Message ID | 20230809071218.000335006@infradead.org |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2659419vqr; Wed, 9 Aug 2023 02:01:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGx9Xc43ra9OiYJFUfvoIYbP4GpR8mvSBDHSVM1/FleOt1MyYaKHawAAb6qKN55s09jf+Re X-Received: by 2002:a17:90a:39c6:b0:268:6ed5:117c with SMTP id k6-20020a17090a39c600b002686ed5117cmr1329148pjf.18.1691571699509; Wed, 09 Aug 2023 02:01:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691571699; cv=none; d=google.com; s=arc-20160816; b=ZEdjo1vEZNZ0Ee2DUtyARikt7WnP1kLDvTZFuPqFsx6pgGp41m1P77xIEvD+K+rLaj NTAyP/T3eDarwdYroolE3GDuQ8kUYNewon7laqts9BHUeuihSMPVlRkmeSK1g+UR1EUM NspUQIi59UYxHa95eN2AhzVjUPKr5J1pgXEQD8IcuM0Fn7EraIW1PnpUBpdjCMv87aQk zJzuhIHgVA1t2AIQfnXR9OPGXHGvlo8zEmlo4urkGnxkMzaVnGKrAfSjpndzDFC04d0E oxcpeqCfLOtlBJv6sIP2pNIseHvkXAP6gMQlBMS+Pbt/hsWw5LnTXVezm6JPW+8OCa02 Ge8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:cc:to:from:date:user-agent:message-id :dkim-signature; bh=0df22T3q5S+wbDzDb9AuwCbUzUEW5/RXUQzh/Xw92mw=; fh=o45i9bBrOE/GuAHaEwxsN59PvrZuIOmhioZFWcmA1tw=; b=cp8xKGc5uGWy4niKXw3AUKDoq4ga/+o/lmEdcq/gsSDqyhi8fiaBXhDrjUMngJrWm6 acMADIRNpXmpAJ09N3ZKpAFMmiVcG+lUEqzzz2SuM8DEM9zjj6qCaM2WncYBtbYzk8gB ZXV9oRcK6NlhC+9EnTnxBprB/Gp+mtwCX5wKvenjY+I59hc4I4XPBa8X8d3HK+IRlY01 T+VQgx7bFloe7hDTnnwk+h0oKLAQzeeI3qOf7jZzQxqcvDsRDQKFsLxSnjDKQUgt5naE JbuIS2ETUjxGb0u+3/Z07nZag03Zz6tUIHdJdBd53veZbcShkBYsBDkPppMJF7AeSYZ8 6YSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=AoNLHpfo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mj24-20020a17090b369800b0026925bf4059si971910pjb.106.2023.08.09.02.01.22; Wed, 09 Aug 2023 02:01:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=AoNLHpfo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231754AbjHIH1f (ORCPT <rfc822;aaronkmseo@gmail.com> + 99 others); Wed, 9 Aug 2023 03:27:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48152 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231641AbjHIH05 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 9 Aug 2023 03:26:57 -0400 Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E61F21BFE for <linux-kernel@vger.kernel.org>; Wed, 9 Aug 2023 00:26:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Subject:Cc:To:From:Date:Message-ID: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To:References; bh=0df22T3q5S+wbDzDb9AuwCbUzUEW5/RXUQzh/Xw92mw=; b=AoNLHpfoAA3auVrHf+bkjugOwB HVy35wfIUOKK6UGj9e9yyfE1vujCiot7a2TxmyNw+HNM579jY0OQlB3xtXi8i0aVhmk2qzbXEqDjG o1YuYU8jNuStcizJuL9U0yqFgnS5+m0Wbq4RnRmcZpKYOTrZvoNQ3jHYxjvaZR2COmE8CQxwBUQE7 YYkTAkIG5rsS8+2IoTHGkUQAPZzWhsdYsqSazO1pNbLGs0L8BcNuzIp217tzELOtdoHoGTAKnZDUP IceFrFgS06xW4Rp82Rtz7sYK/kNhYZ6majElpg8IocrtYDhJwn56rEEtbMNk21i48zxiAGDwX4yIp aQpYL76A==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.96 #2 (Red Hat Linux)) id 1qTdae-005TeI-2p; Wed, 09 Aug 2023 07:26:45 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 4D9F630014A; Wed, 9 Aug 2023 09:26:44 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id 394AC201A5786; Wed, 9 Aug 2023 09:26:44 +0200 (CEST) Message-ID: <20230809071218.000335006@infradead.org> User-Agent: quilt/0.66 Date: Wed, 09 Aug 2023 09:12:18 +0200 From: Peter Zijlstra <peterz@infradead.org> To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, David.Kaplan@amd.com, Andrew.Cooper3@citrix.com, jpoimboe@kernel.org, gregkh@linuxfoundation.org Subject: [RFC][PATCH 00/17] Fix up the recent SRSO patches X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773741486317758614 X-GMAIL-MSGID: 1773741486317758614 |
Series |
Fix up the recent SRSO patches
|
|
Message
Peter Zijlstra
Aug. 9, 2023, 7:12 a.m. UTC
