From patchwork Wed Apr 17 23:53:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924767 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6l5dG5z1yZx for ; Thu, 18 Apr 2024 09:54:23 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6V-0005ha-MD; Wed, 17 Apr 2024 23:54:15 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6P-0005g8-9C for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:09 +0000 Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 64BF73F36F for ; Wed, 17 Apr 2024 23:54:08 +0000 (UTC) Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-78f08178393so88857485a.1 for ; Wed, 17 Apr 2024 16:54:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398047; x=1714002847; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YZINL8qofclSEl3yuhPJR+m+n3mbrLWIzgMntNu3Diw=; b=KogOOrRtifbdjL/ph+Jqu4UGxXbFyxY23FfDnSqhIQaXnYwWtg8+4As2GNwVQz18QL MQBxeOLum5cTUT9FVxawAIMfAF4DxVwPWi9W2zYEKo1gL1uwUQz15Z1t3MkMFClk4EUr rzhbZL2+vNizDXN/WWqi0uw/qmEYgAvbXwqcSetTqgloC6eW8EaGZV8B/iOd5dVj6MT0 57DrDdt4Vx4imMbBB7IDrrzL1mOoIfeUk2Up1JF6xj6iNBU/hYZIZB+7LJcp8vbCXuxR Cbz5Qjw0UwfPna6yQzJKjUgbMQEVsSaHI6qEXBc4gCLWQV3Q4VZEbzepI0+mdfKRdEGl I2tA== X-Gm-Message-State: AOJu0YxEbAr87EMVE7LoHcAt1r3UC0DfLE5dOodVdr9M5eM2hh+IPoPa wualcgtuMtF1IGOlHPYP9DPM/tbD/M7u817YPFvr715GM74xREarnr8e2+xDiWr41c4vCt+eM5g /niehD2Vti6Aj+dDoYhsFjcPk0WV2wVCnVbcugkTT/fjN06uz9uANWodAS8NJFR11kAP5+5m1QN /xZqmlqj2gvv3C X-Received: by 2002:a05:620a:254f:b0:78e:d2ef:3ae0 with SMTP id s15-20020a05620a254f00b0078ed2ef3ae0mr1395559qko.5.1713398047046; Wed, 17 Apr 2024 16:54:07 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFJIuO9lGLKAyW8MZyXvdHYQeZK9s83GMbAGtxXpLcgnpGd8wCFCLi2BF1yfWlLBj/cgNKDEQ== X-Received: by 2002:a05:620a:254f:b0:78e:d2ef:3ae0 with SMTP id s15-20020a05620a254f00b0078ed2ef3ae0mr1395533qko.5.1713398046609; Wed, 17 Apr 2024 16:54:06 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:06 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 01/11] objtool: Add support for intra-function calls Date: Wed, 17 Apr 2024 19:53:51 -0400 Message-Id: <20240417235401.243631-2-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Alexandre Chartre commit 8aa8eb2a8f5b3305a95f39957dd2b715fa668e21 upstream. Change objtool to support intra-function calls. On x86, an intra-function call is represented in objtool as a push onto the stack (of the return address), and a jump to the destination address. That way the stack information is correctly updated and the call flow is still accurate. Signed-off-by: Alexandre Chartre Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Miroslav Benes Acked-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20200414103618.12657-4-alexandre.chartre@oracle.com Signed-off-by: Rui Qi Signed-off-by: Greg Kroah-Hartman (cherry picked from commit f8f25fde0cc680f6488aea6a0a1f80e689525e18 stable/5.4.y) CVE-2024-2201 Signed-off-by: Yuxuan Luo --- include/linux/frame.h | 11 ++++ .../Documentation/stack-validation.txt | 8 +++ tools/objtool/arch/x86/decode.c | 6 ++ tools/objtool/check.c | 62 +++++++++++++++++-- 4 files changed, 83 insertions(+), 4 deletions(-) diff --git a/include/linux/frame.h b/include/linux/frame.h index 02d3ca2d95985..303cda600e56a 100644 --- a/include/linux/frame.h +++ b/include/linux/frame.h @@ -15,9 +15,20 @@ static void __used __section(.discard.func_stack_frame_non_standard) \ *__func_stack_frame_non_standard_##func = func +/* + * This macro