From patchwork Sat Jul 22 16:18:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 124345 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp907632vqg; Sat, 22 Jul 2023 10:19:02 -0700 (PDT) X-Google-Smtp-Source: APBJJlH6q1CrO2iH3ulXVkIKc3FizmjyXN7HrDJjtAwAVcOo8eeIKWaOfGPcduZfDH6tjKd5ovTm X-Received: by 2002:a17:902:cec6:b0:1b8:53b5:8518 with SMTP id d6-20020a170902cec600b001b853b58518mr7961390plg.63.1690046342108; Sat, 22 Jul 2023 10:19:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690046342; cv=none; d=google.com; s=arc-20160816; b=uBe82hPzsdiruFg/VmRPtnE7ik2/FsmPjfDcDhzeg1tt6M8XJ0obIXq29CMr9mvZyO onPN7+Ve++nN0gLra3odDbGL487qBDp2y+B+kNXR2o8w2n8FYO4rjz1wXUMNJ0gFjLz9 HjPVo/WagCQJet99JC4LtMI2vQT8NQlS/gO0OO9m4IQxzRZEALLaKnrQLiRCw6NXflGy 2KTrA27Q7oAanejQnuPwN331HCp46c9g0ctfU0uTWdEiXzYkMsCyVeXGqho99kdD8roL +98WgYyidUQ31dWfzXr2DkUw9XEjOJ96o2eiIQN9jvRW7363RVYKO6s1IexsrM5EJ8cU hQqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=7HxdfOmHaQBGRnG6kfgqJKnhhkp+BdN+BlMqHiWUe1w=; fh=rg7wIYnfeSnYQEZRSt851lq8Ttfp3HrKHp5wVMCJhkY=; b=i+3xnqmGjjTA1538meQSTNK3NYOwxzDsvh8EvD1Y2idhX3hZLl27rZ0bn3vSm02oXa SzGLPUyBFs/1pbK572uHVBUS43AWS5BKTwygEQ2quzni4RMm4XhdApMQYL1zXnJ2BDQw fI58bfQx2hGWA8x+0Yl9XDBzHVO7i4v+UvFSeUYS1FEPTi+ikVgF4Z99de/TO1t74upI Tvkp248+JS1xNA01epCLHZjyKiEXCcFr3TrhkVJBJy3XJ3ypjR1Yzn1eQbVe/UwjD+Cc X2mAuLhANQpI7WW2gPi8tBFZO0klE6Jqegk6besH4bypHCSwfwV9A1Ur51HBg32K4Vpt tJRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=qmErEK3N; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ky13-20020a170902f98d00b001b86492d71bsi5067022plb.562.2023.07.22.10.18.49; Sat, 22 Jul 2023 10:19:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=qmErEK3N; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229675AbjGVQTD (ORCPT + 99 others); Sat, 22 Jul 2023 12:19:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229468AbjGVQTC (ORCPT ); Sat, 22 Jul 2023 12:19:02 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1106F1FCB; Sat, 22 Jul 2023 09:19:01 -0700 (PDT) Date: Sat, 22 Jul 2023 16:18:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1690042739; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7HxdfOmHaQBGRnG6kfgqJKnhhkp+BdN+BlMqHiWUe1w=; b=qmErEK3NL6xrZP0u/tmXkmrQZ0z0KeyaoAtBmMJFdeutR1UPdLiKHRD8GBirSWLJ1z6FYw GUMstq7LvMm8xrlcerIsXtFmzTJskSRMCxD5S13Q2PtfzBVytKqjSr0JRNPibkiGiHPBzd vTob9VqXqL6EspFrMk1vB49CYX3Ytvz3ajm7Fc3ZppeGv1Vbe+Genvn/bfFOgJTF9LNIzN RM5+PgHhsHRZU74g56mQdwAAtKYpacuUT8nvqQ0uGoQwR5/veXtybT/RHGN5J1ROtuk8BW t7BjzdTaawUUWUQiGs7n5r4XDQuX6Ti8gf3KSlIR/Ks4Aa/kKn3N2CCq8whxYw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1690042739; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7HxdfOmHaQBGRnG6kfgqJKnhhkp+BdN+BlMqHiWUe1w=; b=872UD6kuSJSNjJfL1ZyaG3sgH8YoUDoGrgphet11KygaZSqRjI3Xtq/EHAfyYHVdvzb6cJ W3/IwL6S/p90j0AA== From: "tip-bot2 for Kim Phillips" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Cc: Tom Lendacky , Kim Phillips , "Borislav Petkov (AMD)" , stable@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20230720194727.67022-1-kim.phillips@amd.com> References: <20230720194727.67022-1-kim.phillips@amd.com> MIME-Version: 1.0 Message-ID: <169004273861.28540.3552352830983009627.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772142033194649318 X-GMAIL-MSGID: 1772142033194649318 The following commit has been merged into the x86/urgent branch of tip: Commit-ID: fd470a8beed88440b160d690344fbae05a0b9b1b Gitweb: https://git.kernel.org/tip/fd470a8beed88440b160d690344fbae05a0b9b1b Author: Kim Phillips AuthorDate: Thu, 20 Jul 2023 14:47:27 -05:00 Committer: Borislav Petkov (AMD) CommitterDate: Sat, 22 Jul 2023 18:04:22 +02:00 x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Unlike Intel's Enhanced IBRS feature, AMD's Automatic IBRS does not provide protection to processes running at CPL3/user mode, see section "Extended Feature Enable Register (EFER)" in the APM v2 at https://bugzilla.kernel.org/attachment.cgi?id=304652 Explicitly enable STIBP to protect against cross-thread CPL3 branch target injections on systems with Automatic IBRS enabled. Also update the relevant documentation. Fixes: e7862eda309e ("x86/cpu: Support AMD Automatic IBRS") Reported-by: Tom Lendacky Signed-off-by: Kim Phillips Signed-off-by: Borislav Petkov (AMD) Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20230720194727.67022-1-kim.phillips@amd.com --- Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++++---- arch/x86/kernel/cpu/bugs.c | 15 +++++++++------ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 4d186f5..32a8893 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -484,11 +484,14 @@ Spectre variant 2 Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at boot, by setting the IBRS bit, and they're automatically protected against - Spectre v2 variant attacks, including cross-thread branch target injections - on SMT systems (STIBP). In other words, eIBRS enables STIBP too. + Spectre v2 variant attacks. - Legacy IBRS systems clear the IBRS bit on exit to userspace and - therefore explicitly enable STIBP for that + On Intel's enhanced IBRS systems, this includes cross-thread branch target + injections on SMT systems (STIBP). In other words, Intel eIBRS enables + STIBP, too. + + AMD Automatic IBRS does not protect userspace, and Legacy IBRS systems clear + the IBRS bit on exit to userspace, therefore both explicitly enable STIBP. The retpoline mitigation is turned on by default on vulnerable CPUs. It can be forced on or off by the administrator diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 9e2a918..9550744 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1150,19 +1150,21 @@ spectre_v2_user_select_mitigation(void) } /* - * If no STIBP, enhanced IBRS is enabled, or SMT impossible, STIBP + * If no STIBP, Intel enhanced IBRS is enabled, or SMT impossible, STIBP * is not required. * - * Enhanced IBRS also protects against cross-thread branch target + * Intel's Enhanced IBRS also protects against cross-thread branch target * injection in user-mode as the IBRS bit remains always set which * implicitly enables cross-thread protections. However, in legacy IBRS * mode, the IBRS bit is set only on kernel entry and cleared on return - * to userspace. This disables the implicit cross-thread protection, - * so allow for STIBP to be selected in that case. + * to userspace. AMD Automatic IBRS also does not protect userspace. + * These modes therefore disable the implicit cross-thread protection, + * so allow for STIBP to be selected in those cases. */ if (!boot_cpu_has(X86_FEATURE_STIBP) || !smt_possible || - spectre_v2_in_eibrs_mode(spectre_v2_enabled)) + (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && + !boot_cpu_has(X86_FEATURE_AUTOIBRS))) return; /* @@ -2294,7 +2296,8 @@ static ssize_t mmio_stale_data_show_state(char *buf) static char *stibp_state(void) { - if (spectre_v2_in_eibrs_mode(spectre_v2_enabled)) + if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && + !boot_cpu_has(X86_FEATURE_AUTOIBRS)) return ""; switch (spectre_v2_user_stibp) {