[SRU][Cosmic][PULL] Update speculation side-channel mitigations
Tyler Hicks
tyhicks at canonical.com
Mon Mar 25 04:57:32 UTC 2019
Update the speculation side-channel mitigations to match recent upstream
changes in order to get userspace to userspace protections for Spectre Variant
2. In addition to modernizing our mitigations for Spectre Variant 2, this pull
request fixes a considerable performance regression in Cosmic introduced in
4.18.0-14.15 due pulling in the final linux-stable 4.18.y release. It contained
upstream commit 53c613fe6349 ("x86/speculation: Enable cross-hyperthread
spectre v2 STIBP mitigation") which unconditionally enabled Single Thread
Indirect Branch Predictors (STIBP) mode.
STIBP mode will be used conditionally. It will not be used on non-SMT systems.
It will be used on SMT systems to protect processes that have seccomp filters
loaded or processes that have used prctl() and the newly defined
PR_SPEC_INDIRECT_BRANCH argument to opt into STIBP protection.
Indirect Branch Prediction Barrier (IBPB) will also be used conditionally when
switching between different userspace tasks and one of the tasks has a
seccomp filter loaded or has used prctl() to opt into protection.
I've tested these patches on an SMT system that I've been using for several
days without any issues. I've also ran the x86 selftests. Additionally, I
verified that loading a seccomp filter and/or opting into the mitigations via
prctl() correctly enables STIBP mode on the SMT system. Finally, I verified
that the dmesg and /sys/devices/system/cpu/vulnerabilities/* files report the
correct status when using the "nospectre_v2", "spectre_v2=off",
"spectre_v2_user=secccomp,ipbp", "spectre_v2_user=on", and
"spectre_v2_user=off" kernel command line options.
All but two of the patches were clean cherry-picks. The two that required
backported were simple backports. These patches have all been applied to
various linux-stable trees.
The following changes since commit fc64292e63e0272f049bcaf2184d3b9a4c8c0dbd:
UBUNTU: Ubuntu-4.18.0-17.18 (2019-03-13 12:52:13 +0100)
are available in the git repository at:
https://git.launchpad.net/~tyhicks/ubuntu/+source/linux/+git/cosmic speculation
for you to fetch changes up to acae9df78c6acaf90b522a51a94d067c752d37df:
x86/speculation: Provide IBPB always command line options (2019-03-15 12:00:52 +0000)
----------------------------------------------------------------
Jiri Kosina (2):
x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
x86/speculation: Propagate information about RSB filling mitigation to sysfs
Peter Zijlstra (Intel) (1):
sched/smt: Make sched_smt_present track topology
Thomas Gleixner (21):
x86/speculation: Rename SSBD update functions
x86/Kconfig: Select SCHED_SMT if SMP enabled
sched/smt: Expose sched_smt_present static key
x86/speculation: Rework SMT state change
x86/l1tf: Show actual SMT state
x86/speculation: Reorder the spec_v2 code
x86/speculation: Mark string arrays const correctly
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Unify conditional spectre v2 print functions
x86/speculation: Add command line control for indirect branch speculation
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Avoid __switch_to_xtra() calls
x86/speculation: Prepare for conditional IBPB in switch_mm()
ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
x86/speculation: Split out TIF update
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Add prctl() control for indirect branch speculation
x86/speculation: Enable prctl mode for spectre_v2_user
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Provide IBPB always command line options
Tim Chen (7):
x86/speculation: Update the TIF_SSBD comment
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Reorganize speculation control MSRs update
x86/speculation: Prepare for per task indirect branch speculation control
Zhenzhong Duan (3):
x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
x86/retpoline: Remove minimal retpoline support
Documentation/admin-guide/kernel-parameters.txt | 56 ++-
Documentation/userspace-api/spec_ctrl.rst | 9 +
arch/x86/Kconfig | 12 +-
arch/x86/Makefile | 5 +-
arch/x86/include/asm/msr-index.h | 5 +-
arch/x86/include/asm/nospec-branch.h | 43 +-
arch/x86/include/asm/spec-ctrl.h | 20 +-
arch/x86/include/asm/switch_to.h | 3 -
arch/x86/include/asm/thread_info.h | 20 +-
arch/x86/include/asm/tlbflush.h | 8 +-
arch/x86/kernel/cpu/bugs.c | 526 ++++++++++++++++++------
arch/x86/kernel/process.c | 101 ++++-
arch/x86/kernel/process.h | 39 ++
arch/x86/kernel/process_32.c | 10 +-
arch/x86/kernel/process_64.c | 10 +-
arch/x86/mm/tlb.c | 115 ++++--
include/linux/ptrace.h | 4 +-
include/linux/sched.h | 9 +
include/linux/sched/smt.h | 20 +
include/uapi/linux/prctl.h | 1 +
kernel/cpu.c | 15 +-
kernel/sched/core.c | 19 +-
kernel/sched/sched.h | 4 +-
scripts/Makefile.build | 2 -
tools/include/uapi/linux/prctl.h | 1 +
25 files changed, 801 insertions(+), 256 deletions(-)
create mode 100644 arch/x86/kernel/process.h
create mode 100644 include/linux/sched/smt.h
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190325/36304ba5/attachment.sig>
More information about the kernel-team
mailing list