1 From fd470a8beed88440b160d690344fbae05a0b9b1b Mon Sep 17 00:00:00 2001
2 From: Kim Phillips <kim.phillips@amd.com>
3 Date: Thu, 20 Jul 2023 14:47:27 -0500
4 Subject: x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
6 From: Kim Phillips <kim.phillips@amd.com>
8 commit fd470a8beed88440b160d690344fbae05a0b9b1b upstream.
10 Unlike Intel's Enhanced IBRS feature, AMD's Automatic IBRS does not
11 provide protection to processes running at CPL3/user mode, see section
12 "Extended Feature Enable Register (EFER)" in the APM v2 at
13 https://bugzilla.kernel.org/attachment.cgi?id=304652
15 Explicitly enable STIBP to protect against cross-thread CPL3
16 branch target injections on systems with Automatic IBRS enabled.
18 Also update the relevant documentation.
20 Fixes: e7862eda309e ("x86/cpu: Support AMD Automatic IBRS")
21 Reported-by: Tom Lendacky <thomas.lendacky@amd.com>
22 Signed-off-by: Kim Phillips <kim.phillips@amd.com>
23 Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
24 Cc: stable@vger.kernel.org
25 Link: https://lore.kernel.org/r/20230720194727.67022-1-kim.phillips@amd.com
26 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
28 Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++++----
29 arch/x86/kernel/cpu/bugs.c | 15 +++++++++------
30 2 files changed, 16 insertions(+), 10 deletions(-)
32 --- a/Documentation/admin-guide/hw-vuln/spectre.rst
33 +++ b/Documentation/admin-guide/hw-vuln/spectre.rst
34 @@ -484,11 +484,14 @@ Spectre variant 2
36 Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at
37 boot, by setting the IBRS bit, and they're automatically protected against
38 - Spectre v2 variant attacks, including cross-thread branch target injections
39 - on SMT systems (STIBP). In other words, eIBRS enables STIBP too.
40 + Spectre v2 variant attacks.
42 - Legacy IBRS systems clear the IBRS bit on exit to userspace and
43 - therefore explicitly enable STIBP for that
44 + On Intel's enhanced IBRS systems, this includes cross-thread branch target
45 + injections on SMT systems (STIBP). In other words, Intel eIBRS enables
48 + AMD Automatic IBRS does not protect userspace, and Legacy IBRS systems clear
49 + the IBRS bit on exit to userspace, therefore both explicitly enable STIBP.
51 The retpoline mitigation is turned on by default on vulnerable
52 CPUs. It can be forced on or off by the administrator
53 --- a/arch/x86/kernel/cpu/bugs.c
54 +++ b/arch/x86/kernel/cpu/bugs.c
55 @@ -1317,19 +1317,21 @@ spectre_v2_user_select_mitigation(void)
59 - * If no STIBP, enhanced IBRS is enabled, or SMT impossible, STIBP
60 + * If no STIBP, Intel enhanced IBRS is enabled, or SMT impossible, STIBP
63 - * Enhanced IBRS also protects against cross-thread branch target
64 + * Intel's Enhanced IBRS also protects against cross-thread branch target
65 * injection in user-mode as the IBRS bit remains always set which
66 * implicitly enables cross-thread protections. However, in legacy IBRS
67 * mode, the IBRS bit is set only on kernel entry and cleared on return
68 - * to userspace. This disables the implicit cross-thread protection,
69 - * so allow for STIBP to be selected in that case.
70 + * to userspace. AMD Automatic IBRS also does not protect userspace.
71 + * These modes therefore disable the implicit cross-thread protection,
72 + * so allow for STIBP to be selected in those cases.
74 if (!boot_cpu_has(X86_FEATURE_STIBP) ||
76 - spectre_v2_in_eibrs_mode(spectre_v2_enabled))
77 + (spectre_v2_in_eibrs_mode(spectre_v2_enabled) &&
78 + !boot_cpu_has(X86_FEATURE_AUTOIBRS)))
82 @@ -2596,7 +2598,8 @@ static ssize_t rfds_show_state(char *buf
84 static char *stibp_state(void)
86 - if (spectre_v2_in_eibrs_mode(spectre_v2_enabled))
87 + if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) &&
88 + !boot_cpu_has(X86_FEATURE_AUTOIBRS))
91 switch (spectre_v2_user_stibp) {
projects / thirdparty / kernel / stable-queue.git / blob