| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Apr 2024 22:34:33 +0800
From: Chao Gao <chao.gao@...el.com>
To: kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: daniel.sneddon@...ux.intel.com,
pawan.kumar.gupta@...ux.intel.com,
Chao Gao <chao.gao@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>,
Tony Luck <tony.luck@...el.com>,
"Maciej S. Szmigiero" <maciej.szmigiero@...cle.com>,
Kan Liang <kan.liang@...ux.intel.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Sandipan Das <sandipan.das@....com>
Subject: [RFC PATCH v3 05/10] x86/bugs: Use Virtual MSRs to request RRSBA_DIS_S
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
On CPUs with RRSBA behavior a guest using retpoline mitigation could
become vulnerable to BHI. On such CPUs, when RSB underflows a RET could
take prediction from BTB. Although these predictions are limited to same
domain, they may be controllable from userspace using BHI.
Alderlake and newer CPUs have RRSBA_DIS_S knob in MSR_SPEC_CTRL to
disable RRSBA behavior. A guest migrating from older CPU may not be
aware of RRSBA_DIS_S. Use MSR_VIRTUAL_MITIGATION_CTRL to request VMM to
deploy RRSBA_DIS_S when retpoline mitigation is in use.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Signed-off-by: Chao Gao <chao.gao@...el.com>
---
arch/x86/include/asm/msr-index.h | 6 ++++++
arch/x86/kernel/cpu/bugs.c | 7 +++++++
2 files changed, 13 insertions(+)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 18a4081bf5cb..469ab38c0ec8 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -1188,6 +1188,7 @@
#define MSR_VIRTUAL_MITIGATION_ENUM 0x50000001
#define MITI_ENUM_BHB_CLEAR_SEQ_S_SUPPORT BIT(0) /* VMM supports BHI_DIS_S */
+#define MITI_ENUM_RETPOLINE_S_SUPPORT BIT(1) /* VMM supports RRSBA_DIS_S */
#define MSR_VIRTUAL_MITIGATION_CTRL 0x50000002
#define MITI_CTRL_BHB_CLEAR_SEQ_S_USED_BIT 0 /*
@@ -1195,6 +1196,11 @@
* BHI_DIS_S mitigation
*/
#define MITI_CTRL_BHB_CLEAR_SEQ_S_USED BIT(MITI_CTRL_BHB_CLEAR_SEQ_S_USED_BIT)
+#define MITI_CTRL_RETPOLINE_S_USED_BIT 1 /*
+ * Request VMM to deploy
+ * RRSBA_DIS_S mitigation
+ */
+#define MITI_CTRL_RETPOLINE_S_USED BIT(MITI_CTRL_RETPOLINE_S_USED_BIT)
/* AMD-V MSRs */
#define MSR_VM_CR 0xc0010114
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index e74e4c51d387..766f4340eddf 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1704,6 +1704,13 @@ void virt_mitigation_ctrl_init(void)
else
msr_clear_bit(MSR_VIRTUAL_MITIGATION_CTRL, MITI_CTRL_BHB_CLEAR_SEQ_S_USED_BIT);
}
+ if (msr_mitigation_enum & MITI_ENUM_RETPOLINE_S_SUPPORT) {
+ /* When retpoline is being used, request RRSBA_DIS_S */
+ if (boot_cpu_has(X86_FEATURE_RETPOLINE))
+ msr_set_bit(MSR_VIRTUAL_MITIGATION_CTRL, MITI_CTRL_RETPOLINE_S_USED_BIT);
+ else
+ msr_clear_bit(MSR_VIRTUAL_MITIGATION_CTRL, MITI_CTRL_RETPOLINE_S_USED_BIT);
+ }
}
static void __init spectre_v2_select_mitigation(void)
--
2.39.3
Powered by blists - more mailing lists