indicates that the following intra-function call is valid. + * Any non-annotated intra-function call will cause objtool to issue a warning. + */ +#define ANNOTATE_INTRA_FUNCTION_CALL \ + 999: \ + .pushsection .discard.intra_function_calls; \ + .long 999b; \ + .popsection; + #else /* !CONFIG_STACK_VALIDATION */ #define STACK_FRAME_NON_STANDARD(func) +#define ANNOTATE_INTRA_FUNCTION_CALL #endif /* CONFIG_STACK_VALIDATION */ diff --git a/tools/objtool/Documentation/stack-validation.txt b/tools/objtool/Documentation/stack-validation.txt index de094670050be..ee26bb382b709 100644 --- a/tools/objtool/Documentation/stack-validation.txt +++ b/tools/objtool/Documentation/stack-validation.txt @@ -290,6 +290,14 @@ they mean, and suggestions for how to fix them. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70646 +11. file.o: warning: unannotated intra-function call + + This warning means that a direct call is done to a destination which + is not at the beginning of a function. If this is a legit call, you + can remove this warning by putting the ANNOTATE_INTRA_FUNCTION_CALL + directive right before the call. + + If the error doesn't seem to make sense, it could be a bug in objtool. Feel free to ask the objtool maintainer for help. diff --git a/tools/objtool/arch/x86/decode.c b/tools/objtool/arch/x86/decode.c index a62e032863a89..c3ff62c085c83 100644 --- a/tools/objtool/arch/x86/decode.c +++ b/tools/objtool/arch/x86/decode.c @@ -437,6 +437,12 @@ int arch_decode_instruction(struct elf *elf, struct section *sec, case 0xe8: *type = INSN_CALL; + /* + * For the impact on the stack, a CALL behaves like + * a PUSH of an immediate value (the return address). + */ + op->src.type = OP_SRC_CONST; + op->dest.type = OP_DEST_PUSH; break; case 0xfc: diff --git a/tools/objtool/check.c b/tools/objtool/check.c index dfd67243faac0..5165c2e0fb37d 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -645,6 +645,7 @@ static int add_jump_destinations(struct objtool_file *file) return 0; } + /* * Find the destination instructions for all calls. */ @@ -666,10 +667,7 @@ static int add_call_destinations(struct objtool_file *file) dest_off); if (!insn->call_dest && !insn->ignore) { - WARN_FUNC("unsupported intra-function call", - insn->sec, insn->offset); - if (retpoline) - WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE."); + WARN_FUNC("unannotated intra-function call", insn->sec, insn->offset); return -1; } @@ -1291,6 +1289,58 @@ static int read_retpoline_hints(struct objtool_file *file) return 0; } + +static int read_intra_function_calls(struct objtool_file *file) +{ + struct instruction *insn; + struct section *sec; + struct rela *rela; + + sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls"); + if (!sec) + return 0; + + list_for_each_entry(rela, &sec->rela_list, list) { + unsigned long dest_off; + + if (rela->sym->type != STT_SECTION) { + WARN("unexpected relocation symbol type in %s", + sec->name); + return -1; + } + + insn = find_insn(file, rela->sym->sec, rela->addend); + if (!insn) { + WARN("bad .discard.intra_function_call entry"); + return -1; + } + + if (insn->type != INSN_CALL) { + WARN_FUNC("intra_function_call not a direct call", + insn->sec, insn->offset); + return -1; + } + + /* + * Treat intra-function CALLs as JMPs, but with a stack_op. + * See add_call_destinations(), which strips stack_ops from + * normal CALLs. + */ + insn->type = INSN_JUMP_UNCONDITIONAL; + + dest_off = insn->offset + insn->len + insn->immediate; + insn->jump_dest = find_insn(file, insn->sec, dest_off); + if (!insn->jump_dest) { + WARN_FUNC("can't find call dest at %s+0x%lx", + insn->sec, insn->offset, + insn->sec->name, dest_off); + return -1; + } + } + + return 0; +} + static void mark_rodata(struct objtool_file *file) { struct section *sec; @@ -1346,6 +1396,10 @@ static int decode_sections(struct objtool_file *file) if (ret) return ret; + ret = read_intra_function_calls(file); + if (ret) + return ret; + ret = add_call_destinations(file); if (ret) return ret; From patchwork Wed Apr 17 23:53:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924768 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6l6Tzqz1ymh for ; Thu, 18 Apr 2024 09:54:23 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6V-0005hy-Rf; Wed, 17 Apr 2024 23:54:15 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6Q-0005gF-Em for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:10 +0000 Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 96E5D3F36F for ; Wed, 17 Apr 2024 23:54:09 +0000 (UTC) Received: by mail-qk1-f199.google.com with SMTP id af79cd13be357-78eeb60e1fbso45907785a.1 for ; Wed, 17 Apr 2024 16:54:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398047; x=1714002847; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KY2t8LZLdbeY78hKtny4R/SGHOVUhMzN1WkBksHmCOU=; b=TxafIsEoTs1mOKiQ4Yo+td0bMc+lOmeD6gqdoS+5XbWXX7hZJ1GANltTDZXfhyTyBt 51WgUlbuwdQXRb0wXIGOtLuPUFWTSSB/5y0IZsE5MvpG5ZqK1dEsmEACgKSi1UXHr3fw 1S16KDwR4gslBpEACu8kPDq8/lKgcngIvU8TM5AVPDGnA3NjmVgoo6Ez6oiojRzjMHex wr2RodiHt/HGpwMaS9YWv61kS9QepvZhHNxrVplop4SfSrp9Nh5SVkpJQzM+8gXzQMXW rYs4qJqrHlN5jTSdjUH9mxzmLc1JNVBR7akPZZmwTtweVs8kWSQkttiAJjVITc3sqbHS +QRA== X-Gm-Message-State: AOJu0YzgPwxBxDyS/edHaBLle4O15jO34lxtlCjtXGE7XzNv3rnuhYCg vSE3n8un6GgwH1lCxlsIfa6N+nVYMVGQmTH5BOpToa4uwU7A15hhctuFTXpLPdrAWoAwY1gFsDC B7L2nCz/P1PijzR8wA6imJU4X3seQx5BOVpw98L8VAa+qs0cuN3bM+3xSISRxknGi+XK2I+M2rX +N8BX3fbxgaaLF X-Received: by 2002:ae9:e64a:0:b0:78e:f0d0:c974 with SMTP id x10-20020ae9e64a000000b0078ef0d0c974mr1040107qkl.32.1713398047687; Wed, 17 Apr 2024 16:54:07 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGEeP1huXCXU3Rof8u6hO04cOBSGCUoSEXQzcv2iKFRuGnqNe3qpeFhmAunad8klinaxCljtg== X-Received: by 2002:ae9:e64a:0:b0:78e:f0d0:c974 with SMTP id x10-20020ae9e64a000000b0078ef0d0c974mr1040094qkl.32.1713398047394; Wed, 17 Apr 2024 16:54:07 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:07 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 02/11] objtool: Only include valid definitions depending on source file type Date: Wed, 17 Apr 2024 19:53:52 -0400 Message-Id: <20240417235401.243631-3-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Julien Thierry Header include/linux/objtool.h contains both C and assembly definition that are visible regardless of the file including them. Place definition under conditional __ASSEMBLY__. Reviewed-by: Miroslav Benes Signed-off-by: Julien Thierry Signed-off-by: Josh Poimboeuf (cherry picked from commit 5567c6c39f3404e4492c18c0c1abff5556684f6e) CVE-2024-2201 Signed-off-by: Yuxuan Luo --- include/linux/frame.