From: Suraj Jitindar Singh <surajjs@amazon.com>
To: <stable@vger.kernel.org>
Cc: <surajjs@amazon.com>, <sjitindarsingh@gmail.com>,
<cascardo@canonical.com>, <kvm@vger.kernel.org>,
<pbonzini@redhat.com>, <jpoimboe@kernel.org>,
<peterz@infradead.org>, <x86@kernel.org>
Subject: [PATCH 4.14 16/34] x86/bugs: Report Intel retbleed vulnerability
Date: Thu, 27 Oct 2022 13:55:02 -0700 [thread overview]
Message-ID: <20221027205502.17426-4-surajjs@amazon.com> (raw)
In-Reply-To: <20221027205502.17426-1-surajjs@amazon.com>
From: Peter Zijlstra <peterz@infradead.org>
commit 6ad0ad2bf8a67e27d1f9d006a1dabb0e1c360cc3 upstream.
Skylake suffers from RSB underflow speculation issues; report this
vulnerability and it's mitigation (spectre_v2=ibrs).
[jpoimboe: cleanups, eibrs]
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ bp: Adjust to different processor family names ]
Signed-off-by: Suraj Jitindar Singh <surajjs@amazon.com>
---
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/kernel/cpu/bugs.c | 42 ++++++++++++++++++++++++++------
arch/x86/kernel/cpu/common.c | 24 +++++++++---------
3 files changed, 48 insertions(+), 19 deletions(-)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index c090d8e8fbb3..f5341b4de46a 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -73,6 +73,7 @@
#define MSR_IA32_ARCH_CAPABILITIES 0x0000010a
#define ARCH_CAP_RDCL_NO BIT(0) /* Not susceptible to Meltdown */
#define ARCH_CAP_IBRS_ALL BIT(1) /* Enhanced IBRS support */
+#define ARCH_CAP_RSBA BIT(2) /* RET may use alternative branch predictors */
#define ARCH_CAP_SKIP_VMENTRY_L1DFLUSH BIT(3) /* Skip L1D flush on vmentry */
#define ARCH_CAP_SSB_NO BIT(4) /*
* Not susceptible to Speculative Store Bypass
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 3ed67d5f1a04..01604ea478b0 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -743,11 +743,16 @@ static int __init nospectre_v1_cmdline(char *str)
}
early_param("nospectre_v1", nospectre_v1_cmdline);
+static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
+ SPECTRE_V2_NONE;
+
#undef pr_fmt
#define pr_fmt(fmt) "RETBleed: " fmt
enum retbleed_mitigation {
- RETBLEED_MITIGATION_NONE
+ RETBLEED_MITIGATION_NONE,
+ RETBLEED_MITIGATION_IBRS,
+ RETBLEED_MITIGATION_EIBRS,
};
enum retbleed_mitigation_cmd {
@@ -756,7 +761,9 @@ enum retbleed_mitigation_cmd {
};
const char * const retbleed_strings[] = {
- [RETBLEED_MITIGATION_NONE] = "Vulnerable"
+ [RETBLEED_MITIGATION_NONE] = "Vulnerable",
+ [RETBLEED_MITIGATION_IBRS] = "Mitigation: IBRS",
+ [RETBLEED_MITIGATION_EIBRS] = "Mitigation: Enhanced IBRS",
};
static enum retbleed_mitigation retbleed_mitigation __ro_after_init =
@@ -780,6 +787,8 @@ static int __init retbleed_parse_cmdline(char *str)
}
early_param("retbleed", retbleed_parse_cmdline);
+#define RETBLEED_INTEL_MSG "WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible!\n"
+
static void __init retbleed_select_mitigation(void)
{
if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off())
@@ -791,8 +800,11 @@ static void __init retbleed_select_mitigation(void)
case RETBLEED_CMD_AUTO:
default:
- if (!boot_cpu_has_bug(X86_BUG_RETBLEED))
- break;
+ /*
+ * The Intel mitigation (IBRS) was already selected in
+ * spectre_v2_select_mitigation().
+ */
+
break;
}
@@ -801,15 +813,31 @@ static void __init retbleed_select_mitigation(void)
break;
}
+ /*
+ * Let IBRS trump all on Intel without affecting the effects of the
+ * retbleed= cmdline option.
