[PATCH v3 01/35] x86/bugs: Add X86_BUG_SPECTRE_V2_USER

From: David Kaplan
Date: Wed Jan 08 2025 - 15:25:55 EST

Next message: David Kaplan: "[PATCH v3 02/35] x86/bugs: Relocate mds/taa/mmio/rfds defines"
Previous message: David Kaplan: "[PATCH v3 00/35] x86/bugs: Attack vector controls"
In reply to: David Kaplan: "[PATCH v3 00/35] x86/bugs: Attack vector controls"
Next in thread: David Kaplan: "[PATCH v3 02/35] x86/bugs: Relocate mds/taa/mmio/rfds defines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

All CPU vulnerabilities with command line options map to a single
X86_BUG bit except for Spectre V2 where both the spectre_v2 and
spectre_v2_user command line options are related to the same bug. The
spectre_v2 command line options mostly relate to user->kernel and
guest->host mitigations, while the spectre_v2_user command line options
relate to user->user or guest->guest protections.

Define a new X86_BUG bit for spectre_v2_user so each
*_select_mitigation() function in bugs.c is related to a unique X86_BUG
bit.

Signed-off-by: David Kaplan <david.kaplan@xxxxxxx>
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/kernel/cpu/common.c | 4 +++-
2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 508c0dad116b..f77073507647 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -534,4 +534,5 @@
#define X86_BUG_RFDS X86_BUG(1*32 + 2) /* "rfds" CPU is vulnerable to Register File Data Sampling */
#define X86_BUG_BHI X86_BUG(1*32 + 3) /* "bhi" CPU is affected by Branch History Injection */
#define X86_BUG_IBPB_NO_RET X86_BUG(1*32 + 4) /* "ibpb_no_ret" IBPB omits return target predictions */
+#define X86_BUG_SPECTRE_V2_USER X86_BUG(1*32 + 5) /* "spectre_v2_user" CPU is affected by Spectre variant 2 attack between user processes */
#endif /* _ASM_X86_CPUFEATURES_H */
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 7cce91b19fb2..1e80d76dc9c1 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1331,8 +1331,10 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)

setup_force_cpu_bug(X86_BUG_SPECTRE_V1);

- if (!cpu_matches(cpu_vuln_whitelist, NO_SPECTRE_V2))
+ if (!cpu_matches(cpu_vuln_whitelist, NO_SPECTRE_V2)) {
setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
+ setup_force_cpu_bug(X86_BUG_SPECTRE_V2_USER);
+ }

if (!cpu_matches(cpu_vuln_whitelist, NO_SSB) &&
!(x86_arch_cap_msr & ARCH_CAP_SSB_NO) &&
--
2.34.1

Next message: David Kaplan: "[PATCH v3 02/35] x86/bugs: Relocate mds/taa/mmio/rfds defines"
Previous message: David Kaplan: "[PATCH v3 00/35] x86/bugs: Attack vector controls"
In reply to: David Kaplan: "[PATCH v3 00/35] x86/bugs: Attack vector controls"
Next in thread: David Kaplan: "[PATCH v3 02/35] x86/bugs: Relocate mds/taa/mmio/rfds defines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]