Commit 203d81f8 authored by David Kaplan's avatar David Kaplan Committed by Borislav Petkov (AMD)
Browse files

x86/bugs: Restructure RFDS mitigation 



Restructure RFDS mitigation to use select/update/apply functions to
create consistent vulnerability handling.

  [ bp: Rename the oneline helper to what it checks. ]

Signed-off-by: default avatarDavid Kaplan <david.kaplan@amd.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/20250418161721.1855190-5-david.kaplan@amd.com
parent 4a5a04e6

arch/x86/kernel/cpu/bugs.c

+36 −5
Original line number Diff line number Diff line
@@ -70,6 +70,9 @@ static void __init taa_apply_mitigation(void); 
static void __init mmio_select_mitigation(void);

static void __init mmio_update_mitigation(void);

static void __init mmio_apply_mitigation(void);

static void __init rfds_select_mitigation(void);

static void __init rfds_update_mitigation(void);

static void __init rfds_apply_mitigation(void);

static void __init srbds_select_mitigation(void);

static void __init l1d_flush_select_mitigation(void);

static void __init srso_select_mitigation(void);
@@ -200,6 +203,7 @@ void __init cpu_select_mitigations(void) 
	mds_select_mitigation();

	taa_select_mitigation();

	mmio_select_mitigation();

	rfds_select_mitigation();

	md_clear_select_mitigation();

	srbds_select_mitigation();

	l1d_flush_select_mitigation();
@@ -218,10 +222,12 @@ void __init cpu_select_mitigations(void) 
	mds_update_mitigation();

	taa_update_mitigation();

	mmio_update_mitigation();

	rfds_update_mitigation();



	mds_apply_mitigation();

	taa_apply_mitigation();

	mmio_apply_mitigation();

	rfds_apply_mitigation();

}



/*
@@ -624,24 +630,50 @@ static const char * const rfds_strings[] = { 
	[RFDS_MITIGATION_UCODE_NEEDED]		= "Vulnerable: No microcode",

};



static inline bool __init verw_clears_cpu_reg_file(void)

{

	return (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR);

}



static void __init rfds_select_mitigation(void)

{

	if (!boot_cpu_has_bug(X86_BUG_RFDS) || cpu_mitigations_off()) {

		rfds_mitigation = RFDS_MITIGATION_OFF;

		return;

	}



	if (rfds_mitigation == RFDS_MITIGATION_AUTO)

		rfds_mitigation = RFDS_MITIGATION_VERW;



	if (rfds_mitigation == RFDS_MITIGATION_OFF)

		return;



	if (rfds_mitigation == RFDS_MITIGATION_AUTO)

	if (verw_clears_cpu_reg_file())

		verw_clear_cpu_buf_mitigation_selected = true;

}



static void __init rfds_update_mitigation(void)

{

	if (!boot_cpu_has_bug(X86_BUG_RFDS) || cpu_mitigations_off())

		return;



	if (verw_clear_cpu_buf_mitigation_selected)

		rfds_mitigation = RFDS_MITIGATION_VERW;



	if (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR)

		setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);

	else

	if (rfds_mitigation == RFDS_MITIGATION_VERW) {

		if (!verw_clears_cpu_reg_file())

			rfds_mitigation = RFDS_MITIGATION_UCODE_NEEDED;

	}



	pr_info("%s\n", rfds_strings[rfds_mitigation]);

}



static void __init rfds_apply_mitigation(void)

{

	if (rfds_mitigation == RFDS_MITIGATION_VERW)

		setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);

}



static __init int rfds_parse_cmdline(char *str)

{

	if (!str)
@@ -712,7 +744,6 @@ static void __init md_clear_update_mitigation(void) 


static void __init md_clear_select_mitigation(void)

{

	rfds_select_mitigation();



	/*

	 * As these mitigations are inter-related and rely on VERW instruction