xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

x86/bugs: Enable STIBP for IBPB mitigated RETBleed

Browse Source 
commit e6cfcdda8cbe81eaf821c897369a65fec987b404 upstream.

AMD's "Technical Guidance for Mitigating Branch Type Confusion,
Rev. 1.0 2022-07-12" whitepaper, under section 6.1.2 "IBPB On
Privileged Mode Entry / SMT Safety" says:

  Similar to the Jmp2Ret mitigation, if the code on the sibling thread
  cannot be trusted, software should set STIBP to 1 or disable SMT to
  ensure SMT safety when using this mitigation.

So, like already being done for retbleed=unret, and now also for
retbleed=ibpb, force STIBP on machines that have it, and report its SMT
vulnerability status accordingly.

 [ bp: Remove the "we" and remove "[AMD]" applicability parameter which
   doesn't work here. ]

Fixes: 3ebc17006888 ("x86/bugs: Add retbleed=ibpb")
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: stable@vger.kernel.org # 5.10, 5.15, 5.19
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
Link: https://lore.kernel.org/r/20220804192201.439596-1-kim.phillips@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Kim Phillips
2022-08-08 09:32:33 -05:00
committed by Greg Kroah-Hartman
parent 1118020b3b
commit fd96b61389
2 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Documentation/admin-guide/kernel-parameters.txt
View File

@@ -4662,20 +4662,33 @@
Speculative Code Execution with Return Instructions) Speculative Code Execution with Return Instructions)
vulnerability. vulnerability.
AMD-based UNRET and IBPB mitigations alone do not stop
sibling threads from influencing the predictions of other
sibling threads. For that reason, STIBP is used on pro-
cessors that support it, and mitigate SMT on processors
that don't.
off - no mitigation off - no mitigation
auto - automatically select a migitation auto - automatically select a migitation
auto,nosmt - automatically select a mitigation, auto,nosmt - automatically select a mitigation,
disabling SMT if necessary for disabling SMT if necessary for
the full mitigation (only on Zen1 the full mitigation (only on Zen1
and older without STIBP). and older without STIBP).
ibpb - mitigate short speculation windows on ibpb - On AMD, mitigate short speculation
basic block boundaries too. Safe, highest windows on basic block boundaries too.
perf impact. Safe, highest perf impact. It also
unret - force enable untrained return thunks, enables STIBP if present. Not suitable
only effective on AMD f15h-f17h on Intel.
based systems. ibpb,nosmt - Like "ibpb" above but will disable SMT
unret,nosmt - like unret, will disable SMT when STIBP when STIBP is not available. This is
is not available. the alternative for systems which do not
have STIBP.
unret - Force enable untrained return thunks,
only effective on AMD f15h-f17h based
systems.
unret,nosmt - Like unret, but will disable SMT when STIBP
is not available. This is the alternative for
systems which do not have STIBP.
Selecting 'auto' will choose a mitigation method at run Selecting 'auto' will choose a mitigation method at run
time according to the CPU. time according to the CPU.

10
arch/x86/kernel/cpu/bugs.c
View File

@@ -144,7 +144,7 @@ void __init check_bugs(void)
/* /*
* spectre_v2_user_select_mitigation() relies on the state set by * spectre_v2_user_select_mitigation() relies on the state set by
* retbleed_select_mitigation(); specifically the STIBP selection is * retbleed_select_mitigation(); specifically the STIBP selection is
* forced for UNRET. * forced for UNRET or IBPB.
*/ */
spectre_v2_user_select_mitigation(); spectre_v2_user_select_mitigation();
ssb_select_mitigation(); ssb_select_mitigation();
@@ -1135,7 +1135,8 @@ spectre_v2_user_select_mitigation(void)
boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON)) boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON))
mode = SPECTRE_V2_USER_STRICT_PREFERRED; mode = SPECTRE_V2_USER_STRICT_PREFERRED;
if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET) { if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET ||
retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
if (mode != SPECTRE_V2_USER_STRICT && if (mode != SPECTRE_V2_USER_STRICT &&
mode != SPECTRE_V2_USER_STRICT_PREFERRED) mode != SPECTRE_V2_USER_STRICT_PREFERRED)
pr_info("Selecting STIBP always-on mode to complement retbleed mitigation\n"); pr_info("Selecting STIBP always-on mode to complement retbleed mitigation\n");
@@ -2283,10 +2284,11 @@ static ssize_t srbds_show_state(char *buf)
static ssize_t retbleed_show_state(char *buf) static ssize_t retbleed_show_state(char *buf)
{ {
if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET) { if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET ||
retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD && if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD &&
boot_cpu_data.x86_vendor != X86_VENDOR_HYGON) boot_cpu_data.x86_vendor != X86_VENDOR_HYGON)
return sprintf(buf, "Vulnerable: untrained return thunk on non-Zen uarch\n"); return sprintf(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n");
return sprintf(buf, "%s; SMT %s\n", return sprintf(buf, "%s; SMT %s\n",
retbleed_strings[retbleed_mitigation], retbleed_strings[retbleed_mitigation],