--- /dev/null
+From fd470a8beed88440b160d690344fbae05a0b9b1b Mon Sep 17 00:00:00 2001
+From: Kim Phillips <kim.phillips@amd.com>
+Date: Thu, 20 Jul 2023 14:47:27 -0500
+Subject: x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
+
+From: Kim Phillips <kim.phillips@amd.com>
+
+commit fd470a8beed88440b160d690344fbae05a0b9b1b upstream.
+
+Unlike Intel's Enhanced IBRS feature, AMD's Automatic IBRS does not
+provide protection to processes running at CPL3/user mode, see section
+"Extended Feature Enable Register (EFER)" in the APM v2 at
+https://bugzilla.kernel.org/attachment.cgi?id=304652
+
+Explicitly enable STIBP to protect against cross-thread CPL3
+branch target injections on systems with Automatic IBRS enabled.
+
+Also update the relevant documentation.
+
+Fixes: e7862eda309e ("x86/cpu: Support AMD Automatic IBRS")
+Reported-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Kim Phillips <kim.phillips@amd.com>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20230720194727.67022-1-kim.phillips@amd.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++++----
+ arch/x86/kernel/cpu/bugs.c | 15 +++++++++------
+ 2 files changed, 16 insertions(+), 10 deletions(-)
+
+--- a/Documentation/admin-guide/hw-vuln/spectre.rst
++++ b/Documentation/admin-guide/hw-vuln/spectre.rst
+@@ -484,11 +484,14 @@ Spectre variant 2
+
+ Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at
+ boot, by setting the IBRS bit, and they're automatically protected against
+- Spectre v2 variant attacks, including cross-thread branch target injections
+- on SMT systems (STIBP). In other words, eIBRS enables STIBP too.
++ Spectre v2 variant attacks.
+
+- Legacy IBRS systems clear the IBRS bit on exit to userspace and
+- therefore explicitly enable STIBP for that
++ On Intel's enhanced IBRS systems, this includes cross-thread branch target
++ injections on SMT systems (STIBP). In other words, Intel eIBRS enables
++ STIBP, too.
++
++ AMD Automatic IBRS does not protect userspace, and Legacy IBRS systems clear
++ the IBRS bit on exit to userspace, therefore both explicitly enable STIBP.
+
+ The retpoline mitigation is turned on by default on vulnerable
+ CPUs. It can be forced on or off by the administrator
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -1153,19 +1153,21 @@ spectre_v2_user_select_mitigation(void)
+ }
+
+ /*
+- * If no STIBP, enhanced IBRS is enabled, or SMT impossible, STIBP
++ * If no STIBP, Intel enhanced IBRS is enabled, or SMT impossible, STIBP
+ * is not required.
+ *
+- * Enhanced IBRS also protects against cross-thread branch target
++ * Intel's Enhanced IBRS also protects against cross-thread branch target
+ * injection in user-mode as the IBRS bit remains always set which
+ * implicitly enables cross-thread protections. However, in legacy IBRS
+ * mode, the IBRS bit is set only on kernel entry and cleared on return
+- * to userspace. This disables the implicit cross-thread protection,
+- * so allow for STIBP to be selected in that case.
++ * to userspace. AMD Automatic IBRS also does not protect userspace.
++ * These modes therefore disable the implicit cross-thread protection,
++ * so allow for STIBP to be selected in those cases.
+ */
+ if (!boot_cpu_has(X86_FEATURE_STIBP) ||
+ !smt_possible ||
+- spectre_v2_in_eibrs_mode(spectre_v2_enabled))
++ (spectre_v2_in_eibrs_mode(spectre_v2_enabled) &&
++ !boot_cpu_has(X86_FEATURE_AUTOIBRS)))
+ return;
+
+ /*
+@@ -2232,7 +2234,8 @@ static ssize_t mmio_stale_data_show_stat
+
+ static char *stibp_state(void)
+ {
+- if (spectre_v2_in_eibrs_mode(spectre_v2_enabled))
++ if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) &&
++ !boot_cpu_has(X86_FEATURE_AUTOIBRS))
+ return "";
+
+ switch (spectre_v2_user_stibp) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
