| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<LV3PR12MB926540104F695798EDD4240C9441A@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Tue, 1 Jul 2025 03:27:00 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Borislav Petkov <bp@...en8.de>
CC: Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra
<peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta
<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
Peter Anvin" <hpa@...or.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v5 14/20] x86/bugs: Add attack vector controls for BHI
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Borislav Petkov <bp@...en8.de>
> Sent: Monday, June 30, 2025 7:41 AM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>; Peter Zijlstra <peterz@...radead.org>;
> Josh Poimboeuf <jpoimboe@...nel.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>; linux-kernel@...r.kernel.org
> Subject: Re: [PATCH v5 14/20] x86/bugs: Add attack vector controls for BHI
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Fri, May 09, 2025 at 11:28:33AM -0500, David Kaplan wrote:
> > There are two BHI mitigations, one for SYSCALL and one for VMEXIT.
> > Split these up so they can be selected individually based on attack
> > vector.
> >
> > Signed-off-by: David Kaplan <david.kaplan@....com>
> > ---
> > arch/x86/kernel/cpu/bugs.c | 38 +++++++++++++++++++++++++++-----------
> > 1 file changed, 27 insertions(+), 11 deletions(-)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 305a11fa9521..667385808400 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -1905,8 +1905,9 @@ static bool __init spec_ctrl_bhi_dis(void)
> > enum bhi_mitigations {
> > BHI_MITIGATION_OFF,
> > BHI_MITIGATION_AUTO,
> > - BHI_MITIGATION_ON,
> > + BHI_MITIGATION_FULL,
> > BHI_MITIGATION_VMEXIT_ONLY,
> > + BHI_MITIGATION_SYSCALL_ONLY
>
> We usually call those USER_KERNEL or so...
Was following the existing pattern with VMEXIT_ONLY. But I could rename these to USER_KERNEL (for the SYSCALL one) and GUEST_HOST (for the VMEXIT one) if desired...
>
> But I don't think you need it. The rename to _FULL is ok but the rest could
> look like this:
>
Eh, I'm not a big fan of that. It's basically overloading an existing mitigation setting with a new meaning depending something else. That's unnecessarily complex imo, and in this case is actually incorrect. The attack vectors are supposed to be lower priority than bug-specific command line options (as attack vectors are generic). So if you pass in "spectre_bhi=vmexit" for instance, that should only mitigate bhi for vmexit, even if you have general user->kernel protections enabled. The code below appears to not observe that correctly.
That issue aside, the enums I believe should ideally map to specific mitigation decisions. There are two potential mitigations for BHI, so it makes sense to have mitigation choices for all 4 potential outcomes.
--David Kaplan
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 32edf0b8a495..624d8d766dca 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -2096,7 +2096,7 @@ static bool __init spec_ctrl_bhi_dis(void)
> enum bhi_mitigations {
> BHI_MITIGATION_OFF,
> BHI_MITIGATION_AUTO,
> - BHI_MITIGATION_ON,
> + BHI_MITIGATION_FULL,
> BHI_MITIGATION_VMEXIT_ONLY,
> };
>
> @@ -2111,7 +2111,7 @@ static int __init spectre_bhi_parse_cmdline(char *str)
> if (!strcmp(str, "off"))
> bhi_mitigation = BHI_MITIGATION_OFF;
> else if (!strcmp(str, "on"))
> - bhi_mitigation = BHI_MITIGATION_ON;
> + bhi_mitigation = BHI_MITIGATION_FULL;
> else if (!strcmp(str, "vmexit"))
> bhi_mitigation = BHI_MITIGATION_VMEXIT_ONLY;
> else
> @@ -2123,11 +2123,11 @@ early_param("spectre_bhi",
> spectre_bhi_parse_cmdline);
>
> static void __init bhi_select_mitigation(void)
> {
> - if (!boot_cpu_has(X86_BUG_BHI) || cpu_mitigations_off())
> + if (!boot_cpu_has(X86_BUG_BHI))
> bhi_mitigation = BHI_MITIGATION_OFF;
>
> if (bhi_mitigation == BHI_MITIGATION_AUTO)
> - bhi_mitigation = BHI_MITIGATION_ON;
> + bhi_mitigation = BHI_MITIGATION_FULL;
> }
>
> static void __init bhi_update_mitigation(void)
> @@ -2160,15 +2160,19 @@ static void __init bhi_apply_mitigation(void)
> if (spec_ctrl_bhi_dis())
> return;
>
> - if (bhi_mitigation == BHI_MITIGATION_VMEXIT_ONLY) {
> - pr_info("Spectre BHI mitigation: SW BHB clearing on VM exit only\n");
> + /* Mitigate KVM if guest->host protection is desired */
> + if (bhi_mitigation == BHI_MITIGATION_FULL ||
> + bhi_mitigation == BHI_MITIGATION_VMEXIT_ONLY) {
> setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT);
> - return;
> + pr_info("Spectre BHI mitigation: SW BHB clearing on VM exit\n");
> }
>
> - pr_info("Spectre BHI mitigation: SW BHB clearing on syscall and VM exit\n");
> - setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP);
> - setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT);
> + /* Mitigate syscalls if user->kernel protection is desired */
> + if (bhi_mitigation == BHI_MITIGATION_FULL ||
> + cpu_attack_vector_mitigated(CPU_MITIGATE_USER_KERNEL)) {
> + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP);
> + pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n");
> + }
> }
>
> static void __init spectre_v2_select_mitigation(void)
>
> --
> Regards/Gruss,
> Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists