]>
Commit | Line | Data |
---|---|---|
a8defc9c GKH |
1 | From fd470a8beed88440b160d690344fbae05a0b9b1b Mon Sep 17 00:00:00 2001 |
2 | From: Kim Phillips <kim.phillips@amd.com> | |
3 | Date: Thu, 20 Jul 2023 14:47:27 -0500 | |
4 | Subject: x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled | |
5 | ||
6 | From: Kim Phillips <kim.phillips@amd.com> | |
7 | ||
8 | commit fd470a8beed88440b160d690344fbae05a0b9b1b upstream. | |
9 | ||
10 | Unlike Intel's Enhanced IBRS feature, AMD's Automatic IBRS does not | |
11 | provide protection to processes running at CPL3/user mode, see section | |
12 | "Extended Feature Enable Register (EFER)" in the APM v2 at | |
13 | https://bugzilla.kernel.org/attachment.cgi?id=304652 | |
14 | ||
15 | Explicitly enable STIBP to protect against cross-thread CPL3 | |
16 | branch target injections on systems with Automatic IBRS enabled. | |
17 | ||
18 | Also update the relevant documentation. | |
19 | ||
20 | Fixes: e7862eda309e ("x86/cpu: Support AMD Automatic IBRS") | |
21 | Reported-by: Tom Lendacky <thomas.lendacky@amd.com> | |
22 | Signed-off-by: Kim Phillips <kim.phillips@amd.com> | |
23 | Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> | |
24 | Cc: stable@vger.kernel.org | |
25 | Link: https://lore.kernel.org/r/20230720194727.67022-1-kim.phillips@amd.com | |
26 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
27 | --- | |
28 | Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++++---- | |
29 | arch/x86/kernel/cpu/bugs.c | 15 +++++++++------ | |
30 | 2 files changed, 16 insertions(+), 10 deletions(-) | |
31 | ||
32 | --- a/Documentation/admin-guide/hw-vuln/spectre.rst | |
33 | +++ b/Documentation/admin-guide/hw-vuln/spectre.rst | |
34 | @@ -484,11 +484,14 @@ Spectre variant 2 | |
35 | ||
36 | Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at | |
37 | boot, by setting the IBRS bit, and they're automatically protected against | |
38 | - Spectre v2 variant attacks, including cross-thread branch target injections | |
39 | - on SMT systems (STIBP). In other words, eIBRS enables STIBP too. | |
40 | + Spectre v2 variant attacks. | |
41 | ||
42 | - Legacy IBRS systems clear the IBRS bit on exit to userspace and | |
43 | - therefore explicitly enable STIBP for that | |
44 | + On Intel's enhanced IBRS systems, this includes cross-thread branch target | |
45 | + injections on SMT systems (STIBP). In other words, Intel eIBRS enables | |
46 | + STIBP, too. | |
47 | + | |
48 | + AMD Automatic IBRS does not protect userspace, and Legacy IBRS systems clear | |
49 | + the IBRS bit on exit to userspace, therefore both explicitly enable STIBP. | |
50 | ||
51 | The retpoline mitigation is turned on by default on vulnerable | |
52 | CPUs. It can be forced on or off by the administrator | |
53 | --- a/arch/x86/kernel/cpu/bugs.c | |
54 | +++ b/arch/x86/kernel/cpu/bugs.c | |
55 | @@ -1317,19 +1317,21 @@ spectre_v2_user_select_mitigation(void) | |
56 | } | |
57 | ||
58 | /* | |
59 | - * If no STIBP, enhanced IBRS is enabled, or SMT impossible, STIBP | |
60 | + * If no STIBP, Intel enhanced IBRS is enabled, or SMT impossible, STIBP | |
61 | * is not required. | |
62 | * | |
63 | - * Enhanced IBRS also protects against cross-thread branch target | |
64 | + * Intel's Enhanced IBRS also protects against cross-thread branch target | |
65 | * injection in user-mode as the IBRS bit remains always set which | |
66 | * implicitly enables cross-thread protections. However, in legacy IBRS | |
67 | * mode, the IBRS bit is set only on kernel entry and cleared on return | |
68 | - * to userspace. This disables the implicit cross-thread protection, | |
69 | - * so allow for STIBP to be selected in that case. | |
70 | + * to userspace. AMD Automatic IBRS also does not protect userspace. | |
71 | + * These modes therefore disable the implicit cross-thread protection, | |
72 | + * so allow for STIBP to be selected in those cases. | |
73 | */ | |
74 | if (!boot_cpu_has(X86_FEATURE_STIBP) || | |
75 | !smt_possible || | |
76 | - spectre_v2_in_eibrs_mode(spectre_v2_enabled)) | |
77 | + (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && | |
78 | + !boot_cpu_has(X86_FEATURE_AUTOIBRS))) | |
79 | return; | |
80 | ||
81 | /* | |
82 | @@ -2596,7 +2598,8 @@ static ssize_t rfds_show_state(char *buf | |
83 | ||
84 | static char *stibp_state(void) | |
85 | { | |
86 | - if (spectre_v2_in_eibrs_mode(spectre_v2_enabled)) | |
87 | + if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && | |
88 | + !boot_cpu_has(X86_FEATURE_AUTOIBRS)) | |
89 | return ""; | |
90 | ||
91 | switch (spectre_v2_user_stibp) { |