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/linux/frame.h b/include/linux/frame.h index 303cda600e56a..d946adb5de178 100644 --- a/include/linux/frame.h +++ b/include/linux/frame.h @@ -3,6 +3,8 @@ #define _LINUX_FRAME_H #ifdef CONFIG_STACK_VALIDATION + +#ifndef __ASSEMBLY__ /* * This macro marks the given function's stack frame as "non-standard", which * tells objtool to ignore the function when doing stack metadata validation. @@ -15,6 +17,8 @@ static void __used __section(.discard.func_stack_frame_non_standard) \ *__func_stack_frame_non_standard_##func = func +#else /* __ASSEMBLY__ */ + /* * This macro indicates that the following intra-function call is valid. * Any non-annotated intra-function call will cause objtool to issue a warning. @@ -25,6 +29,8 @@ .long 999b; \ .popsection; +#endif /* __ASSEMBLY__ */ + #else /* !CONFIG_STACK_VALIDATION */ #define STACK_FRAME_NON_STANDARD(func) From patchwork Wed Apr 17 23:53:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924769 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6m4XzDz23g3 for ; Thu, 18 Apr 2024 09:54:24 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6X-0005kL-26; Wed, 17 Apr 2024 23:54:17 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6Q-0005gL-OR for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:10 +0000 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 706783F8D9 for ; Wed, 17 Apr 2024 23:54:10 +0000 (UTC) Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-78ed22211c4so38282685a.1 for ; Wed, 17 Apr 2024 16:54:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398048; x=1714002848; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GC9c7Z0dShbLP8yngebRfkjfsynMO4abGcrB3xsSZck=; b=E2LrsUwGLjC+B0N3IzvZMOIIpDbvSIzEzDlcCtZgiqHA9rp00bIWCW1IGzgEDANXKi 5ydYtnHKN8jIWvSvARlSKr/YpFcIt2VZoPIhEQ9lWyMnnHHB7B/sSyGAVbpmYhJMPEa8 lriJmOsa2Xzr5Q/v6xMGFbXiTWSZI5l1+JUhL4phLXCSnGi8SIUjIPrp7u1M0Kc+tRPl FQbcduJ5uogQwb8wVrqnDJXeDZmpONMPAV7Q1IYQmgba2k9WOFen8pamzhoITXJEy/Mx OANHJfUqbW4GYjwdOxQsqYI04OKus6P80xsFnJErUZvBFi41iwJ5flKAP7ynMHXMMVdb jNIA== X-Gm-Message-State: AOJu0YxAXI2GV9maRs+NetXYLD2cFiOYaxRjvgmOiI7f+D5j2FhFtSvh HBPEKU4QcVesNAUFBkWalgEfSVo0L0c9h2mW3w+sCr0CPiv3fOmSKhbA07Yldo3XXTkRyYfoyIg l1OZ8ppBNEGKsb+X1eYCB4EqMzStHlLX9qofRLn771GaEuUKB04iR2RWJPHL9w00jZ248IXF3IC qZTZERqqdul7t4 X-Received: by 2002:a05:620a:5695:b0:78e:e9bb:c0ec with SMTP id wg21-20020a05620a569500b0078ee9bbc0ecmr1036216qkn.42.1713398048500; Wed, 17 Apr 2024 16:54:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGNzSdKV5j1BvIprf1vocbcL9tOxjThKhPiCJhsmXqGYpkFb+aGoCer7Sk+gr0rCG2y0oQiAw== X-Received: by 2002:a05:620a:5695:b0:78e:e9bb:c0ec with SMTP id wg21-20020a05620a569500b0078ee9bbc0ecmr1036205qkn.42.1713398048188; Wed, 17 Apr 2024 16:54:08 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:07 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 03/11] objtool: Add asm version of STACK_FRAME_NON_STANDARD Date: Wed, 17 Apr 2024 19:53:53 -0400 Message-Id: <20240417235401.243631-4-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Josh Poimboeuf To be used for adding asm functions to the ignore list. The "aw" is needed to help the ELF section metadata match GCC-created sections. Otherwise the linker creates duplicate sections instead of combining them. Signed-off-by: Josh Poimboeuf Link: https://lore.kernel.org/r/8faa476f9a5ac89af27944ec184c89f95f3c6c49.1611263462.git.jpoimboe@redhat.com (backported from commit 081df94301e317e84c3413686043987da2c3e39d) [yuxuan.luo: applied changes for include/linux/objtool.h to include/linux/frame.h. ] CVE-2024-2201 Signed-off-by: Yuxuan Luo --- include/linux/frame.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/include/linux/frame.h b/include/linux/frame.h index d946adb5de178..7046eeeece9b5 100644 --- a/include/linux/frame.h +++ b/include/linux/frame.h @@ -29,13 +29,22 @@ .long 999b; \ .popsection; +.macro STACK_FRAME_NON_STANDARD func:req + .pushsection .discard.func_stack_frame_non_standard, "aw" + .long \func - . + .popsection +.endm #endif /* __ASSEMBLY__ */ #else /* !CONFIG_STACK_VALIDATION */ #define STACK_FRAME_NON_STANDARD(func) -#define ANNOTATE_INTRA_FUNCTION_CALL +#ifdef __ASSEMBLY__ +#define ANNOTATE_INTRA_FUNCTION_CALL +.macro STACK_FRAME_NON_STANDARD func:req +.endm +#endif /* __ASSEMBLY__ */ #endif /* CONFIG_STACK_VALIDATION */ #endif /* _LINUX_FRAME_H */ From patchwork Wed Apr 17 23:53:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924771 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6q41yxz1yZ2 for ; Thu, 18 Apr 2024 09:54:27 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6b-0005wo-OU; Wed, 17 Apr 2024 23:54:21 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6S-0005gd-CX for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:12 +0000 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1A6753F8D9 for ; Wed, 17 Apr 2024 23:54:12 +0000 (UTC) Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-78ed2a710efso35280585a.1 for ; Wed, 17 Apr 2024 16:54:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398050; x=1714002850; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ISEcRfmL7/v1KKkP5XNqDuJ3mCu2WPrl4Oki+Vp6ciw=; b=LDiWFwEj6PpH2D2ObNwv+/IKHEnnwIMxN5ysIM1MssF8LGtreTfPDkfuIRHQHNxxPe FijZT6FDUEGfEGBtx+egp5AxjnM1cQ99JBqQ1SaaB4EFMDtGz+D9Vaga4VuC3oejFAhS 9vogpPwmXjjlXWfwDypzS368bIlSbB+a3fWVf6jpybdm/hG1Zuz6ohfG5/16BNd6UNCn DnoxY5bPLJXj9qnsw/orGjrJ9Njdmq4HWug8aB6WL1HWErr6KLnQPXxe44pmFguks5Zj pRVgi46y0/N+EzyQnxekn1h93EyEsJM5ugRCcU/Xu5foNCNwcp/5TV9WZFHj1OeJeslA 8waw== X-Gm-Message-State: AOJu0YxQhL6j4qX9NuqX30jZIHRvAum4zSSQUUBesia06wg2OsSXvECx 2ghTzVZ2cbYypC+SAyXXs3nJPoQNbqCM6dfKtaTGHATz/fm9q6w/QVyXZ+LPgi8CI/K7BepgCUh MGRYuA8A64JxBTSuJjCov2QKAsZqEEme0/TnoyMZ6QbVS+SNf1BC4TJSx+sBlMxAmvyJgBZry5d cv2qVn8jmIsSnP X-Received: by 2002:a05:620a:4589:b0:78d:3d3e:1ad4 with SMTP id bp9-20020a05620a458900b0078d3d3e1ad4mr1195353qkb.54.1713398050262; Wed, 17 Apr 2024 16:54:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEcVHK28fX/5WXldVA78K9NcDhFSyQWbKzx5XH+3MPJHHVpzF9MmLmZQBH9Hsvtozb3n0l21Q== X-Received: by 2002:a05:620a:4589:b0:78d:3d3e:1ad4 with SMTP id bp9-20020a05620a458900b0078d3d3e1ad4mr1195344qkb.54.1713398049955; Wed, 17 Apr 2024 16:54:09 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:08 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 04/11] x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Date: Wed, 17 Apr 2024 19:53:54 -0400 Message-Id: <20240417235401.243631-5-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Josh Poimboeuf Change the format of the 'spectre_v2' vulnerabilities sysfs file slightly by converting the commas to semicolons, so that mitigations for future variants can be grouped together and separated by commas. Signed-off-by: Josh Poimboeuf Signed-off-by: Daniel Sneddon Signed-off-by: Thomas Gleixner (backported from commit 0cd01ac5dcb1e18eb18df0f0d05b5de76522a437) [yuxuan.luo: manually substituted the spectre_v2_show_state() hunk] CVE-2024-2201 Signed-off-by: Yuxuan Luo --- arch/x86/kernel/cpu/bugs.