[SRU][Bionic][PULL] Update speculation side-channel mitigations
Tyler Hicks
tyhicks at canonical.com
Mon Mar 25 21:26:09 UTC 2019
On 2019-03-25 04:58:37, Tyler Hicks wrote:
> Update the speculation side-channel mitigations to match recent upstream
> changes in order to get userspace to userspace protections for Spectre Variant
> 2, a few minor fixes for SSBD, and one that touches code related to Meltdown
> changes.
>
> STIBP mode will be used conditionally. It will not be used on non-SMT systems.
> It will be used on SMT systems to protect processes that have seccomp filters
> loaded or processes that have used prctl() and the newly defined
> PR_SPEC_INDIRECT_BRANCH argument to opt into STIBP protection.
>
> Indirect Branch Prediction Barrier (IBPB) will also be used conditionally when
> switching between different userspace tasks and one of the tasks has a seccomp filter loaded or has used prctl() to opt into protection.
>
> I've tested these patches on SMT and non-SMT systems that I've been using for
> several days without any issues. I've also ran the x86 selftests. Additionally,
> I verified that loading a seccomp filter and/or opting into the mitigations via
> prctl() correctly enables STIBP mode on the SMT system. Finally, I verified
> that the dmesg and /sys/devices/system/cpu/vulnerabilities/* files report the
> correct status when using the "nospectre_v2", "spectre_v2=off",
> "spectre_v2_user=secccomp,ipbp", "spectre_v2_user=on", and
> "spectre_v2_user=off" kernel command line options.
>
> All but three of the patches were clean cherry-picks. The three that required
> backported were simple backports. These patches have all been applied to
> various linux-stable trees.
>
> The following changes since commit 53f4f4b0576f627345fb3769fdd6d20b6249dd91:
>
> UBUNTU: Ubuntu-4.15.0-47.50 (2019-03-13 04:37:50 +0000)
>
> are available in the git repository at:
>
> https://git.launchpad.net/~tyhicks/ubuntu/+source/linux/+git/bionic speculation
I went ahead and updated this branch with the 4 additional commits that
Juerg identified in the corresponding Cosmic thread. I've boot tested
those additional commits. Here's the updated pull request:
The following changes since commit 53f4f4b0576f627345fb3769fdd6d20b6249dd91:
UBUNTU: Ubuntu-4.15.0-47.50 (2019-03-13 04:37:50 +0000)
are available in the git repository at:
https://git.launchpad.net/~tyhicks/ubuntu/+source/linux/+git/bionic speculation
for you to fetch changes up to 5ea0a844e1b95bde97d7a55305358068af5908c5:
x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (2019-03-25 18:25:02 +0000)
----------------------------------------------------------------
Andi Kleen (1):
x86/spectre: Add missing family 6 check to microcode check
Andy Lutomirski (1):
x86/nmi: Fix NMI uaccess race against CR3 switching
Arnaldo Carvalho de Melo (1):
tools headers: Synchronize prctl.h ABI header
Jim Mattson (1):
kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
Jiri Kosina (3):
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
x86/speculation: Propagate information about RSB filling mitigation to sysfs
Konrad Rzeszutek Wilk (3):
x86/bugs: Add AMD's variant of SSB_NO
x86/bugs: Add AMD's SPEC_CTRL MSR usage
x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
Peter Zijlstra (Intel) (1):
sched/smt: Make sched_smt_present track topology
Thomas Gleixner (22):
KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
x86/speculation: Rename SSBD update functions
x86/Kconfig: Select SCHED_SMT if SMP enabled
sched/smt: Expose sched_smt_present static key
x86/speculation: Rework SMT state change
x86/l1tf: Show actual SMT state
x86/speculation: Reorder the spec_v2 code
x86/speculation: Mark string arrays const correctly
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Unify conditional spectre v2 print functions
x86/speculation: Add command line control for indirect branch speculation
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Avoid __switch_to_xtra() calls
x86/speculation: Prepare for conditional IBPB in switch_mm()
ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
x86/speculation: Split out TIF update
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Add prctl() control for indirect branch speculation
x86/speculation: Enable prctl mode for spectre_v2_user
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Provide IBPB always command line options
Thomas Lendacky (1):
x86/speculation: Add support for STIBP always-on preferred mode
Tim Chen (7):
x86/speculation: Update the TIF_SSBD comment
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Reorganize speculation control MSRs update
x86/speculation: Prepare for per task indirect branch speculation control
Tom Lendacky (2):
x86/bugs: Update when to check for the LS_CFG SSBD mitigation
x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
WANG Chao (1):
x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
Waiman Long (1):
x86/speculation: Change misspelled STIPB to STIBP
Zhenzhong Duan (3):
x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
x86/retpoline: Remove minimal retpoline support
Documentation/admin-guide/kernel-parameters.txt | 56 ++-
Documentation/userspace-api/spec_ctrl.rst | 9 +
arch/x86/Kconfig | 12 +-
arch/x86/Makefile | 5 +-
arch/x86/events/core.c | 2 +-
arch/x86/include/asm/cpufeatures.h | 3 +
arch/x86/include/asm/msr-index.h | 5 +-
arch/x86/include/asm/nospec-branch.h | 44 +-
arch/x86/include/asm/spec-ctrl.h | 20 +-
arch/x86/include/asm/switch_to.h | 3 -
arch/x86/include/asm/thread_info.h | 20 +-
arch/x86/include/asm/tlbflush.h | 48 ++-
arch/x86/kernel/cpu/amd.c | 4 +-
arch/x86/kernel/cpu/bugs.c | 528 +++++++++++++++++++-----
arch/x86/kernel/cpu/common.c | 9 +-
arch/x86/kernel/cpu/intel.c | 3 +
arch/x86/kernel/process.c | 101 ++++-
arch/x86/kernel/process.h | 39 ++
arch/x86/kernel/process_32.c | 10 +-
arch/x86/kernel/process_64.c | 10 +-
arch/x86/kvm/cpuid.c | 10 +-
arch/x86/kvm/svm.c | 36 +-
arch/x86/lib/usercopy.c | 5 +
arch/x86/mm/tlb.c | 120 ++++--
include/linux/compiler-gcc.h | 2 +-
include/linux/module.h | 2 +-
include/linux/ptrace.h | 4 +-
include/linux/sched.h | 9 +
include/linux/sched/smt.h | 20 +
include/uapi/linux/prctl.h | 1 +
kernel/cpu.c | 14 +-
kernel/sched/core.c | 19 +-
kernel/sched/sched.h | 4 +-
scripts/Makefile.build | 2 -
scripts/mod/modpost.c | 2 +-
tools/include/uapi/linux/prctl.h | 13 +
36 files changed, 953 insertions(+), 241 deletions(-)
create mode 100644 arch/x86/kernel/process.h
create mode 100644 include/linux/sched/smt.h
More information about the kernel-team
mailing list