[SRU PR Lunar] CVE-2023-20569 - AMD SRSO

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Fri Sep 1 18:48:00 UTC 2023 

The following changes since commit 0b1768b79aaefe01d0f9ecb0946fdac17d12d5b0:

  drm/i915/tc: Reset TypeC PHYs left enabled in DP-alt mode after the sink disconnects (2023-09-01 12:30:54 +0200)

are available in the Git repository at:

  git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/lunar srso-6.2

for you to fetch changes up to 47b1f4f7db95ca267ba43f673f804e7e4bcd37bb:

  Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation (2023-09-01 09:48:40 -0300)

----------------------------------------------------------------
[Impact]
 A side channel vulnerability on some of the AMD CPUs may allow an attacker
 to influence the return address prediction. This may result in speculative
 execution at an attacker-controlled address, potentially leading to
 information disclosure.

[Backport]
Patches have been backported from 6.5 upstream. Minor conflicts around
previous backports of GDS and DIV0 had to be handled. Aside from that, only
very few conflicts also required handling.

[Tests]
Tests were run on an AWS Zen1 instance with no IBRS or IBPB. Mitigation
options were toggled and vulnerabilities mitigations reports were as
expected.

An Intel VM was booted with spectre_v2=retpoline.

[Potential regression]
This could cause boot problems and also cause some CPU vulnerabilties
mitigations, specially Retbleed, to regress.


----------------------------------------------------------------
Arnaldo Carvalho de Melo (1):
      tools headers x86 cpufeatures: Sync with the kernel sources

Arnd Bergmann (1):
      x86: Move gds_ucode_mitigated() declaration to header

Borislav Petkov (AMD) (14):
      x86/alternative: Optimize returns patching
      x86/retbleed: Add __x86_return_thunk alignment checks
      x86/srso: Add a Speculative RAS Overflow mitigation
      x86/srso: Add IBPB_BRTYPE support
      x86/srso: Add SRSO_NO support
      x86/srso: Add IBPB
      x86/srso: Add IBPB on VMEXIT
      x86/srso: Add a forgotten NOENDBR annotation
      x86/srso: Tie SBPB bit setting to microcode patch detection
      Documentation/hw-vuln: Unify filename specification in index
      Documentation/srso: Document IBPB aspect and fix formatting
      x86/srso: Disable the mitigation on unaffected configurations
      x86/srso: Explain the untraining sequences a bit more
      x86/srso: Correct the mitigation status when SMT is disabled

Josh Poimboeuf (1):
      x86/srso: Fix return thunks in generated code

Kim Phillips (1):
      x86/cpu, kvm: Add support for CPUID_80000021_EAX

Nick Desaulniers (1):
      x86/srso: Fix build breakage with the LLVM linker

Peter Zijlstra (10):
      x86/cpu: Fix __x86_return_thunk symbol type
      x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
      objtool/x86: Fix SRSO mess
      x86/alternative: Make custom return thunk unconditional
      x86/cpu: Clean up SRSO return thunk mess
      x86/cpu: Rename original retbleed methods
      x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
      x86/cpu: Cleanup the untrain mess
      objtool/x86: Fixup frame-pointer vs rethunk
      x86/static_call: Fix __static_call_fixup()

Petr Pavlu (2):
      x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
      x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT

Sean Christopherson (1):
      x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()

Thadeu Lima de Souza Cascardo (1):
      Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation

 Documentation/admin-guide/hw-vuln/index.rst     |  15 +-
 Documentation/admin-guide/hw-vuln/srso.rst      | 150 ++++++++++++++++++
 Documentation/admin-guide/kernel-parameters.txt |  11 ++
 arch/x86/Kconfig                                |   7 +
 arch/x86/include/asm/cpufeature.h               |   7 +-
 arch/x86/include/asm/cpufeatures.h              |  13 +-
 arch/x86/include/asm/disabled-features.h        |   3 +-
 arch/x86/include/asm/msr-index.h                |   1 +
 arch/x86/include/asm/nospec-branch.h            |  42 ++---
 arch/x86/include/asm/processor.h                |   4 +
 arch/x86/include/asm/required-features.h        |   3 +-
 arch/x86/kernel/alternative.c                   |  17 +-
 arch/x86/kernel/cpu/amd.c                       |  19 +++
 arch/x86/kernel/cpu/bugs.c                      | 197 ++++++++++++++++++++++++
 arch/x86/kernel/cpu/common.c                    |  15 +-
 arch/x86/kernel/kprobes/opt.c                   |  40 ++---
 arch/x86/kernel/static_call.c                   |  13 ++
 arch/x86/kernel/vmlinux.lds.S                   |  39 ++++-
 arch/x86/kvm/cpuid.c                            |   3 +
 arch/x86/kvm/reverse_cpuid.h                    |   1 +
 arch/x86/kvm/svm/svm.c                          |   4 +-
 arch/x86/kvm/svm/vmenter.S                      |   3 +
 arch/x86/kvm/x86.c                              |   2 -
 arch/x86/lib/retpoline.S                        | 160 +++++++++++++++++--
 debian.master/config/annotations                |   1 +
 drivers/base/cpu.c                              |   8 +
 include/linux/cpu.h                             |   2 +
 tools/arch/x86/include/asm/cpufeatures.h        |   2 +-
 tools/arch/x86/include/asm/disabled-features.h  |   3 +-
 tools/arch/x86/include/asm/required-features.h  |   3 +-
 tools/objtool/arch/x86/decode.c                 |   6 +
 tools/objtool/check.c                           |  45 ++++--
 tools/objtool/include/objtool/arch.h            |   1 +
 tools/objtool/include/objtool/elf.h             |   1 +
 tools/perf/util/thread-stack.c                  |   4 +-
 35 files changed, 744 insertions(+), 101 deletions(-)
 create mode 100644 Documentation/admin-guide/hw-vuln/srso.rst

More information about the kernel-team mailing list