From patchwork Wed Aug 9 10:27:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 133190 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2750574vqr; Wed, 9 Aug 2023 05:06:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH16uux+1rypBseWW7QaLAv3LCUXvo1b/TWKEnQbDMnvQtoVr/30q3kuns555HBl5l67jfs X-Received: by 2002:a17:902:da82:b0:1b8:954c:1f6 with SMTP id j2-20020a170902da8200b001b8954c01f6mr3329309plx.36.1691582816010; Wed, 09 Aug 2023 05:06:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691582815; cv=none; d=google.com; s=arc-20160816; b=0hIEPmL9SD6/47Q9qcMpEDPyVpo5JXSkt+iSM1IAu5cktAnB+7vCoY3UBqD6iV1i1X hxrqsl6wYabSeaOc/5TEGz6IhZhkB+1hlwZ0DibRyIfT9ktGngFV3EyBcat4rBrd5YPm Gh0Pi0us1UV4Qc51tePbL+N86DoK3RMFd4WamvWLJ+IO0fZOeEMLIXU7ouLrQl1SMTN3 cLWG31QudttC4o31r3gUu7x4ruM0iCYhrPpW2FiUT2f0Xe2ROB0L1Ofct+SoMJq0Bkfv a51E+C8AduIcnROjhcbEDpRToioUI4MoRNvx+jXsgPNZyiBkT1nBgkHAfJy5fbP8KwI6 MrTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Qq2e0fKUiObaQFkbMezLQ3rndkkA/zK4wPnA0YXz5j0=; fh=Mp6U4MvFwphBBmWtxjdxW2bNPYDenxYEzhAzBqV4M6E=; b=nTRPyQ4t1eAuEvBkVAG+eMIu/mFLPNVaOgb2XgG2lt/fZ+IFLI71eaaz4y+QOSzZe3 1S1dUVrpgKdBWyFg7IipBPLNdVWVngnT45v07VBKkD6PmLfQ6CzMtK/ZRO0qhElX1wZF lnD2lkdlQSXSbnOGqh1SFjHnFTK9qKaGDV3INr5u8r0Myyswu9wf8lDoVt7BSdspCJuU EATnNJKNkpoj26h8bHlsytOf+fndU0VXMrf0SKd/maoz4YPx9S9n3UKkjf2xoXgGtNq8 Yrz87OSTexNgBTE/4Zhmz46HFZ9kwGh7u/2eOs9gd1rajvcG4I+3Fuuh3caaQlfbSx2F 07AQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b="ZrFhL/OL"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a17-20020a170902ecd100b001b9eb349549si9219153plh.630.2023.08.09.05.06.42; Wed, 09 Aug 2023 05:06:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b="ZrFhL/OL"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232128AbjHIK1y (ORCPT + 99 others); Wed, 9 Aug 2023 06:27:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232194AbjHIK1t (ORCPT ); Wed, 9 Aug 2023 06:27:49 -0400 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BBEF210C for ; Wed, 9 Aug 2023 03:27:42 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 648B540E01A1; Wed, 9 Aug 2023 10:27:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=fail (4096-bit key) reason="fail (body has been altered)" header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 52PuPSpKsuIJ; Wed, 9 Aug 2023 10:27:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1691576859; bh=sSG8SuLREEWpITGtVL2ale4erYRAEQ6yV/T4GIjhK/s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZrFhL/OLe16B3WTHoznti3hfzmMOwRm/Gw++gpceuIDHnsqGCBrnR8SWHnIQIU6wE 9lBv9KuIVGsvKD7/HllTilBei0ztMA6N7n4GfecP+ZNXquihB7SAHDVyqKDIJ4kKac cbWmRO8pC5eB/4YLuoLELwyLHTvgCVdEWo8alCIRrIhu9VYOos0hrwnha7kCVouF+A rc7lD9QmvUMeBCr/wqzcOSevpjVhtpYBhNar/WGQpVXvzsR3uCNgyTFMldOfNeq00Y AOc6XnPTQslMXslTRCyG4vytQeLCGPMQYTwHlnQJCNZqGlbdT0HExm5lTQeichgdi8 8ozmVULwuoUIs381Cgq3lr/uC9yg3IfGEhTp+rGYh/6kI25TPRCoPAj2yec9SV6hoe cvOdHuOs0dZsB8ceY6wnNP3Z0oIA/qOS8+QroBR7keJ+ojnK66wmm0TaTy1ABIPPJC nd97TbGO8+u48HxaxAmhH8YtQq3kVNcrPDuhXwzvEw/WZz4lOrjGtqkuN+1BXvEVr0 41RxJm2qtoNinTWcKFGoQnhbWB67jOl5S0ZQuJ7GEBACPPedbMebYbY6Rd/s6G1wBj cYzwPzEFCoDGNgvQvcPjPxm27+ztGw/3+Vz4BrLrfuJGB8t2cqZv3ZuTcYk2mIJaxy VN/1M8mxzK51t0Q37vtfTgdY= Received: from zn.tnic (pd9530d32.dip0.t-ipconnect.de [217.83.13.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 1822C40E01A3; Wed, 9 Aug 2023 10:27:36 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: Greg Kroah-Hartman , LKML Subject: [PATCH 3/3] Documentation/srso: Document IBPB aspect and fix formatting Date: Wed, 9 Aug 2023 12:27:00 +0200 Message-ID: <20230809102700.29449-4-bp@alien8.