Merge tag 'x86-urgent-2022-04-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

+2 -2

arch/x86/include/asm/msr-index.h

··· 128 128 #define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */ 129 129 #define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */ 130 130 131 - /* SRBDS support */ 132 131 #define MSR_IA32_MCU_OPT_CTRL 0x00000123 133 - #define RNGDS_MITG_DIS BIT(0) 132 + #define RNGDS_MITG_DIS BIT(0) /* SRBDS support */ 133 + #define RTM_ALLOW BIT(1) /* TSX development mode */ 134 134 135 135 #define MSR_IA32_SYSENTER_CS 0x00000174 136 136 #define MSR_IA32_SYSENTER_ESP 0x00000175

+2

arch/x86/kernel/cpu/common.c

··· 1855 1855 validate_apic_and_package_id(c); 1856 1856 x86_spec_ctrl_setup_ap(); 1857 1857 update_srbds_msr(); 1858 + 1859 + tsx_ap_init(); 1858 1860 } 1859 1861 1860 1862 static __init int setup_noclflush(char *arg)

+2 -3

arch/x86/kernel/cpu/cpu.h

··· 55 55 extern __ro_after_init enum tsx_ctrl_states tsx_ctrl_state; 56 56 57 57 extern void __init tsx_init(void); 58 - extern void tsx_enable(void); 59 - extern void tsx_disable(void); 60 - extern void tsx_clear_cpuid(void); 58 + void tsx_ap_init(void); 61 59 #else 62 60 static inline void tsx_init(void) { } 61 + static inline void tsx_ap_init(void) { } 63 62 #endif /* CONFIG_CPU_SUP_INTEL */ 64 63 65 64 extern void get_cpu_cap(struct cpuinfo_x86 *c);

-7

arch/x86/kernel/cpu/intel.c

··· 717 717 718 718 init_intel_misc_features(c); 719 719 720 - if (tsx_ctrl_state == TSX_CTRL_ENABLE) 721 - tsx_enable(); 722 - else if (tsx_ctrl_state == TSX_CTRL_DISABLE) 723 - tsx_disable(); 724 - else if (tsx_ctrl_state == TSX_CTRL_RTM_ALWAYS_ABORT) 725 - tsx_clear_cpuid(); 726 - 727 720 split_lock_init(); 728 721 bus_lock_init(); 729 722

+94 -10

arch/x86/kernel/cpu/tsx.c

··· 19 19 20 20 enum tsx_ctrl_states tsx_ctrl_state __ro_after_init = TSX_CTRL_NOT_SUPPORTED; 21 21 22 - void tsx_disable(void) 22 + static void tsx_disable(void) 23 23 { 24 24 u64 tsx; 25 25 ··· 39 39 wrmsrl(MSR_IA32_TSX_CTRL, tsx); 40 40 } 41 41 42 - void tsx_enable(void) 42 + static void tsx_enable(void) 43 43 { 44 44 u64 tsx; 45 45 ··· 58 58 wrmsrl(MSR_IA32_TSX_CTRL, tsx); 59 59 } 60 60 61 - static bool __init tsx_ctrl_is_supported(void) 61 + static bool tsx_ctrl_is_supported(void) 62 62 { 63 63 u64 ia32_cap = x86_read_arch_cap_msr(); 64 64 ··· 84 84 return TSX_CTRL_ENABLE; 85 85 } 86 86 87 - void tsx_clear_cpuid(void) 87 + /* 88 + * Disabling TSX is not a trivial business. 89 + * 90 + * First of all, there's a CPUID bit: X86_FEATURE_RTM_ALWAYS_ABORT 91 + * which says that TSX is practically disabled (all transactions are 92 + * aborted by default). When that bit is set, the kernel unconditionally 93 + * disables TSX. 94 + * 95 + * In order to do that, however, it needs to dance a bit: 96 + * 97 + * 1. The first method to disable it is through MSR_TSX_FORCE_ABORT and 98 + * the MSR is present only when *two* CPUID bits are set: 99 + * 100 + * - X86_FEATURE_RTM_ALWAYS_ABORT 101 + * - X86_FEATURE_TSX_FORCE_ABORT 102 + * 103 + * 2. The second method is for CPUs which do not have the above-mentioned 104 + * MSR: those use a different MSR - MSR_IA32_TSX_CTRL and disable TSX 105 + * through that one. Those CPUs can also have the initially mentioned 106 + * CPUID bit X86_FEATURE_RTM_ALWAYS_ABORT set and for those the same strategy 107 + * applies: TSX gets disabled unconditionally. 108 + * 109 + * When either of the two methods are present, the kernel disables TSX and 110 + * clears the respective RTM and HLE feature flags. 111 + * 112 + * An additional twist in the whole thing presents late microcode loading 113 + * which, when done, may cause for the X86_FEATURE_RTM_ALWAYS_ABORT CPUID 114 + * bit to be set after the update. 115 + * 116 + * A subsequent hotplug operation on any logical CPU except the BSP will 117 + * cause for the supported CPUID feature bits to get re-detected and, if 118 + * RTM and HLE get cleared all of a sudden, but, userspace did consult 119 + * them before the update, then funny explosions will happen. Long story 120 + * short: the kernel doesn't modify CPUID feature bits after booting. 121 + * 122 + * That's why, this function's call in init_intel() doesn't clear the 123 + * feature flags. 124 + */ 125 + static void tsx_clear_cpuid(void) 88 126 { 89 127 u64 msr; 90 128 ··· 135 97 rdmsrl(MSR_TSX_FORCE_ABORT, msr); 136 98 msr |= MSR_TFA_TSX_CPUID_CLEAR; 137 99 wrmsrl(MSR_TSX_FORCE_ABORT, msr); 100 + } else if (tsx_ctrl_is_supported()) { 101 + rdmsrl(MSR_IA32_TSX_CTRL, msr); 102 + msr |= TSX_CTRL_CPUID_CLEAR; 103 + wrmsrl(MSR_IA32_TSX_CTRL, msr); 104 + } 105 + } 106 + 107 + /* 108 + * Disable TSX development mode 109 + * 110 + * When the microcode released in Feb 2022 is applied, TSX will be disabled by 111 + * default on some processors. MSR 0x122 (TSX_CTRL) and MSR 0x123 112 + * (IA32_MCU_OPT_CTRL) can be used to re-enable TSX for development, doing so is 113 + * not recommended for production deployments. In particular, applying MD_CLEAR 114 + * flows for mitigation of the Intel TSX Asynchronous Abort (TAA) transient 115 + * execution attack may not be effective on these processors when Intel TSX is 116 + * enabled with updated microcode. 117 + */ 118 + static void tsx_dev_mode_disable(void) 119 + { 120 + u64 mcu_opt_ctrl; 121 + 122 + /* Check if RTM_ALLOW exists */ 123 + if (!boot_cpu_has_bug(X86_BUG_TAA) || !tsx_ctrl_is_supported() || 124 + !cpu_feature_enabled(X86_FEATURE_SRBDS_CTRL)) 125 + return; 126 + 127 + rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_opt_ctrl); 128 + 129 + if (mcu_opt_ctrl & RTM_ALLOW) { 130 + mcu_opt_ctrl &= ~RTM_ALLOW; 131 + wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_opt_ctrl); 132 + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); 138 133 } 139 134 } 140 135 ··· 176 105 char arg[5] = {}; 177 106 int ret; 178 107 108 + tsx_dev_mode_disable(); 109 + 179 110 /* 180 - * Hardware will always abort a TSX transaction if both CPUID bits 181 - * RTM_ALWAYS_ABORT and TSX_FORCE_ABORT are set. In this case, it is 182 - * better not to enumerate CPUID.RTM and CPUID.HLE bits. Clear them 183 - * here. 111 + * Hardware will always abort a TSX transaction when the CPUID bit 112 + * RTM_ALWAYS_ABORT is set. In this case, it is better not to enumerate 113 + * CPUID.RTM and CPUID.HLE bits. Clear them here. 184 114 */ 185 - if (boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) && 186 - boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT)) { 115 + if (boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT)) { 187 116 tsx_ctrl_state = TSX_CTRL_RTM_ALWAYS_ABORT; 188 117 tsx_clear_cpuid(); 189 118 setup_clear_cpu_cap(X86_FEATURE_RTM); ··· 245 174 setup_force_cpu_cap(X86_FEATURE_RTM); 246 175 setup_force_cpu_cap(X86_FEATURE_HLE); 247 176 } 177 + } 178 + 179 + void tsx_ap_init(void) 180 + { 181 + tsx_dev_mode_disable(); 182 + 183 + if (tsx_ctrl_state == TSX_CTRL_ENABLE) 184 + tsx_enable(); 185 + else if (tsx_ctrl_state == TSX_CTRL_DISABLE) 186 + tsx_disable(); 187 + else if (tsx_ctrl_state == TSX_CTRL_RTM_ALWAYS_ABORT) 188 + /* See comment over that function for more details. */ 189 + tsx_clear_cpuid(); 248 190 }

+2 -2

tools/arch/x86/include/asm/msr-index.h

··· 128 128 #define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */ 129 129 #define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */ 130 130 131 - /* SRBDS support */ 132 131 #define MSR_IA32_MCU_OPT_CTRL 0x00000123 133 - #define RNGDS_MITG_DIS BIT(0) 132 + #define RNGDS_MITG_DIS BIT(0) /* SRBDS support */ 133 + #define RTM_ALLOW BIT(1) /* TSX development mode */ 134 134 135 135 #define MSR_IA32_SYSENTER_CS 0x00000174 136 136 #define MSR_IA32_SYSENTER_ESP 0x00000175

Configure Feed

Configure Feed