lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210507155308.97649-1-jon@nutanix.com>
Date:   Fri,  7 May 2021 11:53:05 -0400
From:   Jon Kohler <jon@...anix.com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     Jon Kohler <jon@...anix.com>, Dave Hansen <dave.hansen@...el.com>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Jiri Kosina <jkosina@...e.cz>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Ravi Shankar <ravi.v.shankar@...el.com>,
        Sai Praneeth Prakhya <sai.praneeth.prakhya@...el.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
        Tony Luck <tony.luck@...el.com>,
        Anthony Steinhauser <asteinhauser@...gle.com>,
        Mike Rapoport <rppt@...nel.org>,
        Anand K Mistry <amistry@...gle.com>,
        Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
        linux-kernel@...r.kernel.org
Subject: [PATCH] x86/bugs: wrap X86_FEATURE_RSB_CTXSW with ifdef CONFIG_RETPOLINE

The only place X86_FEATURE_RSB_CTXSW is currently in use is in
arch/x86/entry/entry_{32|64}.S, where its use is wrapped with
ifdef CONFIG_RETPOLINE. If someone uses a system with
X86_FEATURE_IBRS_ENHANCED and compiles without CONFIG_RETPOLINE
but still has spectre v2 set to auto, the kernel log will
print that eIBRS is enabled and that RSB stuffing is enabled;
however, that stuffing would never occur.

To make this behavior more clear, wrap the enablement of
X86_FEATURE_RSB_CTXSW and the resulting log message with ifdef
CONFIG_RETPOLINE, such that it is compiled out along with the
actions it controls.

This way seems more correct at first glance as this was the way
the code was originally written in fdf82a7856b; however, when
enhanced IBRS was added, there was a goto added under
SPECTRE_V2_CMD_AUTO which bypasses going through retpoline_auto,
where X86_FEATURE_RETPOLINE is set.

The other option would be to remove the CONFIG_RETPOLINE from
the code in entry_{32|64}.S, such that it would always be
compiled no matter what, such that these two areas match.

Fixes: 706d51681d6 ("x86/speculation: Support Enhanced IBRS on future CPUs")
Cc: Dave Hansen <dave.hansen@...el.com>
Cc: David Woodhouse <dwmw@...zon.co.uk>
Cc: Jiri Kosina <jkosina@...e.cz>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Ravi Shankar <ravi.v.shankar@...el.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@...el.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Tim Chen <tim.c.chen@...ux.intel.com>
Signed-off-by: Jon Kohler <jon@...anix.com>
---
 arch/x86/kernel/cpu/bugs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index d41b70fe4918..b72056ee21dd 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -923,6 +923,7 @@ static void __init spectre_v2_select_mitigation(void)
 	spectre_v2_enabled = mode;
 	pr_info("%s\n", spectre_v2_strings[mode]);
 
+#ifdef CONFIG_RETPOLINE
 	/*
 	 * If spectre v2 protection has been enabled, unconditionally fill
 	 * RSB during a context switch; this protects against two independent
@@ -933,6 +934,9 @@ static void __init spectre_v2_select_mitigation(void)
 	 */
 	setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
 	pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
+#else
+	pr_info("Spectre v2 / SpectreRSB mitigation: kernel not compiled with retpoline, do not fill RSB on context switch\n");
+#endif
 
 	/*
 	 * Retpoline means the kernel is safe because it has no indirect
-- 
2.30.1 (Apple Git-130)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