Re: [PATCH PATCH v2 8/9] x86/bugs: Declutter vulnerable CPU list

From: Josh Poimboeuf
Date: Tue Jul 02 2024 - 21:00:37 EST

Next message: Jarkko Sakkinen: "Re: [PATCH] tpm: Limit TCG_TPM2_HMAC to known good drivers"
Previous message: Jarkko Sakkinen: "Re: [PATCH] tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session support"
Next in thread: Pawan Gupta: "Re: [PATCH PATCH v2 8/9] x86/bugs: Declutter vulnerable CPU list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 27, 2024 at 01:44:48PM -0700, Pawan Gupta wrote:
> The affected processor table has a lot of repetition and redundant
> information that can be omitted. For example:
>
> VULNBL_INTEL_STEPPINGS(INTEL_IVYBRIDGE, X86_STEPPING_ANY, SRBDS),
>
> can easily be simplified to:
>
> VULNBL_INTEL(IVYBRIDGE, SRBDS),
>
> Apply this to all the entries in the affected processor table.
>
> No functional change. Disassembly of arch/x86/kernel/cpu/common.o does not
> show any difference before and after the change.

This patch only changes data, not code. So there's not much point in
diffing the disassembly ;-)

A diff of the .init.rodata sections actually shows one (non-functional)
difference in cpu_vuln_blacklist[].

The COMETLAKE_L entries were moved to a new section below the rest of
the entries:

/* Match more than Vendor/Family/Model */
VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x0, 0x0), MMIO | RETBLEED),
VULNBL_INTEL (COMETLAKE_L, MMIO | MMIO_SBDS | RETBLEED | GDS),

While that's functionally correct, it breaks the visual sorting, which
is confusing and even a bit dangerous. One would reasonably expect the
COMETLAKE_L entries to come immediately after COMETLAKE, so it would be
quite possible for somebody to come along later and add a new
COMETLAKE_L there which conflicts with the later entries.

I'd much rather leave the STEPPINGS entry in the original list where it
belongs. Something like:

...
VULNBL_INTEL(ICELAKE_L, MMIO | MMIO_SBDS | RETBLEED | GDS),
VULNBL_INTEL(ICELAKE_D, MMIO | GDS),
VULNBL_INTEL(ICELAKE_X, MMIO | GDS),
VULNBL_INTEL(COMETLAKE, MMIO | MMIO_SBDS | RETBLEED | GDS),
VULNBL_INTEL_STEPPINGS(COMETLAKE_L,
X86_STEPPINGS(0x0, 0x0),
MMIO | RETBLEED),
VULNBL_INTEL(COMETLAKE_L, MMIO | MMIO_SBDS | RETBLEED | GDS),
VULNBL_INTEL(TIGERLAKE_L, GDS),
VULNBL_INTEL(TIGERLAKE, GDS),
...

Yes, that's a little ugly, but at least the sorting is correct so it's
less confusing and more robust overall.

--
Josh

Next message: Jarkko Sakkinen: "Re: [PATCH] tpm: Limit TCG_TPM2_HMAC to known good drivers"
Previous message: Jarkko Sakkinen: "Re: [PATCH] tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session support"
Next in thread: Pawan Gupta: "Re: [PATCH PATCH v2 8/9] x86/bugs: Declutter vulnerable CPU list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]