+ */
+ if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) {
+ switch (spectre_v2_enabled) {
+ case SPECTRE_V2_IBRS:
+ retbleed_mitigation = RETBLEED_MITIGATION_IBRS;
+ break;
+ case SPECTRE_V2_EIBRS:
+ case SPECTRE_V2_EIBRS_RETPOLINE:
+ case SPECTRE_V2_EIBRS_LFENCE:
+ retbleed_mitigation = RETBLEED_MITIGATION_EIBRS;
+ break;
+ default:
+ pr_err(RETBLEED_INTEL_MSG);
+ }
+ }
+
pr_info("%s\n", retbleed_strings[retbleed_mitigation]);
}
#undef pr_fmt
#define pr_fmt(fmt) "Spectre V2 : " fmt
-static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
- SPECTRE_V2_NONE;
-
static enum spectre_v2_user_mitigation spectre_v2_user_stibp __ro_after_init =
SPECTRE_V2_USER_NONE;
static enum spectre_v2_user_mitigation spectre_v2_user_ibpb __ro_after_init =
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index b6fa5fdc3e17..c7202647daeb 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -999,24 +999,24 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
VULNBL_INTEL_STEPPINGS(BROADWELL_GT3E, X86_STEPPING_ANY, SRBDS),
VULNBL_INTEL_STEPPINGS(BROADWELL_X, X86_STEPPING_ANY, MMIO),
VULNBL_INTEL_STEPPINGS(BROADWELL_CORE, X86_STEPPING_ANY, SRBDS),
- VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE, X86_STEPPINGS(0x3, 0x3), SRBDS | MMIO),
+ VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE, X86_STEPPINGS(0x3, 0x3), SRBDS | MMIO | RETBLEED),
VULNBL_INTEL_STEPPINGS(SKYLAKE_MOBILE, X86_STEPPING_ANY, SRBDS),
VULNBL_INTEL_STEPPINGS(SKYLAKE_X, BIT(3) | BIT(4) | BIT(6) |
- BIT(7) | BIT(0xB), MMIO),
- VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP, X86_STEPPINGS(0x3, 0x3), SRBDS | MMIO),
+ BIT(7) | BIT(0xB), MMIO | RETBLEED),
+ VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP, X86_STEPPINGS(0x3, 0x3), SRBDS | MMIO | RETBLEED),
VULNBL_INTEL_STEPPINGS(SKYLAKE_DESKTOP, X86_STEPPING_ANY, SRBDS),
- VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE, X86_STEPPINGS(0x9, 0xC), SRBDS | MMIO),
+ VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE, X86_STEPPINGS(0x9, 0xC), SRBDS | MMIO | RETBLEED),
VULNBL_INTEL_STEPPINGS(KABYLAKE_MOBILE, X86_STEPPINGS(0x0, 0x8), SRBDS),
- VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x9, 0xD), SRBDS | MMIO),
+ VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x9, 0xD), SRBDS | MMIO | RETBLEED),
VULNBL_INTEL_STEPPINGS(KABYLAKE_DESKTOP,X86_STEPPINGS(0x0, 0x8), SRBDS),
- VULNBL_INTEL_STEPPINGS(ICELAKE_MOBILE, X86_STEPPINGS(0x5, 0x5), MMIO | MMIO_SBDS),
+ VULNBL_INTEL_STEPPINGS(ICELAKE_MOBILE, X86_STEPPINGS(0x5, 0x5), MMIO | MMIO_SBDS | RETBLEED),
VULNBL_INTEL_STEPPINGS(ICELAKE_XEON_D, X86_STEPPINGS(0x1, 0x1), MMIO),
VULNBL_INTEL_STEPPINGS(ICELAKE_X, X86_STEPPINGS(0x4, 0x6), MMIO),
- VULNBL_INTEL_STEPPINGS(COMETLAKE, BIT(2) | BIT(3) | BIT(5), MMIO | MMIO_SBDS),
- VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x1, 0x1), MMIO | MMIO_SBDS),
- VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x0, 0x0), MMIO),
- VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPINGS(0x1, 0x1), MMIO | MMIO_SBDS),
- VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPINGS(0x1, 0x1), MMIO),
+ VULNBL_INTEL_STEPPINGS(COMETLAKE, BIT(2) | BIT(3) | BIT(5), MMIO | MMIO_SBDS | RETBLEED),
+ VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x1, 0x1), MMIO | MMIO_SBDS | RETBLEED),
+ VULNBL_INTEL_STEPPINGS(COMETLAKE_L, X86_STEPPINGS(0x0, 0x0), MMIO | RETBLEED),
+ VULNBL_INTEL_STEPPINGS(LAKEFIELD, X86_STEPPINGS(0x1, 0x1), MMIO | MMIO_SBDS | RETBLEED),
+ VULNBL_INTEL_STEPPINGS(ROCKETLAKE, X86_STEPPINGS(0x1, 0x1), MMIO | RETBLEED),
VULNBL_INTEL_STEPPINGS(ATOM_TREMONT, X86_STEPPINGS(0x1, 0x1), MMIO | MMIO_SBDS),
VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_X, X86_STEPPING_ANY, MMIO),
VULNBL_INTEL_STEPPINGS(ATOM_TREMONT_L, X86_STEPPINGS(0x0, 0x0), MMIO | MMIO_SBDS),
@@ -1129,7 +1129,7 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
setup_force_cpu_bug(X86_BUG_MMIO_UNKNOWN);
}
- if (cpu_matches(cpu_vuln_blacklist, RETBLEED))
+ if ((cpu_matches(cpu_vuln_blacklist, RETBLEED) || (ia32_cap & ARCH_CAP_RSBA)))
setup_force_cpu_bug(X86_BUG_RETBLEED);
if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
--
2.17.1
