From patchwork Mon Feb 27 19:58:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 62128 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2619462wrd; Mon, 27 Feb 2023 12:06:49 -0800 (PST) X-Google-Smtp-Source: AK7set8QYGCtjkFJP3ZTOBnmJcxPMsGj/irR6CJ0/g2GiD8P4b7YobK1g7vi0uWZKRR1RSGXzPKx X-Received: by 2002:aa7:942a:0:b0:5b6:c62e:7d4f with SMTP id y10-20020aa7942a000000b005b6c62e7d4fmr129364pfo.8.1677528408678; Mon, 27 Feb 2023 12:06:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1677528408; cv=none; d=google.com; s=arc-20160816; b=NrdQ2tXpbStLRL4eSdIzTUE5+7DeSPdTAH2hYc9nml7tEIiCfovgglvxKQOXG6UCFp 7Jam3K1yiWwXN6dt5ZFuTXbW/2j4bBPdUErCyVHtgUO37hpcqGdv/yoQU+G2aEMo0YBx asMvGoJk6xyP8f0TcXhKfXv+chWArE2593PQ8hfJUnHCLNms5am87uuP4hoxnieZipXk chOxUrk+bPLRfQLlpMr4jaGqAFXpt+iD/atWd8/nln0kqKNgcHVaOzARG5/kXlvm78uj pt7leF7f0Juml/OWRyV6eH6cp7K5RJGciwWg7l0h3ht42yXwyfK/7ajkGipkkA1UP8Ug hIOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=+v/s65Lv8BRxdKYlYRq8m7npHhRAde86BqkA1lCMCJk=; b=XzXxWqv5KONIbYd3B/oXu7dFzy7ir0AT373B+NlozPgRJfpSZDbTFQVyQHZxTY3V7R p05I65KIty6uvb9D7vhWTVLeV/0LM47OS1y2ctltVm0/GW2XSMyHdjSPoVtPVH0a3yfg 1KjDxiIpieoJsWgGolbLS0GZ7Rv3FcoTZtDxJtwlrTVdmorATO3DqrYC+GlAi7xV/EIW cD7nC7jOOW822meF/YOaXqhUx8QysE4Bz6RX+XmUYa/Zf+g1dSgnFBmgwY6tuJj06nOW 3JwljVr9Gqsh+XW+PgKR6h/PNmR5BIGF8EY0/5mC7wOpkF7EhvuhIbYVa9O0GzXbKHbV MXWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Z6qj6Jes; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w11-20020a63c10b000000b004ff73120afbsi7593558pgf.103.2023.02.27.12.06.35; Mon, 27 Feb 2023 12:06:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Z6qj6Jes; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229512AbjB0T7M (ORCPT + 99 others); Mon, 27 Feb 2023 14:59:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229671AbjB0T7L (ORCPT ); Mon, 27 Feb 2023 14:59:11 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45AD546A2; Mon, 27 Feb 2023 11:59:10 -0800 (PST) Date: Mon, 27 Feb 2023 19:58:59 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1677527940; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+v/s65Lv8BRxdKYlYRq8m7npHhRAde86BqkA1lCMCJk=; b=Z6qj6Jeso8U9KM7Av5i0anLDAxTCMRyI4JvnyEKyamHWUvnPG2ugxmY0jU07VhmIeveAfn UJJYq09uK0+j08kxtedAMDW95ibczwGU+TqrXDX85xcVpw3CGxckHmSYhdg5FTeszB4w4v IXSKASU7tU8mC11vJyDg/vi2eb0c5NGRtOtHrbOc0AZwMofBpYO+tQfUE+QpOoVFdCTTnH Q//5Chhw9KsThOWdKQ+MVuAdIe+8YWFGDO/o8KYWZz8vlUF/GW/oYS8avaJt/KFKde+Vs3 fa+OhqDCFXkuqTMVBfdwVDmCEIibhVUuQ94jdW5tuf3I1UJ2b1A7jlx/ErL1LQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1677527940; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+v/s65Lv8BRxdKYlYRq8m7npHhRAde86BqkA1lCMCJk=; b=eYBNs0r+l71lSyyK9Gr1uOZ0Pz6E83PrlsGd7beqfi8PzRGLRsDCZXEoWXHhj85NDinhPA WwEQbI2UjOJ6vTBw== From: "tip-bot2 for KP Singh" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] Documentation/hw-vuln: Document the interaction between IBRS and STIBP Cc: KP Singh , "Borislav Petkov (AMD)" , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20230227060541.1939092-2-kpsingh@kernel.org> References: <20230227060541.1939092-2-kpsingh@kernel.org> MIME-Version: 1.0 Message-ID: <167752793989.5837.12551324006381461991.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758964282111023741?= X-GMAIL-MSGID: =?utf-8?q?1759016028936162310?= The following commit has been merged into the x86/urgent branch of tip: Commit-ID: e02b50ca442e88122e1302d4dbc1b71a4808c13f Gitweb: https://git.kernel.org/tip/e02b50ca442e88122e1302d4dbc1b71a4808c13f Author: KP Singh AuthorDate: Mon, 27 Feb 2023 07:05:41 +01:00 Committer: Borislav Petkov (AMD) CommitterDate: Mon, 27 Feb 2023 19:02:47 +01:00 Documentation/hw-vuln: Document the interaction between IBRS and STIBP Explain why STIBP is needed with legacy IBRS as currently implemented (KERNEL_IBRS) and why STIBP is not needed when enhanced IBRS is enabled. Fixes: 7c693f54c873 ("x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS") Signed-off-by: KP Singh Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230227060541.1939092-2-kpsingh@kernel.org --- Documentation/admin-guide/hw-vuln/spectre.rst | 21 +++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 3fe6511..4d186f5 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -479,8 +479,16 @@ Spectre variant 2 On Intel Skylake-era systems the mitigation covers most, but not all, cases. See :ref:`[3] ` for more details. - On CPUs with hardware mitigation for Spectre variant 2 (e.g. Enhanced - IBRS on x86), retpoline is automatically disabled at run time. + On CPUs with hardware mitigation for Spectre variant 2 (e.g. IBRS + or enhanced IBRS on x86), retpoline is automatically disabled at run time. + + Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at + boot, by setting the IBRS bit, and they're automatically protected against + Spectre v2 variant attacks, including cross-thread branch target injections + on SMT systems (STIBP). In other words, eIBRS enables STIBP too. + + Legacy IBRS systems clear the IBRS bit on exit to userspace and + therefore explicitly enable STIBP for that The retpoline mitigation is turned on by default on vulnerable CPUs. It can be forced on or off by the administrator @@ -504,9 +512,12 @@ Spectre variant 2 For Spectre variant 2 mitigation, individual user programs can be compiled with return trampolines for indirect branches. This protects them from consuming poisoned entries in the branch - target buffer left by malicious software. Alternatively, the - programs can disable their indirect branch speculation via prctl() - (See :ref:`Documentation/userspace-api/spec_ctrl.rst `). + target buffer left by malicious software. + + On legacy IBRS systems, at return to userspace, implicit STIBP is disabled + because the kernel clears the IBRS bit. In this case, the userspace programs + can disable indirect branch speculation via prctl() (See + :ref:`Documentation/userspace-api/spec_ctrl.rst `). On x86, this will turn on STIBP to guard against attacks from the sibling thread when the user program is running, and use IBPB to flush the branch target buffer when switching to/from the program.