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index a0d2ace1877a5..be2c0cf95f3f3 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2233,15 +2233,15 @@ static char *stibp_state(void) switch (spectre_v2_user_stibp) { case SPECTRE_V2_USER_NONE: - return ", STIBP: disabled"; + return "; STIBP: disabled"; case SPECTRE_V2_USER_STRICT: - return ", STIBP: forced"; + return "; STIBP: forced"; case SPECTRE_V2_USER_STRICT_PREFERRED: - return ", STIBP: always-on"; + return "; STIBP: always-on"; case SPECTRE_V2_USER_PRCTL: case SPECTRE_V2_USER_SECCOMP: if (static_key_enabled(&switch_to_cond_stibp)) - return ", STIBP: conditional"; + return "; STIBP: conditional"; } return ""; } @@ -2250,10 +2250,10 @@ static char *ibpb_state(void) { if (boot_cpu_has(X86_FEATURE_IBPB)) { if (static_key_enabled(&switch_mm_always_ibpb)) - return ", IBPB: always-on"; + return "; IBPB: always-on"; if (static_key_enabled(&switch_mm_cond_ibpb)) - return ", IBPB: conditional"; - return ", IBPB: disabled"; + return "; IBPB: conditional"; + return "; IBPB: disabled"; } return ""; } @@ -2263,11 +2263,11 @@ static char *pbrsb_eibrs_state(void) if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { if (boot_cpu_has(X86_FEATURE_RSB_VMEXIT_LITE) || boot_cpu_has(X86_FEATURE_RSB_VMEXIT)) - return ", PBRSB-eIBRS: SW sequence"; + return "; PBRSB-eIBRS: SW sequence"; else - return ", PBRSB-eIBRS: Vulnerable"; + return "; PBRSB-eIBRS: Vulnerable"; } else { - return ", PBRSB-eIBRS: Not affected"; + return "; PBRSB-eIBRS: Not affected"; } } @@ -2286,9 +2286,9 @@ static ssize_t spectre_v2_show_state(char *buf) return sprintf(buf, "%s%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], ibpb_state(), - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", + boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? "; IBRS_FW" : "", stibp_state(), - boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", + boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? "; RSB filling" : "", pbrsb_eibrs_state(), spectre_v2_module_string()); } From patchwork Wed Apr 17 23:53:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924775 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6w2tpvz1yZx for ; Thu, 18 Apr 2024 09:54:32 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6g-00066I-2n; Wed, 17 Apr 2024 23:54:26 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6T-0005gm-BR for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:13 +0000 Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 2C17A3F36F for ; Wed, 17 Apr 2024 23:54:13 +0000 (UTC) Received: by mail-qt1-f198.google.com with SMTP id d75a77b69052e-434e823ba24so2909021cf.2 for ; Wed, 17 Apr 2024 16:54:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398051; x=1714002851; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Wt5Lkh5a1X7wf3SuQP80lsLT20ongQx1QHaNAi78Fag=; b=k9rHv/DG6n6QKo9KY6h8Q40qANetxHK2etmJX7fIMiz18JQJaUPaPle4t7ZnDnqp9F Gdatp9M6CSeeCQeMd9Mmx8XYmd9WilpEFfq/DnXfRaAa8zHRHL0gAwiQYxNPvE3YRqNI iXz0KuUcgcuB03edH5W155pprXxOZomtvbsveUOwXVRCfz7O+SMJDd0ECdzHfzxpvkqN 2bqYF0TiwjwBvvOewFjTwtZKm1WjAuekcOYSW4P1yF8fY85pnPDKLsLzZ/WZuEabbPge Bc9GX+Nq4z4mYTRijmKeO+xCwa8wiRh6lnSTiys7ekz0JJ6lnNeUNF5kfktxtHsQIx1m oS6A== X-Gm-Message-State: AOJu0Yyuwld2X8Gsczs7ctghvmDA25yPvfCySS6NS/ZGg+FtLqZTbYZ4 1BeiKzbmfyfTGxsonNvoQuzRTGUZ+9mlIy3bKybfvmS1FJh4O2uge1t8Pgs+OtyQ6Ojo6dnbB8z hmiY4Nn/9ZVI6lU/+cRwQSYY7kQ8XLSRLwIMapRKpMzZ/e4syZksQWBRyC2zi1jBdf/kuQjPEoJ jtQoUv/ciGF98C X-Received: by 