x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug

#define X86_BUG_TAA			X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */

#define X86_BUG_ITLB_MULTIHIT		X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */

#define X86_BUG_SRBDS			X86_BUG(24) /* CPU may leak RNG bits if not mitigated */

#define X86_BUG_MMIO_STALE_DATA		X86_BUG(25) /* CPU is affected by Processor MMIO Stale Data vulnerabilities */

#endif /* _ASM_X86_CPUFEATURES_H */

						 * Not susceptible to

						 * TSX Async Abort (TAA) vulnerabilities.

						 */

#define ARCH_CAP_SBDR_SSDP_NO		BIT(13)	/*

						 * Not susceptible to SBDR and SSDP

						 * variants of Processor MMIO stale data

						 * vulnerabilities.

						 */

#define ARCH_CAP_FBSDP_NO		BIT(14)	/*

						 * Not susceptible to FBSDP variant of

						 * Processor MMIO stale data

						 * vulnerabilities.

						 */

#define ARCH_CAP_PSDP_NO		BIT(15)	/*

						 * Not susceptible to PSDP variant of

						 * Processor MMIO stale data

						 * vulnerabilities.

						 */

#define ARCH_CAP_FB_CLEAR		BIT(17)	/*

						 * VERW clears CPU fill buffer

						 * even on MDS_NO CPUs.

						 */

#define MSR_IA32_FLUSH_CMD		0x0000010b

#define L1D_FLUSH			BIT(0)	/*

					    X86_FEATURE_ANY, issues)

#define SRBDS		BIT(0)

/* CPU is affected by X86_BUG_MMIO_STALE_DATA */

#define MMIO		BIT(1)

static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {

	VULNBL_INTEL_STEPPINGS(IVYBRIDGE,	X86_STEPPING_ANY,		SRBDS),

	VULNBL_INTEL_STEPPINGS(HASWELL_CORE,	X86_STEPPING_ANY,		SRBDS),

	VULNBL_INTEL_STEPPINGS(HASWELL_ULT,	X86_STEPPING_ANY,		SRBDS),

	VULNBL_INTEL_STEPPINGS(HASWELL_GT3E,	X86_STEPPING_ANY,		SRBDS),

	VULNBL_INTEL_STEPPINGS(HASWELL_X,	BIT(2) | BIT(4),		MMIO),

	VULNBL_INTEL_STEPPINGS(BROADWELL_XEON_D,X86_STEPPINGS(0x3, 0x5),	MMIO),

	VULNBL_INTEL_STEPPINGS(BROADWELL_GT3E,	X86_STEPPING_ANY,		SRBDS),

	VULNBL_INTEL_STEPPINGS(BROADWELL_X,	X86_STEPPING_ANY,		MMIO),

	VULNBL_INTEL_STEPPINGS(BROADWELL_CORE,	X86_STEPPING_ANY,		SRBDS),

	VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE,	X86_STEPPINGS(0x3, 0x3),	SRBDS | MMIO),

	VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE,	X86_STEPPING_ANY,		SRBDS),

	VULNBL_INTEL_STEPPINGS(SKYLAKE_X,	BIT(3) | BIT(4) | BIT(6) |

						BIT(7) | BIT(0xB),              MMIO),

	VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP,	X86_STEPPINGS(0x3, 0x3),	SRBDS | MMIO),

	VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP,	X86_STEPPING_ANY,		SRBDS),

	VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE,	X86_STEPPINGS(0x0, 0xC),	SRBDS),

	VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x0, 0xD),	SRBDS),

	VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE,	X86_STEPPINGS(0x9, 0xC),	SRBDS | MMIO),

	VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE,	X86_STEPPINGS(0x0, 0x8),	SRBDS),

	VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x9, 0xD),	SRBDS | MMIO),

	VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x0, 0x8),	SRBDS),

	VULNBL_INTEL_STEPPINGS(ICELAKE_MOBILE,	X86_STEPPINGS(0x5, 0x5),	MMIO),

	VULNBL_INTEL_STEPPINGS(ICELAKE_XEON_D,	X86_STEPPINGS(0x1, 0x1),	MMIO),

	VULNBL_INTEL_STEPPINGS(ICELAKE_X,	X86_STEPPINGS(0x4, 0x6),	MMIO),

	VULNBL_INTEL_STEPPINGS(COMETLAKE,	BIT(2) | BIT(3) | BIT(5),	MMIO),

	VULNBL_INTEL_STEPPINGS(COMETLAKE_L,	X86_STEPPINGS(0x0, 0x1),	MMIO),

	VULNBL_INTEL_STEPPINGS(LAKEFIELD,	X86_STEPPINGS(0x1, 0x1),	MMIO),

	VULNBL_INTEL_STEPPINGS(ROCKETLAKE,	X86_STEPPINGS(0x1, 0x1),	MMIO),

	VULNBL_INTEL_STEPPINGS(ATOM_TREMONT,	X86_STEPPINGS(0x1, 0x1),	MMIO),

	VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_X,	X86_STEPPING_ANY,		MMIO),

	VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L,	X86_STEPPINGS(0x0, 0x0),	MMIO),

	{}

};

	return ia32_cap;

}

static bool arch_cap_mmio_immune(u64 ia32_cap)

{

	return (ia32_cap & ARCH_CAP_FBSDP_NO &&

		ia32_cap & ARCH_CAP_PSDP_NO &&

		ia32_cap & ARCH_CAP_SBDR_SSDP_NO);

}

static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)

{

	u64 ia32_cap = x86_read_arch_cap_msr();

	    cpu_matches(cpu_vuln_blacklist, SRBDS))

		    setup_force_cpu_bug(X86_BUG_SRBDS);

	/*

	 * Processor MMIO Stale Data bug enumeration

	 *

	 * Affected CPU list is generally enough to enumerate the vulnerability,

	 * but for virtualization case check for ARCH_CAP MSR bits also, VMM may

	 * not want the guest to enumerate the bug.

	 */

	if (cpu_matches(cpu_vuln_blacklist, MMIO) &&

	    !arch_cap_mmio_immune(ia32_cap))

		setup_force_cpu_bug(X86_BUG_MMIO_STALE_DATA);

	if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))

		return;