Since I wasn't invited to the party (even though I did retbleed), I get to clean things up afterwards :/ Anyway, this here overhauls the SRSO patches in a big way. I claim that AMD retbleed (also called Speculative-Type-Confusion -- not to be confused with Intel retbleed, which is an entirely different bug) is fundamentally the same as this SRSO -- which is also caused by STC. And the mitigations are so similar they should all be controlled from a single spot and not conflated like they are now. As such, at the end of the ride the new kernel command line and srso sysfs files are no more and all we're left with is a few extra retbleed options. Aside of that; this deals with a few implementation issues -- but not all known issues. Josh and Andrew are telling me there's a problem when running inside virt due to how this checks the microcode. I'm hoping either of those two gents will add a patch to address this.
Comments
On 9.08.23 г. 10:12 ч., Peter Zijlstra wrote: > Since I wasn't invited to the party (even though I did retbleed), I get to > clean things up afterwards :/ > > Anyway, this here overhauls the SRSO patches in a big way. > > I claim that AMD retbleed (also called Speculative-Type-Confusion -- not to be > confused with Intel retbleed, which is an entirely different bug) is > fundamentally the same as this SRSO -- which is also caused by STC. And the > mitigations are so similar they should all be controlled from a single spot and > not conflated like they are now. > > As such, at the end of the ride the new kernel command line and srso sysfs > files are no more and all we're left with is a few extra retbleed options. > > Aside of that; this deals with a few implementation issues -- but not all known > issues. Josh and Andrew are telling me there's a problem when running inside > virt due to how this checks the microcode. I'm hoping either of those two gents > will add a patch to address this. The microcode issue should have been fixed as Boris added a safe_wrmsr call which checks for the presence of SBPB bit on zen3/4. > > >
On Wed, Aug 09, 2023 at 11:04:15AM +0100, Andrew.Cooper3@citrix.com wrote: > On 09/08/2023 8:12 am, Peter Zijlstra wrote: > > Since I wasn't invited to the party (even though I did retbleed), I get to > > clean things up afterwards :/ > > > > Anyway, this here overhauls the SRSO patches in a big way. > > > > I claim that AMD retbleed (also called Speculative-Type-Confusion > > Branch Type Confusion. Durr, I shoud've double checked, and yes, too damn many different things and not enough sleep. > > -- not to be > > confused with Intel retbleed, which is an entirely different bug) is > > fundamentally the same as this SRSO -- which is also caused by STC. And the > > mitigations are so similar they should all be controlled from a single spot and > > not conflated like they are now. > > BTC and SRSO are certainly related, but they're not the same. > > With BTC, an attacker poisons a branch type prediction to say "that > thing (which isn't actually a ret) is a ret". > > With SRSO, an attacker leaves a poisoned infinite-call-loop prediction. > Later, a real function (that is architecturally correct execution and > will retire) trips over the predicted infinite loop, which overflows the > RSB/RAS/RAP replacing the correct prediction on the top with the > attackers choice of value. > > So while branch type confusion is used to poison the top-of-RSB value, > the ret that actually goes wrong needs a correct type=ret prediction for > the SRSO attack to succeed. Yes, this is what I meant, and I clearly failed to express myself better. The point was that branch-type-confusion is involved with both, just in different ways.