Re: [PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist

2018-02-12 Thread Thomas Gleixner 
On Mon, 12 Feb 2018, David Woodhouse wrote:

> On Sat, 2018-02-10 at 23:39 +, David Woodhouse wrote:
> > 
> > --- a/arch/x86/kernel/cpu/intel.c
> > +++ b/arch/x86/kernel/cpu/intel.c
> > @@ -123,8 +123,6 @@ static const struct sku_microcode
> > spectre_bad_microcodes[] = {
> > { INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x84 },
> > { INTEL_FAM6_SKYLAKE_X, 0x03,   0x0100013e },
> > { INTEL_FAM6_SKYLAKE_X, 0x04,   0x023c },
> > -   { INTEL_FAM6_SKYLAKE_MOBILE,0x03,   0xc2 },
> > -   { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
> > { INTEL_FAM6_BROADWELL_CORE,0x04,   0x28 },
> > { INTEL_FAM6_BROADWELL_GT3E,0x01,   0x1b },
> > { INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },
> 
> Arjan points out that the SKYLAKE_DESKTOP one there is premature. There
> are *two* rows in Intel's table which match that CPUID (506E3).
> 
> Only *one* of them ("Skylake H/S") has cleared the 0xC2 microcode for
> use, while the "Skylake E3" line still doesn't approve it. (But doesn't
> explicitly list it in the "STOP deploying" column any more either,
> which it probably should, and might have helped me notice.)
> 
> Ingo, Thomas: do you want to drop this patch which is already in
> tip/x86/pti and have a new version with the SKYLAKE_DESKTOP no longer
> removed? Or shall I send an incremental patch to add it back?

Delta patch please.

Re: [PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist

2018-02-12 Thread Thomas Gleixner 
On Mon, 12 Feb 2018, David Woodhouse wrote:

> On Sat, 2018-02-10 at 23:39 +, David Woodhouse wrote:
> > 
> > --- a/arch/x86/kernel/cpu/intel.c
> > +++ b/arch/x86/kernel/cpu/intel.c
> > @@ -123,8 +123,6 @@ static const struct sku_microcode
> > spectre_bad_microcodes[] = {
> > { INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x84 },
> > { INTEL_FAM6_SKYLAKE_X, 0x03,   0x0100013e },
> > { INTEL_FAM6_SKYLAKE_X, 0x04,   0x023c },
> > -   { INTEL_FAM6_SKYLAKE_MOBILE,0x03,   0xc2 },
> > -   { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
> > { INTEL_FAM6_BROADWELL_CORE,0x04,   0x28 },
> > { INTEL_FAM6_BROADWELL_GT3E,0x01,   0x1b },
> > { INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },
> 
> Arjan points out that the SKYLAKE_DESKTOP one there is premature. There
> are *two* rows in Intel's table which match that CPUID (506E3).
> 
> Only *one* of them ("Skylake H/S") has cleared the 0xC2 microcode for
> use, while the "Skylake E3" line still doesn't approve it. (But doesn't
> explicitly list it in the "STOP deploying" column any more either,
> which it probably should, and might have helped me notice.)
> 
> Ingo, Thomas: do you want to drop this patch which is already in
> tip/x86/pti and have a new version with the SKYLAKE_DESKTOP no longer
> removed? Or shall I send an incremental patch to add it back?

Delta patch please.

Re: [PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist

2018-02-12 Thread David Woodhouse 
On Sat, 2018-02-10 at 23:39 +, David Woodhouse wrote:
> 
> --- a/arch/x86/kernel/cpu/intel.c
> +++ b/arch/x86/kernel/cpu/intel.c
> @@ -123,8 +123,6 @@ static const struct sku_microcode
> spectre_bad_microcodes[] = {
> { INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x84 },
> { INTEL_FAM6_SKYLAKE_X, 0x03,   0x0100013e },
> { INTEL_FAM6_SKYLAKE_X, 0x04,   0x023c },
> -   { INTEL_FAM6_SKYLAKE_MOBILE,0x03,   0xc2 },
> -   { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
> { INTEL_FAM6_BROADWELL_CORE,0x04,   0x28 },
> { INTEL_FAM6_BROADWELL_GT3E,0x01,   0x1b },
> { INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },

Arjan points out that the SKYLAKE_DESKTOP one there is premature. There
are *two* rows in Intel's table which match that CPUID (506E3).

Only *one* of them ("Skylake H/S") has cleared the 0xC2 microcode for
use, while the "Skylake E3" line still doesn't approve it. (But doesn't
explicitly list it in the "STOP deploying" column any more either,
which it probably should, and might have helped me notice.)