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809102700.29449-1-bp@alien8.de> References: <20230809102700.29449-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773753142867382537 X-GMAIL-MSGID: 1773753142867382537 From: "Borislav Petkov (AMD)" Add a note about the dependency of the User->User mitigation on the previous Spectre v2 IBPB selection. Make the layout moar pretty. Signed-off-by: Borislav Petkov (AMD) --- Documentation/admin-guide/hw-vuln/srso.rst | 71 ++++++++++++++-------- 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/srso.rst b/Documentation/admin-guide/hw-vuln/srso.rst index 32eb5e6db272..af59a9395662 100644 --- a/Documentation/admin-guide/hw-vuln/srso.rst +++ b/Documentation/admin-guide/hw-vuln/srso.rst @@ -42,42 +42,59 @@ The sysfs file showing SRSO mitigation status is: The possible values in this file are: - - 'Not affected' The processor is not vulnerable + * 'Not affected': - - 'Vulnerable: no microcode' The processor is vulnerable, no - microcode extending IBPB functionality - to address the vulnerability has been - applied. + The processor is not vulnerable - - 'Mitigation: microcode' Extended IBPB functionality microcode - patch has been applied. It does not - address User->Kernel and Guest->Host - transitions protection but it does - address User->User and VM->VM attack - vectors. + * 'Vulnerable: no microcode': - (spec_rstack_overflow=microcode) + The processor is vulnerable, no microcode extending IBPB + functionality to address the vulnerability has been applied. - - 'Mitigation: safe RET' Software-only mitigation. It complements - the extended IBPB microcode patch - functionality by addressing User->Kernel - and Guest->Host transitions protection. + * 'Mitigation: microcode': - Selected by default or by - spec_rstack_overflow=safe-ret + Extended IBPB functionality microcode patch has been applied. It does + not address User->Kernel and Guest->Host transitions protection but it + does address User->User and VM->VM attack vectors. - - 'Mitigation: IBPB' Similar protection as "safe RET" above - but employs an IBPB barrier on privilege - domain crossings (User->Kernel, - Guest->Host). + Note that User->User mitigation is controlled by how the IBPB aspect in + the Spectre v2 mitigation is selected: - (spec_rstack_overflow=ibpb) + * conditional IBPB: + + where each process can select whether it needs an IBPB issued + around it PR_SPEC_DISABLE/_ENABLE etc, see :doc:`spectre` + + * strict: + + i.e., always on - by supplying spectre_v2_user=on on the kernel + command line + + (spec_rstack_overflow=microcode) + + * 'Mitigation: safe RET': + + Software-only mitigation. It complements the extended IBPB microcode + patch functionality by addressing User->Kernel and Guest->Host + transitions protection. + + Selected by default or by spec_rstack_overflow=safe-ret + + * 'Mitigation: IBPB': + + Similar protection as "safe RET" above but employs an IBPB barrier on + privilege domain crossings (User->Kernel, Guest->Host). + + (spec_rstack_overflow=ibpb) + + * 'Mitigation: IBPB on VMEXIT': + + Mitigation addressing the cloud provider scenario - the Guest->Host + transitions only. + + (spec_rstack_overflow=ibpb-vmexit) - - 'Mitigation: IBPB on VMEXIT' Mitigation addressing the cloud provider - scenario - the Guest->Host transitions - only. - (spec_rstack_overflow=ibpb-vmexit) In order to exploit vulnerability, an attacker needs to: