLINE)) {
     750                 :            :                 pr_err("%s selected but not compiled in. Switching to AUTO select\n", mitigation_options[i].option);
     751                 :            :                 return SPECTRE_V2_CMD_AUTO;
     752                 :            :         }
     753                 :            : 
     754         [ #  # ]:          0 :         if (cmd == SPECTRE_V2_CMD_RETPOLINE_AMD &&
     755   [ #  #  #  # ]:          0 :             boot_cpu_data.x86_vendor != X86_VENDOR_HYGON &&
     756                 :            :             boot_cpu_data.x86_vendor != X86_VENDOR_AMD) {
     757                 :          0 :                 pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n");
     758                 :          0 :                 return SPECTRE_V2_CMD_AUTO;
     759                 :            :         }
     760                 :            : 
     761                 :          0 :         spec_v2_print_cond(mitigation_options[i].option,
     762                 :          0 :                            mitigation_options[i].secure);
     763                 :          0 :         return cmd;
     764                 :            : }
     765                 :            : 
     766                 :          3 : static void __init spectre_v2_select_mitigation(void)
     767                 :            : {
     768                 :          3 :         enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
     769                 :          3 :         enum spectre_v2_mitigation mode = SPECTRE_V2_NONE;
     770                 :            : 
     771                 :            :         /*
     772                 :            :          * If the CPU is not affected and the command line mode is NONE or AUTO
     773                 :            :          * then nothing to do.
     774                 :            :          */
     775   [ -  +  -  - ]:          3 :         if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) &&
     776                 :            :             (cmd == SPECTRE_V2_CMD_NONE || cmd == SPECTRE_V2_CMD_AUTO))
     777                 :            :                 return;
     778                 :            : 
     779   [ +  -  -  -  :          3 :         switch (cmd) {
                   -  - ]
     780                 :            :         case SPECTRE_V2_CMD_NONE:
     781                 :            :                 return;
     782                 :            : 
     783                 :            :         case SPECTRE_V2_CMD_FORCE:
     784                 :            :         case SPECTRE_V2_CMD_AUTO:
     785         [ -  + ]:          3 :                 if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {
     786                 :          0 :                         mode = SPECTRE_V2_IBRS_ENHANCED;
     787                 :            :                         /* Force it so VMEXIT will restore correctly */
     788                 :          0 :                         x86_spec_ctrl_base |= SPEC_CTRL_IBRS;
     789                 :          0 :                         wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
     790                 :          0 :                         goto specv2_set_mode;
     791                 :            :                 }
     792                 :          3 :                 if (IS_ENABLED(CONFIG_RETPOLINE))
     793                 :          3 :                         goto retpoline_auto;
     794                 :            :                 break;
     795                 :            :         case SPECTRE_V2_CMD_RETPOLINE_AMD:
     796                 :          0 :                 if (IS_ENABLED(CONFIG_RETPOLINE))
     797                 :          0 :                         goto retpoline_amd;
     798                 :            :                 break;
     799                 :            :         case SPECTRE_V2_CMD_RETPOLINE_GENERIC:
     800                 :          0 :                 if (IS_ENABLED(CONFIG_RETPOLINE))
     801                 :          0 :                         goto retpoline_generic;
     802                 :            :                 break;
     803                 :            :         case SPECTRE_V2_CMD_RETPOLINE:
     804                 :          0 :                 if (IS_ENABLED(CONFIG_RETPOLINE))
     805                 :          0 :                         goto retpoline_auto;
     806                 :            :                 break;
     807                 :            :         }
     808                 :          0 :         pr_err("Spectre mitigation: kernel not compiled with retpoline; no mitigation available!");
     809                 :          0 :         return;
     810                 :            : 
     811                 :          3 : retpoline_auto:
     812         [ +  - ]:          3 :         if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
     813                 :            :             boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) {
     814                 :          3 :         retpoline_amd:
     815         [ -  + ]:          3 :                 if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {
     816                 :          0 :                         pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n");
     817                 :          0 :                         goto retpoline_generic;
     818                 :            :                 }
     819                 :          3 :                 mode = SPECTRE_V2_RETPOLINE_AMD;
     820                 :          6 :                 setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD);
     821                 :          6 :                 setup_force_cpu_cap(X86_FEATURE_RETPOLINE);
     822                 :            :         } else {
     823                 :          0 :         retpoline_generic:
     824                 :          0 :                 mode = SPECTRE_V2_RETPOLINE_GENERIC;
     825                 :          0 :                 setup_force_cpu_cap(X86_FEATURE_RETPOLINE);
     826                 :            :         }
     827                 :            : 
     828                 :          3 : specv2_set_mode:
     829                 :          3 :         spectre_v2_enabled = mode;
     830                 :          3 :         pr_info("%s\n", spectre_v2_strings[mode]);
     831                 :            : 
     832                 :            :         /*
     833                 :            :          * If spectre v2 protection has been enabled, unconditionally fill
     834                 :            :          * RSB during a context switch; this protects against two independent
     835                 :            :          * issues:
     836                 :            :          *
     837                 :            :          *      - RSB underflow (and switch to BTB) on Skylake+
     838                 :            :          *      - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs
     839                 :            :          */
     840                 :          6 :         setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
     841                 :          3 :         pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
     842                 :            : 
     843                 :            :         /*
     844                 :            :          * Retpoline means the kernel is safe because it has no indirect
     845                 :            :          * branches. Enhanced IBRS protects firmware too, so, enable restricted
     846                 :            :          * speculation around firmware calls only when Enhanced IBRS isn't
     847                 :            :          * supported.
     848                 :            :          *
     849                 :            :          * Use "mode" to check Enhanced IBRS instead of boot_cpu_has(), because
     850                 :            :          * the user might select retpoline on the kernel command line and if
     851                 :            :          * the CPU supports Enhanced IBRS, kernel might un-intentionally not
     852                 :            :          * enable IBRS around firmware calls.
     853                 :            :          */
     854   [ -  +  -  - ]:          3 :         if (boot_cpu_has(X86_FEATURE_IBRS) && mode != SPECTRE_V2_IBRS_ENHANCED) {
     855                 :          0 :                 setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW);
     856                 :          0 :                 pr_info("Enabling Restricted Speculation for firmware calls\n");
     857                 :            :         }
     858                 :            : 
     859                 :            :         /* Set up IBPB and STIBP depending on the general spectre V2 command */
     860                 :          3 :         spectre_v2_user_select_mitigation(cmd);
     861                 :            : }
     862                 :            : 
     863                 :          0 : static void update_stibp_msr(void * __unused)
     864                 :            : {
     865                 :          0 :         wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
     866                 :          0 : }
     867                 :            : 
     868                 :            : /* Update x86_spec_ctrl_base in case SMT state changed. */
     869                 :          0 : static void update_stibp_strict(void)
     870                 :            : {
     871                 :          0 :         u64 mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP;
     872                 :            : 
     873   [ #  #  #  # ]:          0 :         if (sched_smt_active())
     874                 :          0 :                 mask |= SPEC_CTRL_STIBP;
     875                 :            : 
     876         [ #  # ]:          0 :         if (mask == x86_spec_ctrl_base)
     877                 :            :                 return;
     878                 :            : 
     879         [ #  # ]:          0 :         pr_info("Update user space SMT mitigation: STIBP %s\n",
     880                 :            :                 mask & SPEC_CTRL_STIBP ? "always-on" : "off");
     881                 :          0 :         x86_spec_ctrl_base = mask;
     882                 :          0 :         on_each_cpu(update_stibp_msr, NULL, 1);
     883                 :            : }
     884                 :            : 
     885                 :            : /* Update the static key controlling the evaluation of TIF_SPEC_IB */
     886                 :          0 : static void update_indir_branch_cond(void)
     887                 :            : {
     888   [ #  #  #  # ]:          0 :         if (sched_smt_active())
     889                 :          0 :                 static_branch_enable(&switch_to_cond_stibp);
     890                 :            :         else
     891                 :          0 :                 static_branch_disable(&switch_to_cond_stibp);
     892                 :          0 : }
     893                 :            : 
     894                 :            : #undef pr_fmt
     895                 :            : #define pr_fmt(fmt) fmt
     896                 :            : 
     897                 :            : /* Update the static key controlling the MDS CPU buffer clear in idle */
     898                 :          0 : static void update_mds_branch_idle(void)
     899                 :            : {
     900                 :            :         /*
     901                 :            :          * Enable the idle clearing if SMT is active on CPUs which are
     902                 :            :          * affected only by MSBDS and not any other MDS variant.
     903                 :            :          *
     904                 :            :          * The other variants cannot be mitigated when SMT is enabled, so
     905                 :            :          * clearing the buffers on idle just to prevent the Store Buffer
     906                 :            :          * repartitioning leak would be a window dressing exercise.
     907                 :            :          */
     908         [ #  # ]:          0 :         if (!boot_cpu_has_bug(X86_BUG_MSBDS_ONLY))
     909                 :            :                 return;
     910                 :            : 
     911   [ #  #  #  # ]:          0 :         if (sched_smt_active())
     912                 :          0 :                 static_branch_enable(&mds_idle_clear);
     913                 :            :         else
     914                 :          0 :                 static_branch_disable(&mds_idle_clear);
     915                 :            : }
     916                 :            : 
     917                 :            : #define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n"
     918                 :            : #define TAA_MSG_SMT "TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details.\n"
     919                 :            : 
     920                 :          3 : void cpu_bugs_smt_update(void)
     921                 :            : {
     922                 :          3 :         mutex_lock(&spec_ctrl_mutex);
     923                 :            : 
     924      [ -  -  + ]:          3 :         switch (spectre_v2_user) {
     925                 :            :         case SPECTRE_V2_USER_NONE:
     926                 :            :                 break;
     927                 :          0 :         case SPECTRE_V2_USER_STRICT:
     928                 :            :         case SPECTRE_V2_USER_STRICT_PREFERRED:
     929                 :          0 :                 update_stibp_strict();
     930                 :          0 :                 break;
     931                 :          0 :         case SPECTRE_V2_USER_PRCTL:
     932                 :            :         case SPECTRE_V2_USER_SECCOMP:
     933                 :          0 :                 update_indir_branch_cond();
     934                 :          0 :                 break;
     935                 :            :         }
     936                 :            : 
     937         [ -  + ]:          3 :         switch (mds_mitigation) {
     938                 :            :         case MDS_MITIGATION_FULL:
     939                 :            :         case MDS_MITIGATION_VMWERV:
     940   [ #  #  #  #  :          0 :                 if (sched_smt_active() && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
                   #  # ]
     941         [ #  # ]:          0 :                         pr_warn_once(MDS_MSG_SMT);
     942                 :          0 :                 update_mds_branch_idle();
     943                 :          0 :                 break;
     944                 :            :         case MDS_MITIGATION_OFF:
     945                 :            :                 break;
     946                 :            :         }
     947                 :            : 
     948         [ -  + ]:          3 :         switch (taa_mitigation) {
     949                 :            :         case TAA_MITIGATION_VERW:
     950                 :            :         case TAA_MITIGATION_UCODE_NEEDED:
     951   [ #  #  #  # ]:          0 :                 if (sched_smt_active())
     952         [ #  # ]:          0 :                         pr_warn_once(TAA_MSG_SMT);
     953                 :            :                 break;
     954                 :            :         case TAA_MITIGATION_TSX_DISABLED:
     955                 :            :         case TAA_MITIGATION_OFF:
     956                 :            :                 break;
     957                 :            :         }
     958                 :            : 
     959                 :          3 :         mutex_unlock(&spec_ctrl_mutex);
     960                 :          3 : }
     961                 :            : 
     962                 :            : #undef pr_fmt
     963                 :            : #define pr_fmt(fmt)     "Speculative Store Bypass: " fmt
     964                 :            : 
     965                 :            : static enum ssb_mitigation ssb_mode __ro_after_init = SPEC_STORE_BYPASS_NONE;
     966                 :            : 
     967                 :            : /* The kernel command line selection */
     968                 :            : enum ssb_mitigation_cmd {
     969                 :            :         SPEC_STORE_BYPASS_CMD_NONE,
     970                 :            :         SPEC_STORE_BYPASS_CMD_AUTO,
     971                 :            :         SPEC_STORE_BYPASS_CMD_ON,
     972                 :            :         SPEC_STORE_BYPASS_CMD_PRCTL,
     973                 :            :         SPEC_STORE_BYPASS_CMD_SECCOMP,
     974                 :            : };
     975                 :            : 
     976                 :            : static const char * const ssb_strings[] = {
     977                 :            :         [SPEC_STORE_BYPASS_NONE]        = "Vulnerable",
     978                 :            :         [SPEC_STORE_BYPASS_DISABLE]     = "Mitigation: Speculative Store Bypass disabled",
     979                 :            :         [SPEC_STORE_BYPASS_PRCTL]       = "Mitigation: Speculative Store Bypass disabled via prctl",
     980                 :            :         [SPEC_STORE_BYPASS_SECCOMP]     = "Mitigation: Speculative Store Bypass disabled via prctl and seccomp",
     981                 :            : };
     982                 :            : 
     983                 :            : static const struct {
     984                 :            :         const char *option;
     985                 :            :         enum ssb_mitigation_cmd cmd;
     986                 :            : } ssb_mitigation_options[]  __initconst = {
     987                 :            :         { "auto",     SPEC_STORE_BYPASS_CMD_AUTO },    /* Platform decides */
     988                 :            :         { "on",               SPEC_STORE_BYPASS_CMD_ON },      /* Disable Speculative Store Bypass */
     989                 :            :         { "off",      SPEC_STORE_BYPASS_CMD_NONE },    /* Don't touch Speculative Store Bypass */
     990                 :            :         { "prctl",    SPEC_STORE_BYPASS_CMD_PRCTL },   /* Disable Speculative Store Bypass via prctl */
     991                 :            :         { "seccomp",  SPEC_STORE_BYPASS_CMD_SECCOMP }, /* Disable Speculative Store Bypass via prctl and seccomp */
     992                 :            : };
     993                 :            : 
     994                 :          0 : static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
     995                 :            : {
     996                 :          0 :         enum ssb_mitigation_cmd cmd = SPEC_STORE_BYPASS_CMD_AUTO;
     997                 :          0 :         char arg[20];
     998                 :          0 :         int ret, i;
     999                 :            : 
    1000   [ #  #  #  # ]:          0 :         if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") ||
    1001                 :          0 :             cpu_mitigations_off()) {
    1002                 :          0 :                 return SPEC_STORE_BYPASS_CMD_NONE;
    1003                 :            :         } else {
    1004                 :          0 :                 ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
    1005                 :            :                                           arg, sizeof(arg));
    1006         [ #  # ]:          0 :                 if (ret < 0)
    1007                 :            :                         return SPEC_STORE_BYPASS_CMD_AUTO;
    1008                 :            : 
    1009         [ #  # ]:          0 :                 for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) {
    1010         [ #  # ]:          0 :                         if (!match_option(arg, ret, ssb_mitigation_options[i].option))
    1011                 :          0 :                                 continue;
    1012                 :            : 
    1013                 :          0 :                         cmd = ssb_mitigation_options[i].cmd;
    1014                 :          0 :                         break;
    1015                 :            :                 }
    1016                 :            : 
    1017         [ #  # ]:          0 :                 if (i >= ARRAY_SIZE(ssb_mitigation_options)) {
    1018                 :          0 :                         pr_err("unknown option (%s). Switching to AUTO select\n", arg);
    1019                 :          0 :                         return SPEC_STORE_BYPASS_CMD_AUTO;
    1020                 :            :                 }
    1021                 :            :         }
    1022                 :            : 
    1023                 :            :         return cmd;
    1024                 :            : }
    1025                 :            : 
    1026                 :          3 : static enum ssb_mitigation __init __ssb_select_mitigation(void)
    1027                 :            : {
    1028                 :          3 :         enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE;
    1029                 :          3 :         enum ssb_mitigation_cmd cmd;
    1030                 :            : 
    1031         [ -  + ]:          3 :         if (!boot_cpu_has(X86_FEATURE_SSBD))
    1032                 :            :                 return mode;
    1033                 :            : 
    1034                 :          0 :         cmd = ssb_parse_cmdline();
    1035   [ #  #  #  # ]:          0 :         if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) &&
    1036                 :            :             (cmd == SPEC_STORE_BYPASS_CMD_NONE ||
    1037                 :            :              cmd == SPEC_STORE_BYPASS_CMD_AUTO))
    1038                 :            :                 return mode;
    1039                 :            : 
    1040         [ #  # ]:          0 :         switch (cmd) {
    1041                 :            :         case SPEC_STORE_BYPASS_CMD_AUTO:
    1042                 :            :         case SPEC_STORE_BYPASS_CMD_SECCOMP:
    1043                 :            :                 /*
    1044                 :            :                  * Choose prctl+seccomp as the default mode if seccomp is
    1045                 :            :                  * enabled.
    1046                 :            :                  */
    1047                 :            :                 if (IS_ENABLED(CONFIG_SECCOMP))
    1048                 :            :                         mode = SPEC_STORE_BYPASS_SECCOMP;
    1049                 :            :                 else
    1050                 :            :                         mode = SPEC_STORE_BYPASS_PRCTL;
    1051                 :            :                 break;
    1052                 :            :         case SPEC_STORE_BYPASS_CMD_ON:
    1053                 :            :                 mode = SPEC_STORE_BYPASS_DISABLE;
    1054                 :            :                 break;
    1055                 :            :         case SPEC_STORE_BYPASS_CMD_PRCTL:
    1056                 :            :                 mode = SPEC_STORE_BYPASS_PRCTL;
    1057                 :            :                 break;
    1058                 :            :         case SPEC_STORE_BYPASS_CMD_NONE:
    1059                 :            :                 break;
    1060                 :            :         }
    1061                 :            : 
    1062                 :            :         /*
    1063                 :            :          * If SSBD is controlled by the SPEC_CTRL MSR, then set the proper
    1064                 :            :          * bit in the mask to allow guests to use the mitigation even in the
    1065                 :            :          * case where the host does not enable it.
    1066                 :            :          */
    1067      [ #  #  # ]:          0 :         if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
    1068                 :            :             static_cpu_has(X86_FEATURE_AMD_SSBD)) {
    1069                 :          0 :                 x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
    1070                 :            :         }
    1071                 :            : 
    1072                 :            :         /*
    1073                 :            :          * We have three CPU feature flags that are in play here:
    1074                 :            :          *  - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible.
    1075                 :            :          *  - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass
    1076                 :            :          *  - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation
    1077                 :            :          */
    1078         [ #  # ]:          0 :         if (mode == SPEC_STORE_BYPASS_DISABLE) {
    1079                 :          0 :                 setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE);
    1080                 :            :                 /*
    1081                 :            :                  * Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD may
    1082                 :            :                  * use a completely different MSR and bit dependent on family.
    1083                 :            :                  */
    1084      [ #  #  # ]:          0 :                 if (!static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) &&
    1085                 :            :                     !static_cpu_has(X86_FEATURE_AMD_SSBD)) {
    1086                 :          0 :                         x86_amd_ssb_disable();
    1087                 :            :                 } else {
    1088                 :          0 :                         x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
    1089                 :          0 :                         wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
    1090                 :            :                 }
    1091                 :            :         }
    1092                 :            : 
    1093                 :            :         return mode;
    1094                 :            : }
    1095                 :            : 
    1096                 :          3 : static void ssb_select_mitigation(void)
    1097                 :            : {
    1098                 :          3 :         ssb_mode = __ssb_select_mitigation();
    1099                 :            : 
    1100         [ +  - ]:          3 :         if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
    1101                 :          3 :                 pr_info("%s\n", ssb_strings[ssb_mode]);
    1102                 :          3 : }
    1103                 :            : 
    1104                 :            : #undef pr_fmt
    1105                 :            : #define pr_fmt(fmt)     "Speculation prctl: " fmt
    1106                 :            : 
    1107                 :          0 : static void task_update_spec_tif(struct task_struct *tsk)
    1108                 :            : {
    1109                 :            :         /* Force the update of the real TIF bits */
    1110                 :          0 :         set_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE);
    1111                 :            : 
    1112                 :            :         /*
    1113                 :            :          * Immediately update the speculation control MSRs for the current
    1114                 :            :          * task, but for a non-current task delay setting the CPU
    1115                 :            :          * mitigation until it is scheduled next.
    1116                 :            :          *
    1117                 :            :          * This can only happen for SECCOMP mitigation. For PRCTL it's
    1118                 :            :          * always the current task.
    1119                 :            :          */
    1120         [ #  # ]:          0 :         if (tsk == current)
    1121                 :          0 :                 speculation_ctrl_update_current();
    1122                 :          0 : }
    1123                 :            : 
    1124                 :          0 : static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
    1125                 :            : {
    1126         [ #  # ]:          0 :         if (ssb_mode != SPEC_STORE_BYPASS_PRCTL &&
    1127                 :            :             ssb_mode != SPEC_STORE_BYPASS_SECCOMP)
    1128                 :            :                 return -ENXIO;
    1129                 :            : 
    1130   [ #  #  #  #  :          0 :         switch (ctrl) {
                      # ]
    1131                 :            :         case PR_SPEC_ENABLE:
    1132                 :            :                 /* If speculation is force disabled, enable is not allowed */
    1133         [ #  # ]:          0 :                 if (task_spec_ssb_force_disable(task))
    1134                 :            :                         return -EPERM;
    1135                 :          0 :                 task_clear_spec_ssb_disable(task);
    1136                 :          0 :                 task_clear_spec_ssb_noexec(task);
    1137                 :          0 :                 task_update_spec_tif(task);
    1138                 :          0 :                 break;
    1139                 :            :         case PR_SPEC_DISABLE:
    1140                 :          0 :                 task_set_spec_ssb_disable(task);
    1141                 :          0 :                 task_clear_spec_ssb_noexec(task);
    1142                 :          0 :                 task_update_spec_tif(task);
    1143                 :          0 :                 break;
    1144                 :            :         case PR_SPEC_FORCE_DISABLE:
    1145                 :          0 :                 task_set_spec_ssb_disable(task);
    1146                 :          0 :                 task_set_spec_ssb_force_disable(task);
    1147                 :          0 :                 task_clear_spec_ssb_noexec(task);
    1148                 :          0 :                 task_update_spec_tif(task);
    1149                 :          0 :                 break;
    1150                 :            :         case PR_SPEC_DISABLE_NOEXEC:
    1151         [ #  # ]:          0 :                 if (task_spec_ssb_force_disable(task))
    1152                 :            :                         return -EPERM;
    1153                 :          0 :                 task_set_spec_ssb_disable(task);
    1154                 :          0 :                 task_set_spec_ssb_noexec(task);
    1155                 :          0 :                 task_update_spec_tif(task);
    1156                 :          0 :                 break;
    1157                 :            :         default:
    1158                 :            :                 return -ERANGE;
    1159                 :            :         }
    1160                 :            :         return 0;
    1161                 :            : }
    1162                 :            : 
    1163                 :          0 : static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
    1164                 :            : {
    1165      [ #  #  # ]:          0 :         switch (ctrl) {
    1166                 :          0 :         case PR_SPEC_ENABLE:
    1167         [ #  # ]:          0 :                 if (spectre_v2_user == SPECTRE_V2_USER_NONE)
    1168                 :            :                         return 0;
    1169                 :            :                 /*
    1170                 :            :                  * Indirect branch speculation is always disabled in strict
    1171                 :            :                  * mode.
    1172                 :            :                  */
    1173         [ #  # ]:          0 :                 if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
    1174                 :            :                     spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
    1175                 :            :                         return -EPERM;
    1176                 :          0 :                 task_clear_spec_ib_disable(task);
    1177                 :          0 :                 task_update_spec_tif(task);
    1178                 :          0 :                 break;
    1179                 :          0 :         case PR_SPEC_DISABLE:
    1180                 :            :         case PR_SPEC_FORCE_DISABLE:
    1181                 :            :                 /*
    1182                 :            :                  * Indirect branch speculation is always allowed when
    1183                 :            :                  * mitigation is force disabled.
    1184                 :            :                  */
    1185         [ #  # ]:          0 :                 if (spectre_v2_user == SPECTRE_V2_USER_NONE)
    1186                 :            :                         return -EPERM;
    1187         [ #  # ]:          0 :                 if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
    1188                 :            :                     spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
    1189                 :            :                         return 0;
    1190                 :          0 :                 task_set_spec_ib_disable(task);
    1191         [ #  # ]:          0 :                 if (ctrl == PR_SPEC_FORCE_DISABLE)
    1192                 :          0 :                         task_set_spec_ib_force_disable(task);
    1193                 :          0 :                 task_update_spec_tif(task);
    1194                 :          0 :                 break;
    1195                 :            :         default:
    1196                 :            :                 return -ERANGE;
    1197                 :            :         }
    1198                 :            :         return 0;
    1199                 :            : }
    1200                 :            : 
    1201                 :          0 : int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
    1202                 :            :                              unsigned long ctrl)
    1203                 :            : {
    1204      [ #  #  # ]:          0 :         switch (which) {
    1205                 :          0 :         case PR_SPEC_STORE_BYPASS:
    1206                 :          0 :                 return ssb_prctl_set(task, ctrl);
    1207                 :          0 :         case PR_SPEC_INDIRECT_BRANCH:
    1208                 :          0 :                 return ib_prctl_set(task, ctrl);
    1209                 :            :         default:
    1210                 :            :                 return -ENODEV;
    1211                 :            :         }
    1212                 :            : }
    1213                 :            : 
    1214                 :            : #ifdef CONFIG_SECCOMP
    1215                 :        168 : void arch_seccomp_spec_mitigate(struct task_struct *task)
    1216                 :            : {
    1217         [ -  + ]:        168 :         if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP)
    1218                 :          0 :                 ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
    1219         [ -  + ]:        168 :         if (spectre_v2_user == SPECTRE_V2_USER_SECCOMP)
    1220                 :          0 :                 ib_prctl_set(task, PR_SPEC_FORCE_DISABLE);
    1221                 :        168 : }
    1222                 :            : #endif
    1223                 :            : 
    1224                 :         69 : static int ssb_prctl_get(struct task_struct *task)
    1225                 :            : {
    1226      [ -  +  - ]:         69 :         switch (ssb_mode) {
    1227                 :            :         case SPEC_STORE_BYPASS_DISABLE:
    1228                 :            :                 return PR_SPEC_DISABLE;
    1229                 :            :         case SPEC_STORE_BYPASS_SECCOMP:
    1230                 :            :         case SPEC_STORE_BYPASS_PRCTL:
    1231         [ #  # ]:          0 :                 if (task_spec_ssb_force_disable(task))
    1232                 :            :                         return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
    1233         [ #  # ]:          0 :                 if (task_spec_ssb_noexec(task))
    1234                 :            :                         return PR_SPEC_PRCTL | PR_SPEC_DISABLE_NOEXEC;
    1235         [ #  # ]:          0 :                 if (task_spec_ssb_disable(task))
    1236                 :          0 :                         return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
    1237                 :            :                 return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
    1238                 :            :         default:
    1239         [ +  - ]:         69 :                 if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
    1240                 :         69 :                         return PR_SPEC_ENABLE;
    1241                 :            :                 return PR_SPEC_NOT_AFFECTED;
    1242                 :            :         }
    1243                 :            : }
    1244                 :            : 
    1245                 :          0 : static int ib_prctl_get(struct task_struct *task)
    1246                 :            : {
    1247         [ #  # ]:          0 :         if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
    1248                 :            :                 return PR_SPEC_NOT_AFFECTED;
    1249                 :            : 
    1250   [ #  #  #  # ]:          0 :         switch (spectre_v2_user) {
    1251                 :            :         case SPECTRE_V2_USER_NONE:
    1252                 :            :                 return PR_SPEC_ENABLE;
    1253                 :            :         case SPECTRE_V2_USER_PRCTL:
    1254                 :            :         case SPECTRE_V2_USER_SECCOMP:
    1255         [ #  # ]:          0 :                 if (task_spec_ib_force_disable(task))
    1256                 :            :                         return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
    1257         [ #  # ]:          0 :                 if (task_spec_ib_disable(task))
    1258                 :          0 :                         return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
    1259                 :            :                 return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
    1260                 :          0 :         case SPECTRE_V2_USER_STRICT:
    1261                 :            :         case SPECTRE_V2_USER_STRICT_PREFERRED:
    1262                 :          0 :                 return PR_SPEC_DISABLE;
    1263                 :          0 :         default:
    1264                 :          0 :                 return PR_SPEC_NOT_AFFECTED;
    1265                 :            :         }
    1266                 :            : }
    1267                 :            : 
    1268                 :         69 : int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
    1269                 :            : {
    1270      [ +  -  - ]:         69 :         switch (which) {
    1271                 :         69 :         case PR_SPEC_STORE_BYPASS:
    1272                 :         69 :                 return ssb_prctl_get(task);
    1273                 :          0 :         case PR_SPEC_INDIRECT_BRANCH:
    1274                 :          0 :                 return ib_prctl_get(task);
    1275                 :            :         default:
    1276                 :            :                 return -ENODEV;
    1277                 :            :         }
    1278                 :            : }
    1279                 :            : 
    1280                 :          0 : void x86_spec_ctrl_setup_ap(void)
    1281                 :            : {
    1282         [ #  # ]:          0 :         if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
    1283                 :          0 :                 wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
    1284                 :            : 
    1285         [ #  # ]:          0 :         if (ssb_mode == SPEC_STORE_BYPASS_DISABLE)
    1286                 :          0 :                 x86_amd_ssb_disable();
    1287                 :          0 : }
    1288                 :            : 
    1289                 :            : bool itlb_multihit_kvm_mitigation;
    1290                 :            : EXPORT_SYMBOL_GPL(itlb_multihit_kvm_mitigation);
    1291                 :            : 
    1292                 :            : #undef pr_fmt
    1293                 :            : #define pr_fmt(fmt)     "L1TF: " fmt
    1294                 :            : 
    1295                 :            : /* Default mitigation for L1TF-affected CPUs */
    1296                 :            : enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH;
    1297                 :            : #if IS_ENABLED(CONFIG_KVM_INTEL)
    1298                 :            : EXPORT_SYMBOL_GPL(l1tf_mitigation);
    1299                 :            : #endif
    1300                 :            : enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO;
    1301                 :            : EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation);
    1302                 :            : 
    1303                 :            : /*
    1304                 :            :  * These CPUs all support 44bits physical address space internally in the
    1305                 :            :  * cache but CPUID can report a smaller number of physical address bits.