Ingo, Thomas: do you want to drop this patch which is already in
tip/x86/pti and have a new version with the SKYLAKE_DESKTOP no longer
removed? Or shall I send an incremental patch to add it back?

smime.p7s
Description: S/MIME cryptographic signature

Re: [PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist

2018-02-12 Thread David Woodhouse 
On Sat, 2018-02-10 at 23:39 +, David Woodhouse wrote:
> 
> --- a/arch/x86/kernel/cpu/intel.c
> +++ b/arch/x86/kernel/cpu/intel.c
> @@ -123,8 +123,6 @@ static const struct sku_microcode
> spectre_bad_microcodes[] = {
> { INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x84 },
> { INTEL_FAM6_SKYLAKE_X, 0x03,   0x0100013e },
> { INTEL_FAM6_SKYLAKE_X, 0x04,   0x023c },
> -   { INTEL_FAM6_SKYLAKE_MOBILE,0x03,   0xc2 },
> -   { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
> { INTEL_FAM6_BROADWELL_CORE,0x04,   0x28 },
> { INTEL_FAM6_BROADWELL_GT3E,0x01,   0x1b },
> { INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },

Arjan points out that the SKYLAKE_DESKTOP one there is premature. There
are *two* rows in Intel's table which match that CPUID (506E3).

Only *one* of them ("Skylake H/S") has cleared the 0xC2 microcode for
use, while the "Skylake E3" line still doesn't approve it. (But doesn't
explicitly list it in the "STOP deploying" column any more either,
which it probably should, and might have helped me notice.)

Ingo, Thomas: do you want to drop this patch which is already in
tip/x86/pti and have a new version with the SKYLAKE_DESKTOP no longer
removed? Or shall I send an incremental patch to add it back?

smime.p7s
Description: S/MIME cryptographic signature

Re: [PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist

2018-02-12 Thread Darren Kenny 

On Sat, Feb 10, 2018 at 11:39:22PM +, David Woodhouse wrote:

Intel have retroactively blessed the 0xc2 microcode on Skylake mobile
and desktop parts, and the Gemini Lake 0x22 microcode is apparently fine
too. We blacklisted the latter purely because it was present with all
the other problematic ones in the 2018-01-08 release, but now it's
explicitly listed as OK.

We still list 0x84 for the various Kaby Lake / Coffee Lake parts, as
that appeared in one version of the blacklist and then reverted to
0x80 again. We can change it if 0x84 is actually announced to be safe.

Signed-off-by: David Woodhouse 


Reviewed-by: Darren Kenny 


---
arch/x86/kernel/cpu/intel.c | 4 
1 file changed, 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 319bf98..f73b814 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -123,8 +123,6 @@ static const struct sku_microcode spectre_bad_microcodes[] 
= {
{ INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x84 },
{ INTEL_FAM6_SKYLAKE_X, 0x03,   0x0100013e },
{ INTEL_FAM6_SKYLAKE_X, 0x04,   0x023c },
-   { INTEL_FAM6_SKYLAKE_MOBILE,0x03,   0xc2 },
-   { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
{ INTEL_FAM6_BROADWELL_CORE,0x04,   0x28 },
{ INTEL_FAM6_BROADWELL_GT3E,0x01,   0x1b },
{ INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },
@@ -136,8 +134,6 @@ static const struct sku_microcode spectre_bad_microcodes[] 
= {
{ INTEL_FAM6_HASWELL_X, 0x02,   0x3b },
{ INTEL_FAM6_HASWELL_X, 0x04,   0x10 },
{ INTEL_FAM6_IVYBRIDGE_X,   0x04,   0x42a },
-   /* Updated in the 20180108 release; blacklist until we know otherwise */
-   { INTEL_FAM6_ATOM_GEMINI_LAKE,  0x01,   0x22 },
/* Observed in the wild */
{ INTEL_FAM6_SANDYBRIDGE_X, 0x06,   0x61b },
{ INTEL_FAM6_SANDYBRIDGE_X, 0x07,   0x712 },
--
2.7.4

Re: [PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist

2018-02-12 Thread Darren Kenny 

On Sat, Feb 10, 2018 at 11:39:22PM +, David Woodhouse wrote:

Intel have retroactively blessed the 0xc2 microcode on Skylake mobile
and desktop parts, and the Gemini Lake 0x22 microcode is apparently fine
too. We blacklisted the latter purely because it was present with all
the other problematic ones in the 2018-01-08 release, but now it's
explicitly listed as OK.

We still list 0x84 for the various Kaby Lake / Coffee Lake parts, as
that appeared in one version of the blacklist and then reverted to
0x80 again. We can change it if 0x84 is actually announced to be safe.

Signed-off-by: David Woodhouse 


Reviewed-by: Darren Kenny 


---
arch/x86/kernel/cpu/intel.c | 4 
1 file changed, 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 319bf98..f73b814 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -123,8 +123,6 @@ static const struct sku_microcode spectre_bad_microcodes[] 
= {
{ INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x84 },
{ INTEL_FAM6_SKYLAKE_X, 0x03,   0x0100013e },
{ INTEL_FAM6_SKYLAKE_X, 0x04,   0x023c },
-   { INTEL_FAM6_SKYLAKE_MOBILE,0x03,   0xc2 },
-   { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
{ INTEL_FAM6_BROADWELL_CORE,0x04,   0x28 },
{ INTEL_FAM6_BROADWELL_GT3E,0x01,   0x1b },
{ INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },
@@ -136,8 +134,6 @@ static const struct sku_microcode spectre_bad_microcodes[] 
= {
{ INTEL_FAM6_HASWELL_X, 0x02,   0x3b },
{ INTEL_FAM6_HASWELL_X, 0x04,   0x10 },
{ INTEL_FAM6_IVYBRIDGE_X,   0x04,   0x42a },
-   /* Updated in the 20180108 release; blacklist until we know otherwise */
-   { INTEL_FAM6_ATOM_GEMINI_LAKE,  0x01,   0x22 },
/* Observed in the wild */
{ INTEL_FAM6_SANDYBRIDGE_X, 0x06,   0x61b },
{ INTEL_FAM6_SANDYBRIDGE_X, 0x07,   0x712 },
--
2.7.4

[PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist

2018-02-10 Thread David Woodhouse 
Intel have retroactively blessed the 0xc2 microcode on Skylake mobile
and desktop parts, and the Gemini Lake 0x22 microcode is apparently fine
too. We blacklisted the latter purely because it was present with all
the other problematic ones in the 2018-01-08 release, but now it's
explicitly listed as OK.

We still list 0x84 for the various Kaby Lake / Coffee Lake parts, as
that appeared in one version of the blacklist and then reverted to
0x80 again. We can change it if 0x84 is actually announced to be safe.

Signed-off-by: David Woodhouse 
---
 arch/x86/kernel/cpu/intel.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 319bf98..f73b814 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -123,8 +123,6 @@ static const struct sku_microcode spectre_bad_microcodes[] 
= {
{ INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x84 },
{ INTEL_FAM6_SKYLAKE_X, 0x03,   0x0100013e },
{ INTEL_FAM6_SKYLAKE_X, 0x04,   0x023c },
-   { INTEL_FAM6_SKYLAKE_MOBILE,0x03,   0xc2 },
-   { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
{ INTEL_FAM6_BROADWELL_CORE,0x04,   0x28 },
{ INTEL_FAM6_BROADWELL_GT3E,0x01,   0x1b },
{ INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },
@@ -136,8 +134,6 @@ static const struct sku_microcode spectre_bad_microcodes[] 
= {
{ INTEL_FAM6_HASWELL_X, 0x02,   0x3b },
{ INTEL_FAM6_HASWELL_X, 0x04,   0x10 },
{ INTEL_FAM6_IVYBRIDGE_X,   0x04,   0x42a },
-   /* Updated in the 20180108 release; blacklist until we know otherwise */
-   { INTEL_FAM6_ATOM_GEMINI_LAKE,  0x01,   0x22 },
/* Observed in the wild */
{ INTEL_FAM6_SANDYBRIDGE_X, 0x06,   0x61b },
{ INTEL_FAM6_SANDYBRIDGE_X, 0x07,   0x712 },
-- 
2.7.4

[PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist

2018-02-10 Thread David Woodhouse 
Intel have retroactively blessed the 0xc2 microcode on Skylake mobile
and desktop parts, and the Gemini Lake 0x22 microcode is apparently fine
too. We blacklisted the latter purely because it was present with all
the other problematic ones in the 2018-01-08 release, but now it's
explicitly listed as OK.

We still list 0x84 for the various Kaby Lake / Coffee Lake parts, as
that appeared in one version of the blacklist and then reverted to
0x80 again. We can change it if 0x84 is actually announced to be safe.

Signed-off-by: David Woodhouse 
---
 arch/x86/kernel/cpu/intel.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 319bf98..f73b814 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -123,8 +123,6 @@ static const struct sku_microcode spectre_bad_microcodes[] 
= {
{ INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x84 },
{ INTEL_FAM6_SKYLAKE_X, 0x03,   0x0100013e },
{ INTEL_FAM6_SKYLAKE_X, 0x04,   0x023c },
-   { INTEL_FAM6_SKYLAKE_MOBILE,0x03,   0xc2 },
-   { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
{ INTEL_FAM6_BROADWELL_CORE,0x04,   0x28 },
{ INTEL_FAM6_BROADWELL_GT3E,0x01,   0x1b },
{ INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },
@@ -136,8 +134,6 @@ static const struct sku_microcode spectre_bad_microcodes[] 
= {
{ INTEL_FAM6_HASWELL_X, 0x02,   0x3b },
{ INTEL_FAM6_HASWELL_X, 0x04,   0x10 },
{ INTEL_FAM6_IVYBRIDGE_X,   0x04,   0x42a },
-   /* Updated in the 20180108 release; blacklist until we know otherwise */
-   { INTEL_FAM6_ATOM_GEMINI_LAKE,  0x01,   0x22 },
/* Observed in the wild */
{ INTEL_FAM6_SANDYBRIDGE_X, 0x06,   0x61b },
{ INTEL_FAM6_SANDYBRIDGE_X, 0x07,   0x712 },
-- 
2.7.4