next prev parent reply other threads:[~2022-10-27 21:03 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-27 20:48 [PATCH 4.14 00/34] Retbleed & PBRSB Mitigations Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 01/34] Revert "x86/cpu: Add a steppings field to struct x86_cpu_id" Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 02/34] x86/cpufeature: Add facility to check for min microcode revisions Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 03/34] x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 04/34] x86/devicetable: Move x86 specific macro out of generic code Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 05/34] x86/cpu: Add consistent CPU match macros Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 06/34] x86/cpu: Add a steppings field to struct x86_cpu_id Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 07/34] x86/entry: Remove skip_r11rcx Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 08/34] x86/cpufeatures: Move RETPOLINE flags to word 11 Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 09/34] x86/bugs: Report AMD retbleed vulnerability Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 10/34] x86/bugs: Add AMD retbleed= boot parameter Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 11/34] x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 12/34] x86/entry: Add kernel IBRS implementation Suraj Jitindar Singh
2022-10-27 20:54 ` [PATCH 4.14 13/34] x86/bugs: Optimize SPEC_CTRL MSR writes Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 14/34] x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 15/34] x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() Suraj Jitindar Singh
2022-10-27 20:55 ` Suraj Jitindar Singh [this message]
2022-10-27 20:55 ` [PATCH 4.14 17/34] entel_idle: Disable IBRS during long idle Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 18/34] x86/speculation: Change FILL_RETURN_BUFFER to work with objtool Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 19/34] x86/speculation: Add LFENCE to RSB fill sequence Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 20/34] x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 21/34] x86/speculation: Fix firmware entry SPEC_CTRL handling Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 22/34] x86/speculation: Fix SPEC_CTRL write on SMT state change Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 23/34] x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 24/34] x86/speculation: Remove x86_spec_ctrl_mask Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 25/34] KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 26/34] KVM: VMX: Fix IBRS handling after vmexit Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 27/34] x86/speculation: Fill RSB on vmexit for IBRS Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 28/34] x86/common: Stamp out the stepping madness Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 29/34] x86/cpu/amd: Enumerate BTC_NO Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 30/34] x86/bugs: Add Cannon lake to RETBleed affected CPU list Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 31/34] x86/speculation: Disable RRSBA behavior Suraj Jitindar Singh
2022-10-27 20:55 ` [PATCH 4.14 32/34] x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current Suraj Jitindar Singh
2022-10-27 20:56 ` [PATCH 4.14 33/34] x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts Suraj Jitindar Singh
2022-10-27 20:56 ` [PATCH 4.14 34/34] x86/speculation: Add RSB VM Exit protections Suraj Jitindar Singh
2022-10-31 7:00 ` [PATCH 4.14 00/34] Retbleed & PBRSB Mitigations Greg KH
-- strict thread matches above, loose matches on Subject: below --
2022-10-31 7:02 [PATCH 4.14 00/34] 4.14.297-rc1 review Greg Kroah-Hartman
2022-10-31 7:02 ` [PATCH 4.14 16/34] x86/bugs: Report Intel retbleed vulnerability Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221027205502.17426-4-surajjs@amazon.com \
--to=surajjs@amazon.com \
--cc=cascardo@canonical.com \
--cc=jpoimboe@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=sjitindarsingh@gmail.com \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox