ACK: [SRU][Cosmic][PATCH 3/4] x86/speculation: Add support for STIBP always-on preferred mode

Tyler Hicks tyhicks at canonical.com
Mon Mar 25 18:19:14 UTC 2019 

On 2019-03-25 14:55:54, Juerg Haefliger wrote:
> From: Thomas Lendacky <Thomas.Lendacky at amd.com>
> 
> Different AMD processors may have different implementations of STIBP.
> When STIBP is conditionally enabled, some implementations would benefit
> from having STIBP always on instead of toggling the STIBP bit through MSR
> writes. This preference is advertised through a CPUID feature bit.
> 
> When conditional STIBP support is requested at boot and the CPU advertises
> STIBP always-on mode as preferred, switch to STIBP "on" support. To show
> that this transition has occurred, create a new spectre_v2_user_mitigation
> value and a new spectre_v2_user_strings message. The new mitigation value
> is used in spectre_v2_user_select_mitigation() to print the new mitigation
> message as well as to return a new string from stibp_state().
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky at amd.com>
> Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
> Cc: Andrea Arcangeli <aarcange at redhat.com>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
> Cc: Jiri Kosina <jkosina at suse.cz>
> Cc: Borislav Petkov <bp at alien8.de>
> Cc: Tim Chen <tim.c.chen at linux.intel.com>
> Cc: David Woodhouse <dwmw at amazon.co.uk>
> Link: https://lkml.kernel.org/r/20181213230352.6937.74943.stgit@tlendack-t1.amdoffice.net
> 
> CVE-2017-5715
> 
> (cherry picked from commit 20c3a2c33e9fdc82e9e8e8d2a6445b3256d20191)
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler

> ---
>  arch/x86/include/asm/cpufeatures.h   |  1 +
>  arch/x86/include/asm/nospec-branch.h |  1 +
>  arch/x86/kernel/cpu/bugs.c           | 28 ++++++++++++++++++++++------
>  3 files changed, 24 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index c8ac84e90d0f..dc6e72bb45ae 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -284,6 +284,7 @@
>  #define X86_FEATURE_AMD_IBPB		(13*32+12) /* "" Indirect Branch Prediction Barrier */
>  #define X86_FEATURE_AMD_IBRS		(13*32+14) /* "" Indirect Branch Restricted Speculation */
>  #define X86_FEATURE_AMD_STIBP		(13*32+15) /* "" Single Thread Indirect Branch Predictors */
> +#define X86_FEATURE_AMD_STIBP_ALWAYS_ON	(13*32+17) /* "" Single Thread Indirect Branch Predictors always-on preferred */
>  #define X86_FEATURE_AMD_SSBD		(13*32+24) /* "" Speculative Store Bypass Disable */
>  #define X86_FEATURE_VIRT_SSBD		(13*32+25) /* Virtualized Speculative Store Bypass Disable */
>  #define X86_FEATURE_AMD_SSB_NO		(13*32+26) /* "" Speculative Store Bypass is fixed in hardware. */
> diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
> index 032b6009baab..dad12b767ba0 100644
> --- a/arch/x86/include/asm/nospec-branch.h
> +++ b/arch/x86/include/asm/nospec-branch.h
> @@ -232,6 +232,7 @@ enum spectre_v2_mitigation {
>  enum spectre_v2_user_mitigation {
>  	SPECTRE_V2_USER_NONE,
>  	SPECTRE_V2_USER_STRICT,
> +	SPECTRE_V2_USER_STRICT_PREFERRED,
>  	SPECTRE_V2_USER_PRCTL,
>  	SPECTRE_V2_USER_SECCOMP,
>  };
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 3fd12053e83b..716130e08528 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -262,10 +262,11 @@ enum spectre_v2_user_cmd {
>  };
>  
>  static const char * const spectre_v2_user_strings[] = {
> -	[SPECTRE_V2_USER_NONE]		= "User space: Vulnerable",
> -	[SPECTRE_V2_USER_STRICT]	= "User space: Mitigation: STIBP protection",
> -	[SPECTRE_V2_USER_PRCTL]		= "User space: Mitigation: STIBP via prctl",
> -	[SPECTRE_V2_USER_SECCOMP]	= "User space: Mitigation: STIBP via seccomp and prctl",
> +	[SPECTRE_V2_USER_NONE]			= "User space: Vulnerable",
> +	[SPECTRE_V2_USER_STRICT]		= "User space: Mitigation: STIBP protection",
> +	[SPECTRE_V2_USER_STRICT_PREFERRED]	= "User space: Mitigation: STIBP always-on protection",
> +	[SPECTRE_V2_USER_PRCTL]			= "User space: Mitigation: STIBP via prctl",
> +	[SPECTRE_V2_USER_SECCOMP]		= "User space: Mitigation: STIBP via seccomp and prctl",
>  };
>  
>  static const struct {
> @@ -355,6 +356,15 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
>  		break;
>  	}
>  
> +	/*
> +	 * At this point, an STIBP mode other than "off" has been set.
> +	 * If STIBP support is not being forced, check if STIBP always-on
> +	 * is preferred.
> +	 */
> +	if (mode != SPECTRE_V2_USER_STRICT &&
> +	    boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON))
> +		mode = SPECTRE_V2_USER_STRICT_PREFERRED;
> +
>  	/* Initialize Indirect Branch Prediction Barrier */
>  	if (boot_cpu_has(X86_FEATURE_IBPB)) {
>  		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
> @@ -608,6 +618,7 @@ void arch_smt_update(void)
>  	case SPECTRE_V2_USER_NONE:
>  		break;
>  	case SPECTRE_V2_USER_STRICT:
> +	case SPECTRE_V2_USER_STRICT_PREFERRED:
>  		update_stibp_strict();
>  		break;
>  	case SPECTRE_V2_USER_PRCTL:
> @@ -810,7 +821,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
>  		 * Indirect branch speculation is always disabled in strict
>  		 * mode.
>  		 */
> -		if (spectre_v2_user == SPECTRE_V2_USER_STRICT)
> +		if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
> +		    spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
>  			return -EPERM;
>  		task_clear_spec_ib_disable(task);
>  		task_update_spec_tif(task);
> @@ -823,7 +835,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
>  		 */
>  		if (spectre_v2_user == SPECTRE_V2_USER_NONE)
>  			return -EPERM;
> -		if (spectre_v2_user == SPECTRE_V2_USER_STRICT)
> +		if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
> +		    spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
>  			return 0;
>  		task_set_spec_ib_disable(task);
>  		if (ctrl == PR_SPEC_FORCE_DISABLE)
> @@ -894,6 +907,7 @@ static int ib_prctl_get(struct task_struct *task)
>  			return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
>  		return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
>  	case SPECTRE_V2_USER_STRICT:
> +	case SPECTRE_V2_USER_STRICT_PREFERRED:
>  		return PR_SPEC_DISABLE;
>  	default:
>  		return PR_SPEC_NOT_AFFECTED;
> @@ -1086,6 +1100,8 @@ static char *stibp_state(void)
>  		return ", STIBP: disabled";
>  	case SPECTRE_V2_USER_STRICT:
>  		return ", STIBP: forced";
> +	case SPECTRE_V2_USER_STRICT_PREFERRED:
> +		return ", STIBP: always-on";
>  	case SPECTRE_V2_USER_PRCTL:
>  	case SPECTRE_V2_USER_SECCOMP:
>  		if (static_key_enabled(&switch_to_cond_stibp))
> -- 
> 2.19.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list