    1306                 :            :  *
    1307                 :            :  * The L1TF mitigation uses the top most address bit for the inversion of
    1308                 :            :  * non present PTEs. When the installed memory reaches into the top most
    1309                 :            :  * address bit due to memory holes, which has been observed on machines
    1310                 :            :  * which report 36bits physical address bits and have 32G RAM installed,
    1311                 :            :  * then the mitigation range check in l1tf_select_mitigation() triggers.
    1312                 :            :  * This is a false positive because the mitigation is still possible due to
    1313                 :            :  * the fact that the cache uses 44bit internally. Use the cache bits
    1314                 :            :  * instead of the reported physical bits and adjust them on the affected
    1315                 :            :  * machines to 44bit if the reported bits are less than 44.
    1316                 :            :  */
    1317                 :          0 : static void override_cache_bits(struct cpuinfo_x86 *c)
    1318                 :            : {
    1319         [ #  # ]:          0 :         if (c->x86 != 6)
    1320                 :            :                 return;
    1321                 :            : 
    1322         [ #  # ]:          0 :         switch (c->x86_model) {
    1323                 :          0 :         case INTEL_FAM6_NEHALEM:
    1324                 :            :         case INTEL_FAM6_WESTMERE:
    1325                 :            :         case INTEL_FAM6_SANDYBRIDGE:
    1326                 :            :         case INTEL_FAM6_IVYBRIDGE:
    1327                 :            :         case INTEL_FAM6_HASWELL:
    1328                 :            :         case INTEL_FAM6_HASWELL_L:
    1329                 :            :         case INTEL_FAM6_HASWELL_G:
    1330                 :            :         case INTEL_FAM6_BROADWELL:
    1331                 :            :         case INTEL_FAM6_BROADWELL_G:
    1332                 :            :         case INTEL_FAM6_SKYLAKE_L:
    1333                 :            :         case INTEL_FAM6_SKYLAKE:
    1334                 :            :         case INTEL_FAM6_KABYLAKE_L:
    1335                 :            :         case INTEL_FAM6_KABYLAKE:
    1336         [ #  # ]:          0 :                 if (c->x86_cache_bits < 44)
    1337                 :          0 :                         c->x86_cache_bits = 44;
    1338                 :            :                 break;
    1339                 :            :         }
    1340                 :          0 : }
    1341                 :            : 
    1342                 :          3 : static void __init l1tf_select_mitigation(void)
    1343                 :            : {
    1344                 :          3 :         u64 half_pa;
    1345                 :            : 
    1346         [ -  + ]:          3 :         if (!boot_cpu_has_bug(X86_BUG_L1TF))
    1347                 :            :                 return;
    1348                 :            : 
    1349         [ #  # ]:          0 :         if (cpu_mitigations_off())
    1350                 :          0 :                 l1tf_mitigation = L1TF_MITIGATION_OFF;
    1351         [ #  # ]:          0 :         else if (cpu_mitigations_auto_nosmt())
    1352                 :          0 :                 l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT;
    1353                 :            : 
    1354                 :          0 :         override_cache_bits(&boot_cpu_data);
    1355                 :            : 
    1356      [ #  #  # ]:          0 :         switch (l1tf_mitigation) {
    1357                 :            :         case L1TF_MITIGATION_OFF:
    1358                 :            :         case L1TF_MITIGATION_FLUSH_NOWARN:
    1359                 :            :         case L1TF_MITIGATION_FLUSH:
    1360                 :            :                 break;
    1361                 :          0 :         case L1TF_MITIGATION_FLUSH_NOSMT:
    1362                 :            :         case L1TF_MITIGATION_FULL:
    1363                 :          0 :                 cpu_smt_disable(false);
    1364                 :          0 :                 break;
    1365                 :          0 :         case L1TF_MITIGATION_FULL_FORCE:
    1366                 :          0 :                 cpu_smt_disable(true);
    1367                 :          0 :                 break;
    1368                 :            :         }
    1369                 :            : 
    1370                 :            : #if CONFIG_PGTABLE_LEVELS == 2
    1371                 :            :         pr_warn("Kernel not compiled for PAE. No mitigation for L1TF\n");
    1372                 :            :         return;
    1373                 :            : #endif
    1374                 :            : 
    1375         [ #  # ]:          0 :         half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT;
    1376   [ #  #  #  # ]:          0 :         if (l1tf_mitigation != L1TF_MITIGATION_OFF &&
    1377                 :          0 :                         e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) {
    1378                 :          0 :                 pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n");
    1379                 :          0 :                 pr_info("You may make it effective by booting the kernel with mem=%llu parameter.\n",
    1380                 :            :                                 half_pa);
    1381                 :          0 :                 pr_info("However, doing so will make a part of your RAM unusable.\n");
    1382                 :          0 :                 pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html might help you decide.\n");
    1383                 :          0 :                 return;
    1384                 :            :         }
    1385                 :            : 
    1386                 :          0 :         setup_force_cpu_cap(X86_FEATURE_L1TF_PTEINV);
    1387                 :            : }
    1388                 :            : 
    1389                 :          0 : static int __init l1tf_cmdline(char *str)
    1390                 :            : {
    1391         [ #  # ]:          0 :         if (!boot_cpu_has_bug(X86_BUG_L1TF))
    1392                 :            :                 return 0;
    1393                 :            : 
    1394         [ #  # ]:          0 :         if (!str)
    1395                 :            :                 return -EINVAL;
    1396                 :            : 
    1397         [ #  # ]:          0 :         if (!strcmp(str, "off"))
    1398                 :          0 :                 l1tf_mitigation = L1TF_MITIGATION_OFF;
    1399         [ #  # ]:          0 :         else if (!strcmp(str, "flush,nowarn"))
    1400                 :          0 :                 l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOWARN;
    1401         [ #  # ]:          0 :         else if (!strcmp(str, "flush"))
    1402                 :          0 :                 l1tf_mitigation = L1TF_MITIGATION_FLUSH;
    1403         [ #  # ]:          0 :         else if (!strcmp(str, "flush,nosmt"))
    1404                 :          0 :                 l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT;
    1405         [ #  # ]:          0 :         else if (!strcmp(str, "full"))
    1406                 :          0 :                 l1tf_mitigation = L1TF_MITIGATION_FULL;
    1407         [ #  # ]:          0 :         else if (!strcmp(str, "full,force"))
    1408                 :          0 :                 l1tf_mitigation = L1TF_MITIGATION_FULL_FORCE;
    1409                 :            : 
    1410                 :            :         return 0;
    1411                 :            : }
    1412                 :            : early_param("l1tf", l1tf_cmdline);
    1413                 :            : 
    1414                 :            : #undef pr_fmt
    1415                 :            : #define pr_fmt(fmt) fmt
    1416                 :            : 
    1417                 :            : #ifdef CONFIG_SYSFS
    1418                 :            : 
    1419                 :            : #define L1TF_DEFAULT_MSG "Mitigation: PTE Inversion"
    1420                 :            : 
    1421                 :            : #if IS_ENABLED(CONFIG_KVM_INTEL)
    1422                 :            : static const char * const l1tf_vmx_states[] = {
    1423                 :            :         [VMENTER_L1D_FLUSH_AUTO]                = "auto",
    1424                 :            :         [VMENTER_L1D_FLUSH_NEVER]               = "vulnerable",
    1425                 :            :         [VMENTER_L1D_FLUSH_COND]                = "conditional cache flushes",
    1426                 :            :         [VMENTER_L1D_FLUSH_ALWAYS]              = "cache flushes",
    1427                 :            :         [VMENTER_L1D_FLUSH_EPT_DISABLED]        = "EPT disabled",
    1428                 :            :         [VMENTER_L1D_FLUSH_NOT_REQUIRED]        = "flush not necessary"
    1429                 :            : };
    1430                 :            : 
    1431                 :            : static ssize_t l1tf_show_state(char *buf)
    1432                 :            : {
    1433                 :            :         if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO)
    1434                 :            :                 return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG);
    1435                 :            : 
    1436                 :            :         if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED ||
    1437                 :            :             (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER &&
    1438                 :            :              sched_smt_active())) {
    1439                 :            :                 return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG,
    1440                 :            :                                l1tf_vmx_states[l1tf_vmx_mitigation]);
    1441                 :            :         }
    1442                 :            : 
    1443                 :            :         return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG,
    1444                 :            :                        l1tf_vmx_states[l1tf_vmx_mitigation],
    1445                 :            :                        sched_smt_active() ? "vulnerable" : "disabled");
    1446                 :            : }
    1447                 :            : 
    1448                 :            : static ssize_t itlb_multihit_show_state(char *buf)
    1449                 :            : {
    1450                 :            :         if (itlb_multihit_kvm_mitigation)
    1451                 :            :                 return sprintf(buf, "KVM: Mitigation: Split huge pages\n");
    1452                 :            :         else
    1453                 :            :                 return sprintf(buf, "KVM: Vulnerable\n");
    1454                 :            : }
    1455                 :            : #else
    1456                 :            : static ssize_t l1tf_show_state(char *buf)
    1457                 :            : {
    1458                 :            :         return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG);
    1459                 :            : }
    1460                 :            : 
    1461                 :            : static ssize_t itlb_multihit_show_state(char *buf)
    1462                 :            : {
    1463                 :            :         return sprintf(buf, "Processor vulnerable\n");
    1464                 :            : }
    1465                 :            : #endif
    1466                 :            : 
    1467                 :          0 : static ssize_t mds_show_state(char *buf)
    1468                 :            : {
    1469         [ #  # ]:          0 :         if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
    1470                 :          0 :                 return sprintf(buf, "%s; SMT Host state unknown\n",
    1471                 :            :                                mds_strings[mds_mitigation]);
    1472                 :            :         }
    1473                 :            : 
    1474         [ #  # ]:          0 :         if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) {
    1475                 :          0 :                 return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],
    1476         [ #  # ]:          0 :                                (mds_mitigation == MDS_MITIGATION_OFF ? "vulnerable" :
    1477         [ #  # ]:          0 :                                 sched_smt_active() ? "mitigated" : "disabled"));
    1478                 :            :         }
    1479                 :            : 
    1480   [ #  #  #  # ]:          0 :         return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],
    1481                 :            :                        sched_smt_active() ? "vulnerable" : "disabled");
    1482                 :            : }
    1483                 :            : 
    1484                 :          0 : static ssize_t tsx_async_abort_show_state(char *buf)
    1485                 :            : {
    1486         [ #  # ]:          0 :         if ((taa_mitigation == TAA_MITIGATION_TSX_DISABLED) ||
    1487                 :            :             (taa_mitigation == TAA_MITIGATION_OFF))
    1488                 :          0 :                 return sprintf(buf, "%s\n", taa_strings[taa_mitigation]);
    1489                 :            : 
    1490         [ #  # ]:          0 :         if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
    1491                 :          0 :                 return sprintf(buf, "%s; SMT Host state unknown\n",
    1492                 :            :                                taa_strings[taa_mitigation]);
    1493                 :            :         }
    1494                 :            : 
    1495   [ #  #  #  # ]:          0 :         return sprintf(buf, "%s; SMT %s\n", taa_strings[taa_mitigation],
    1496                 :            :                        sched_smt_active() ? "vulnerable" : "disabled");
    1497                 :            : }
    1498                 :            : 
    1499                 :          0 : static char *stibp_state(void)
    1500                 :            : {
    1501         [ #  # ]:          0 :         if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
    1502                 :            :                 return "";
    1503                 :            : 
    1504   [ #  #  #  #  :          0 :         switch (spectre_v2_user) {
                      # ]
    1505                 :            :         case SPECTRE_V2_USER_NONE:
    1506                 :            :                 return ", STIBP: disabled";
    1507                 :          0 :         case SPECTRE_V2_USER_STRICT:
    1508                 :          0 :                 return ", STIBP: forced";
    1509                 :          0 :         case SPECTRE_V2_USER_STRICT_PREFERRED:
    1510                 :          0 :                 return ", STIBP: always-on";
    1511                 :            :         case SPECTRE_V2_USER_PRCTL:
    1512                 :            :         case SPECTRE_V2_USER_SECCOMP:
    1513         [ #  # ]:          0 :                 if (static_key_enabled(&switch_to_cond_stibp))
    1514                 :          0 :                         return ", STIBP: conditional";
    1515                 :            :         }
    1516                 :            :         return "";
    1517                 :            : }
    1518                 :            : 
    1519                 :          0 : static char *ibpb_state(void)
    1520                 :            : {
    1521         [ #  # ]:          0 :         if (boot_cpu_has(X86_FEATURE_IBPB)) {
    1522         [ #  # ]:          0 :                 if (static_key_enabled(&switch_mm_always_ibpb))
    1523                 :            :                         return ", IBPB: always-on";
    1524         [ #  # ]:          0 :                 if (static_key_enabled(&switch_mm_cond_ibpb))
    1525                 :            :                         return ", IBPB: conditional";
    1526                 :          0 :                 return ", IBPB: disabled";
    1527                 :            :         }
    1528                 :            :         return "";
    1529                 :            : }
    1530                 :            : 
    1531                 :            : static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
    1532                 :            :                                char *buf, unsigned int bug)
    1533                 :            : {
    1534                 :            :         if (!boot_cpu_has_bug(bug))
    1535                 :            :                 return sprintf(buf, "Not affected\n");
    1536                 :            : 
    1537                 :            :         switch (bug) {
    1538                 :            :         case X86_BUG_CPU_MELTDOWN:
    1539                 :            :                 if (boot_cpu_has(X86_FEATURE_PTI))
    1540                 :            :                         return sprintf(buf, "Mitigation: PTI\n");
    1541                 :            : 
    1542                 :            :                 if (hypervisor_is_type(X86_HYPER_XEN_PV))
    1543                 :            :                         return sprintf(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n");
    1544                 :            : 
    1545                 :            :                 break;
    1546                 :            : 
    1547                 :            :         case X86_BUG_SPECTRE_V1:
    1548                 :            :                 return sprintf(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]);
    1549                 :            : 
    1550                 :            :         case X86_BUG_SPECTRE_V2:
    1551                 :            :                 return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
    1552                 :            :                                ibpb_state(),
    1553                 :            :                                boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
    1554                 :            :                                stibp_state(),
    1555                 :            :                                boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "",
    1556                 :            :                                spectre_v2_module_string());
    1557                 :            : 
    1558                 :            :         case X86_BUG_SPEC_STORE_BYPASS:
    1559                 :            :                 return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
    1560                 :            : 
    1561                 :            :         case X86_BUG_L1TF:
    1562                 :            :                 if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV))
    1563                 :            :                         return l1tf_show_state(buf);
    1564                 :            :                 break;
    1565                 :            : 
    1566                 :            :         case X86_BUG_MDS:
    1567                 :            :                 return mds_show_state(buf);
    1568                 :            : 
    1569                 :            :         case X86_BUG_TAA:
    1570                 :            :                 return tsx_async_abort_show_state(buf);
    1571                 :            : 
    1572                 :            :         case X86_BUG_ITLB_MULTIHIT:
    1573                 :            :                 return itlb_multihit_show_state(buf);
    1574                 :            : 
    1575                 :            :         default:
    1576                 :            :                 break;
    1577                 :            :         }
    1578                 :            : 
    1579                 :            :         return sprintf(buf, "Vulnerable\n");
    1580                 :            : }
    1581                 :            : 
    1582                 :          0 : ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
    1583                 :            : {
    1584                 :          0 :         return cpu_show_common(dev, attr, buf, X86_BUG_CPU_MELTDOWN);
    1585                 :            : }
    1586                 :            : 
    1587                 :          0 : ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
    1588                 :            : {
    1589                 :          0 :         return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V1);
    1590                 :            : }
    1591                 :            : 
    1592                 :          0 : ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
    1593                 :            : {
    1594                 :          0 :         return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V2);
    1595                 :            : }
    1596                 :            : 
    1597                 :          0 : ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf)
    1598                 :            : {
    1599                 :          0 :         return cpu_show_common(dev, attr, buf, X86_BUG_SPEC_STORE_BYPASS);
    1600                 :            : }
    1601                 :            : 
    1602                 :          0 : ssize_t cpu_show_l1tf(struct device *dev, struct device_attribute *attr, char *buf)
    1603                 :            : {
    1604                 :          0 :         return cpu_show_common(dev, attr, buf, X86_BUG_L1TF);
    1605                 :            : }
    1606                 :            : 
    1607                 :          0 : ssize_t cpu_show_mds(struct device *dev, struct device_attribute *attr, char *buf)
    1608                 :            : {
    1609                 :          0 :         return cpu_show_common(dev, attr, buf, X86_BUG_MDS);
    1610                 :            : }
    1611                 :            : 
    1612                 :          0 : ssize_t cpu_show_tsx_async_abort(struct device *dev, struct device_attribute *attr, char *buf)
    1613                 :            : {
    1614                 :          0 :         return cpu_show_common(dev, attr, buf, X86_BUG_TAA);
    1615                 :            : }
    1616                 :            : 
    1617                 :          0 : ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr, char *buf)
    1618                 :            : {
    1619                 :          0 :         return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT);
    1620                 :            : }
    1621                 :            : #endif

Generated by: LCOV version 1.14