@@ -1228,6 +1228,8 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
1228
1228
#define GDS BIT(6)
1229
1229
/* CPU is affected by Register File Data Sampling */
1230
1230
#define RFDS BIT(7)
1231
+ /* CPU is affected by Indirect Target Selection */
1232
+ #define ITS BIT(8)
1231
1233
1232
1234
static const struct x86_cpu_id cpu_vuln_blacklist [] __initconst = {
1233
1235
VULNBL_INTEL_STEPPINGS (INTEL_IVYBRIDGE , X86_STEPPING_ANY , SRBDS ),
@@ -1239,22 +1241,25 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
1239
1241
VULNBL_INTEL_STEPPINGS (INTEL_BROADWELL_G , X86_STEPPING_ANY , SRBDS ),
1240
1242
VULNBL_INTEL_STEPPINGS (INTEL_BROADWELL_X , X86_STEPPING_ANY , MMIO ),
1241
1243
VULNBL_INTEL_STEPPINGS (INTEL_BROADWELL , X86_STEPPING_ANY , SRBDS ),
1242
- VULNBL_INTEL_STEPPINGS (INTEL_SKYLAKE_X , X86_STEPPING_ANY , MMIO | RETBLEED | GDS ),
1244
+ VULNBL_INTEL_STEPPINGS (INTEL_SKYLAKE_X , X86_STEPPINGS (0x0 , 0x5 ), MMIO | RETBLEED | GDS ),
1245
+ VULNBL_INTEL_STEPPINGS (INTEL_SKYLAKE_X , X86_STEPPING_ANY , MMIO | RETBLEED | GDS | ITS ),
1243
1246
VULNBL_INTEL_STEPPINGS (INTEL_SKYLAKE_L , X86_STEPPING_ANY , MMIO | RETBLEED | GDS | SRBDS ),
1244
1247
VULNBL_INTEL_STEPPINGS (INTEL_SKYLAKE , X86_STEPPING_ANY , MMIO | RETBLEED | GDS | SRBDS ),
1245
- VULNBL_INTEL_STEPPINGS (INTEL_KABYLAKE_L , X86_STEPPING_ANY , MMIO | RETBLEED | GDS | SRBDS ),
1246
- VULNBL_INTEL_STEPPINGS (INTEL_KABYLAKE , X86_STEPPING_ANY , MMIO | RETBLEED | GDS | SRBDS ),
1248
+ VULNBL_INTEL_STEPPINGS (INTEL_KABYLAKE_L , X86_STEPPINGS (0x0 , 0xb ), MMIO | RETBLEED | GDS | SRBDS ),
1249
+ VULNBL_INTEL_STEPPINGS (INTEL_KABYLAKE_L , X86_STEPPING_ANY , MMIO | RETBLEED | GDS | SRBDS | ITS ),
1250
+ VULNBL_INTEL_STEPPINGS (INTEL_KABYLAKE , X86_STEPPINGS (0x0 , 0xc ), MMIO | RETBLEED | GDS | SRBDS ),
1251
+ VULNBL_INTEL_STEPPINGS (INTEL_KABYLAKE , X86_STEPPING_ANY , MMIO | RETBLEED | GDS | SRBDS | ITS ),
1247
1252
VULNBL_INTEL_STEPPINGS (INTEL_CANNONLAKE_L , X86_STEPPING_ANY , RETBLEED ),
1248
- VULNBL_INTEL_STEPPINGS (INTEL_ICELAKE_L , X86_STEPPING_ANY , MMIO | MMIO_SBDS | RETBLEED | GDS ),
1249
- VULNBL_INTEL_STEPPINGS (INTEL_ICELAKE_D , X86_STEPPING_ANY , MMIO | GDS ),
1250
- VULNBL_INTEL_STEPPINGS (INTEL_ICELAKE_X , X86_STEPPING_ANY , MMIO | GDS ),
1251
- VULNBL_INTEL_STEPPINGS (INTEL_COMETLAKE , X86_STEPPING_ANY , MMIO | MMIO_SBDS | RETBLEED | GDS ),
1252
- VULNBL_INTEL_STEPPINGS (INTEL_COMETLAKE_L , X86_STEPPINGS (0x0 , 0x0 ), MMIO | RETBLEED ),
1253
- VULNBL_INTEL_STEPPINGS (INTEL_COMETLAKE_L , X86_STEPPING_ANY , MMIO | MMIO_SBDS | RETBLEED | GDS ),
1254
- VULNBL_INTEL_STEPPINGS (INTEL_TIGERLAKE_L , X86_STEPPING_ANY , GDS ),
1255
- VULNBL_INTEL_STEPPINGS (INTEL_TIGERLAKE , X86_STEPPING_ANY , GDS ),
1253
+ VULNBL_INTEL_STEPPINGS (INTEL_ICELAKE_L , X86_STEPPING_ANY , MMIO | MMIO_SBDS | RETBLEED | GDS | ITS ),
1254
+ VULNBL_INTEL_STEPPINGS (INTEL_ICELAKE_D , X86_STEPPING_ANY , MMIO | GDS | ITS ),
1255
+ VULNBL_INTEL_STEPPINGS (INTEL_ICELAKE_X , X86_STEPPING_ANY , MMIO | GDS | ITS ),
1256
+ VULNBL_INTEL_STEPPINGS (INTEL_COMETLAKE , X86_STEPPING_ANY , MMIO | MMIO_SBDS | RETBLEED | GDS | ITS ),
1257
+ VULNBL_INTEL_STEPPINGS (INTEL_COMETLAKE_L , X86_STEPPINGS (0x0 , 0x0 ), MMIO | RETBLEED | ITS ),
1258
+ VULNBL_INTEL_STEPPINGS (INTEL_COMETLAKE_L , X86_STEPPING_ANY , MMIO | MMIO_SBDS | RETBLEED | GDS | ITS ),
1259
+ VULNBL_INTEL_STEPPINGS (INTEL_TIGERLAKE_L , X86_STEPPING_ANY , GDS | ITS ),
1260
+ VULNBL_INTEL_STEPPINGS (INTEL_TIGERLAKE , X86_STEPPING_ANY , GDS | ITS ),
1256
1261
VULNBL_INTEL_STEPPINGS (INTEL_LAKEFIELD , X86_STEPPING_ANY , MMIO | MMIO_SBDS | RETBLEED ),
1257
- VULNBL_INTEL_STEPPINGS (INTEL_ROCKETLAKE , X86_STEPPING_ANY , MMIO | RETBLEED | GDS ),
1262
+ VULNBL_INTEL_STEPPINGS (INTEL_ROCKETLAKE , X86_STEPPING_ANY , MMIO | RETBLEED | GDS | ITS ),
1258
1263
VULNBL_INTEL_STEPPINGS (INTEL_ALDERLAKE , X86_STEPPING_ANY , RFDS ),
1259
1264
VULNBL_INTEL_STEPPINGS (INTEL_ALDERLAKE_L , X86_STEPPING_ANY , RFDS ),
1260
1265
VULNBL_INTEL_STEPPINGS (INTEL_RAPTORLAKE , X86_STEPPING_ANY , RFDS ),
@@ -1318,6 +1323,32 @@ static bool __init vulnerable_to_rfds(u64 x86_arch_cap_msr)
1318
1323
return cpu_matches (cpu_vuln_blacklist , RFDS );
1319
1324
}
1320
1325
1326
+ static bool __init vulnerable_to_its (u64 x86_arch_cap_msr )
1327
+ {
1328
+ /* The "immunity" bit trumps everything else: */
1329
+ if (x86_arch_cap_msr & ARCH_CAP_ITS_NO )
1330
+ return false;
1331
+ if (boot_cpu_data .x86_vendor != X86_VENDOR_INTEL )
1332
+ return false;
1333
+
1334
+ /* None of the affected CPUs have BHI_CTRL */
1335
+ if (boot_cpu_has (X86_FEATURE_BHI_CTRL ))
1336
+ return false;
1337
+
1338
+ /*
1339
+ * If a VMM did not expose ITS_NO, assume that a guest could
1340
+ * be running on a vulnerable hardware or may migrate to such
1341
+ * hardware.
1342
+ */
1343
+ if (boot_cpu_has (X86_FEATURE_HYPERVISOR ))
1344
+ return true;
1345
+
1346
+ if (cpu_matches (cpu_vuln_blacklist , ITS ))
1347
+ return true;
1348
+
1349
+ return false;
1350
+ }
1351
+
1321
1352
static void __init cpu_set_bug_bits (struct cpuinfo_x86 * c )
1322
1353
{
1323
1354
u64 x86_arch_cap_msr = x86_read_arch_cap_msr ();
@@ -1450,6 +1481,9 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
1450
1481
if (cpu_has (c , X86_FEATURE_AMD_IBPB ) && !cpu_has (c , X86_FEATURE_AMD_IBPB_RET ))
1451
1482
setup_force_cpu_bug (X86_BUG_IBPB_NO_RET );
1452
1483
1484
+ if (vulnerable_to_its (x86_arch_cap_msr ))
1485
+ setup_force_cpu_bug (X86_BUG_ITS );
1486
+
1453
1487
if (cpu_matches (cpu_vuln_whitelist , NO_MELTDOWN ))
1454
1488
return ;
1455
1489
0 commit comments