From patchwork Wed Nov 21 17:31:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 1001273 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 430V3x3GMGz9s5c; Thu, 22 Nov 2018 04:31:25 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gPWLQ-0005nk-RN; Wed, 21 Nov 2018 17:31:20 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gPWLO-0005mt-EU for kernel-team@lists.ubuntu.com; Wed, 21 Nov 2018 17:31:18 +0000 Received: from mail-ed1-f72.google.com ([209.85.208.72]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gPWLO-000293-71 for kernel-team@lists.ubuntu.com; Wed, 21 Nov 2018 17:31:18 +0000 Received: by mail-ed1-f72.google.com with SMTP id x1-v6so3235593edh.8 for ; Wed, 21 Nov 2018 09:31:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZpoBxf9RTMRS6b1czqbltru1IqFWWjXbwX2YudrxTE0=; b=hp4mlcl+EroXmOO8PsTa0pDuPHTT9LiNXS8TmKGoOmm7pHE6zDsL9PAo+DxDwqlTv7 7jA3iR3laY9TJRA0UILmMzdYuFOa2Jace0O1BnLeYRdK7iIlufP3kMvYebV7Vyj/xilQ MvUzk9wCfFAuZn2gOQZEGtZec/f27EhoIcajMrMe6C6t/jTd497XHAj7QWu5cwUG1zAW x6tnDkM2dJMGQwOeoMxIKMTv5vpjwldA5EIrAuX4TLUIr69Fljf+HhQ14W9xSKaZYhj5 xoc71GaIAoTD/vxwPK9UAIA9FmWvlAyFE1m4PmUfdmUm+2rT2LEAiNaMHRzPGRMU095E cV+g== X-Gm-Message-State: AGRZ1gJxggHI9mR3wZPSd8bB5oYJlvmgEDOL737SPAIlWVhENm91DFEh XVA5s8pukaVKWJJvf1RCmozvI3MTxdRoHs36daTL+JRFf26dYwatAXVUCEeFfk9eM2Q+PHPi4b0 ZN+UoovbGGo+QM4LQVe5KSM6qQAPdC2PX6HjWZQ9iHw== X-Received: by 2002:a17:906:69cd:: with SMTP id g13-v6mr5735192ejs.141.1542821477543; Wed, 21 Nov 2018 09:31:17 -0800 (PST) X-Google-Smtp-Source: AJdET5cHfCHS+z5i0mzsnApvhnTg3cao64mROBynQbsw5NoojVcBPG0Kq1w67VBdDt99eHV75Q6VvQ== X-Received: by 2002:a17:906:69cd:: with SMTP id g13-v6mr5735177ejs.141.1542821477302; Wed, 21 Nov 2018 09:31:17 -0800 (PST) Received: from localhost.localdomain ([81.221.192.120]) by smtp.gmail.com with ESMTPSA id p36sm3783066edc.78.2018.11.21.09.31.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Nov 2018 09:31:16 -0800 (PST) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][PATCH 1/3] UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling (v2) Date: Wed, 21 Nov 2018 18:31:11 +0100 Message-Id: <20181121173113.13474-2-juergh@canonical.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181121173113.13474-1-juergh@canonical.com> References: <20181121173113.13474-1-juergh@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: juergh@canonical.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Cleanup the code to match Xenial. Functional changes introduced: - Return an error when someone tries to enable IBPB via procfs on HW that doesn't have IBPB support. - Write every IBPB state change to the kernel log. CVE-2017-5715 Signed-off-by: Juerg Haefliger --- arch/x86/include/asm/nospec-branch.h | 6 ++++-- arch/x86/kernel/cpu/bugs.c | 23 +++++++++++----------- kernel/sysctl.c | 29 ++++++++++++++++------------ 3 files changed, 32 insertions(+), 26 deletions(-) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index dd8f0790fbd9..3cc7e65fbb3a 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -190,9 +190,11 @@ # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) #endif -/* The IBPB and IBRS runtime control knobs */ +/* The IBPB runtime control knob */ extern unsigned int ibpb_enabled; -void ibpb_enable(void); +int set_ibpb_enabled(unsigned int); + +/* The IBRS runtime control knob */ extern unsigned int ibrs_enabled; void ibrs_enable(void); diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5b1d8522764e..b4a0a26efc0d 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -428,19 +428,18 @@ retpoline_auto: spectre_v2_enabled = mode; pr_info("%s\n", spectre_v2_strings[mode]); - /* Initialize Indirect Branch Prediction Barrier if supported */ + /* + * Initialize Indirect Branch Prediction Barrier if supported and not + * disabled on the commandline + */ if (boot_cpu_has(X86_FEATURE_IBPB)) { setup_force_cpu_cap(X86_FEATURE_USE_IBPB); - - /* - * Enable IBPB support if it's not turned off on the - * commandline. - */ - if (!noibpb) - ibpb_enable(); - - pr_info("%s Indirect Branch Prediction Barrier\n", - ibpb_enabled ? "Enabling" : "Disabling"); + if (noibpb) { + /* IBPB disabled via commandline */ + set_ibpb_enabled(0); + } else { + set_ibpb_enabled(1); + } } /* @@ -876,7 +875,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr case X86_BUG_SPECTRE_V2: return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], - ibpb_enabled && boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", + ibpb_enabled ? ", IBPB" : "", boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : ""); case X86_BUG_SPEC_STORE_BYPASS: diff --git a/kernel/sysctl.c b/kernel/sysctl.c index e18e18bebd92..9d3084581410 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -203,31 +203,37 @@ static int proc_dostring_coredump(struct ctl_table *table, int write, DEFINE_MUTEX(spec_ctrl_mutex); unsigned int ibpb_enabled = 0; -EXPORT_SYMBOL(ibpb_enabled); +EXPORT_SYMBOL(ibpb_enabled); /* Required in some modules */ static unsigned int __ibpb_enabled = 0; /* procfs shadow variable */ -static void set_ibpb_enabled(unsigned int val) +int set_ibpb_enabled(unsigned int val) { + int error = 0; + mutex_lock(&spec_ctrl_mutex); /* Only enable IBPB if the CPU supports it */ - if (val && boot_cpu_has(X86_FEATURE_USE_IBPB)) - ibpb_enabled = 1; - else + if (boot_cpu_has(X86_FEATURE_IBPB)) { + ibpb_enabled = val; + pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect " + "Branch Prediction Barrier\n", + ibpb_enabled ? "Enabling" : "Disabling"); + } else { ibpb_enabled = 0; + if (val) { + /* IBPB is not supported but we try to turn it on */ + error = -EINVAL; + } + } /* Update the shadow variable */ __ibpb_enabled = ibpb_enabled; mutex_unlock(&spec_ctrl_mutex); -} -inline void ibpb_enable(void) -{ - set_ibpb_enabled(1); + return error; } -EXPORT_SYMBOL(ibpb_enable); static int ibpb_enabled_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, @@ -239,8 +245,7 @@ static int ibpb_enabled_handler(struct ctl_table *table, int write, if (error) return error; - set_ibpb_enabled(__ibpb_enabled); - return 0; + return set_ibpb_enabled(__ibpb_enabled); } unsigned int ibrs_enabled = 0;