2002:ac8:5dcb:0:b0:434:a4fd:29f0 with SMTP id e11-20020ac85dcb000000b00434a4fd29f0mr1175943qtx.65.1713398051160; Wed, 17 Apr 2024 16:54:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH1sWzPmkvIm0ruYEosG9oP1s7bcRW4o5wtG22h21u/KD6COspPKVP0stsUbULOnHyAvTsGGg== X-Received: by 2002:ac8:5dcb:0:b0:434:a4fd:29f0 with SMTP id e11-20020ac85dcb000000b00434a4fd29f0mr1175925qtx.65.1713398050733; Wed, 17 Apr 2024 16:54:10 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:10 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 05/11] x86/syscall: Don't force use of indirect calls for system calls Date: Wed, 17 Apr 2024 19:53:55 -0400 Message-Id: <20240417235401.243631-6-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Linus Torvalds Make build a switch statement instead, and the compiler can either decide to generate an indirect jump, or - more likely these days due to mitigations - just a series of conditional branches. Yes, the conditional branches also have branch prediction, but the branch prediction is much more controlled, in that it just causes speculatively running the wrong system call (harmless), rather than speculatively running possibly wrong random less controlled code gadgets. This doesn't mitigate other indirect calls, but the system call indirection is the first and most easily triggered case. Signed-off-by: Linus Torvalds Signed-off-by: Daniel Sneddon Signed-off-by: Thomas Gleixner Reviewed-by: Josh Poimboeuf (backported from commit 1e3ad78334a69b36e107232e337f9d693dcc9df2) [yuxuan.luo: common.c: - substitute *sys_call_table[nr]() with corresponding *sys_call(regs, nr). - For do_syscall_irqs_on()/ia32_sys_call(), substitute both and we’ll define different ia32_sys_call() in syscall_32.c using macros. syscall_x32.c: - x32_sys_call() should move to syscall_64.c since they both rely on __x64_ system calls. syscall_32.c: - Focal tree is using __SYSCALL_I386 rather than __SYSCALL, substitute __SYSCALL with __SYSCALL_I386 in #define lines. - For the case where CONFIG_IA32_EMULATION=n, expand regs to six variables. - Since syscall table in Focal includes arch name in syscalls prefixes already, change 'case nr: return __x64_##sym()' to '... return sym()'. This applies to syscall_64.c as well. syscall_64.c: - For x64_sys_call(), substitute __SYSCALL with __SYSCALL_64. - For x32_sys_call(), wrap it with #ifdef CONFIG_X86_X32_ABI to comply with x32_sys_call() in common.c. Use macros to ignored __SYSCALL_64 lines and substitute __SYSCALL_X32 lines. ] CVE-2024-2201 Signed-off-by: Yuxuan Luo --- arch/x86/entry/common.c | 11 ++++------- arch/x86/entry/syscall_32.c | 33 +++++++++++++++++++++++++++++++++ arch/x86/entry/syscall_64.c | 27 +++++++++++++++++++++++++++ arch/x86/include/asm/syscall.h | 4 ++++ 4 files changed, 68 insertions(+), 7 deletions(-) diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index 721109c0cf994..dec36a7133821 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -288,13 +288,13 @@ __visible void do_syscall_64(unsigned long nr, struct pt_regs *regs) if (likely(nr < NR_syscalls)) { nr = array_index_nospec(nr, NR_syscalls); - regs->ax = sys_call_table[nr](regs); + regs->ax = x64_sys_call(regs, nr); #ifdef CONFIG_X86_X32_ABI } else if (likely((nr & __X32_SYSCALL_BIT) && (nr & ~__X32_SYSCALL_BIT) < X32_NR_syscalls)) { nr = array_index_nospec(nr & ~__X32_SYSCALL_BIT, X32_NR_syscalls); - regs->ax = x32_sys_call_table[nr](regs); + regs->ax = x32_sys_call(regs, nr); #endif } @@ -331,7 +331,7 @@ static __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs) if (likely(nr < IA32_NR_syscalls)) { nr = array_index_nospec(nr, IA32_NR_syscalls); #ifdef CONFIG_IA32_EMULATION - regs->ax = ia32_sys_call_table[nr](regs); + regs->ax = ia32_sys_call(regs, nr); #else /* * It's possible that a 32-bit syscall implementation @@ -339,10 +339,7 @@ static __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs) * the high bits are zero. Make sure we zero-extend all * of the args. */ - regs->ax = ia32_sys_call_table[nr]( - (unsigned int)regs->bx, (unsigned int)regs->cx, - (unsigned int)regs->dx, (unsigned int)regs->si, - (unsigned int)regs->di, (unsigned int)regs->bp); + regs->ax = ia32_sys_call(regs, nr); #endif /* CONFIG_IA32_EMULATION */ } diff --git a/arch/x86/entry/syscall_32.c b/arch/x86/entry/syscall_32.c index 7d17b3addbbb3..e4e186ab20567 100644 --- a/arch/x86/entry/syscall_32.c +++ b/arch/x86/entry/syscall_32.c @@ -30,3 +30,36 @@ __visible const sys_call_ptr_t ia32_sys_call_table[__NR_syscall_compat_max+1] = [0 ... __NR_syscall_compat_max] = &__sys_ni_syscall, #include }; +#undef __SYSCALL_I386 + +#ifdef CONFIG_IA32_EMULATION + +#define __SYSCALL_I386(nr, sym, qual) case nr: return sym(regs); + +long ia32_sys_call(const struct pt_regs *regs, unsigned int nr) +{ + switch (nr) { + #include + default: return __ia32_sys_ni_syscall(regs); + } +}; + +#else /* CONFIG_IA32_EMULATION */ + +#define __SYSCALL_I386(nr, sym, qual) case nr: return sym( \ + (unsigned int)regs->bx, (unsigned int)regs->cx, \ + (unsigned int)regs->dx, (unsigned int)regs->si, \ + (unsigned int)regs->di, (unsigned int)regs->bp); + +long ia32_sys_call(const struct pt_regs *regs, unsigned int nr) +{ + switch (nr) { + #include + default: return __ia32_sys_ni_syscall( + (unsigned int)regs->bx, (unsigned int)regs->cx, + (unsigned int)regs->dx, (unsigned int)regs->si, + (unsigned int)regs->di, (unsigned int)regs->bp); + } +}; + +#endif /* CONFIG_IA32_EMULATION */ diff --git a/arch/x86/entry/syscall_64.c b/arch/x86/entry/syscall_64.c index adf619a856e8d..197835442c265 100644 --- a/arch/x86/entry/syscall_64.c +++ b/arch/x86/entry/syscall_64.c @@ -54,3 +54,30 @@ asmlinkage const sys_call_ptr_t x32_sys_call_table[__NR_syscall_x32_max+1] = { #undef __SYSCALL_X32 #endif + +#define __SYSCALL_64(nr, sym, qual) case nr: return sym(regs); +#define __SYSCALL_X32(nr, sym, qual) + +long x64_sys_call(const struct pt_regs *regs, unsigned int nr) +{ + switch (nr) { + #include + default: return __x64_sys_ni_syscall(regs); + } +}; + +#ifdef CONFIG_X86_X32_ABI + +#define __SYSCALL_64(nr, sym, qual) +#define __SYSCALL_X32(nr, sym, qual) case nr: return sym(regs); +long x32_sys_call(const struct pt_regs *regs, unsigned int nr) +{ + switch (nr) { + #include + default: return __x64_sys_ni_syscall(regs); + } +} +#undef __SYSCALL_64 +#undef __SYSCALL_X32 + +#endif /* CONFIG_X86_X32_ABI */ diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h index 8db3fdb6102ec..5d131e7206a26 100644 --- a/arch/x86/include/asm/syscall.h +++ b/arch/x86/include/asm/syscall.h @@ -40,6 +40,10 @@ extern const sys_call_ptr_t ia32_sys_call_table[]; extern const sys_call_ptr_t x32_sys_call_table[]; #endif +extern long ia32_sys_call(const struct pt_regs *, unsigned int nr); +extern long x32_sys_call(const struct pt_regs *, unsigned int nr); +extern long x64_sys_call(const struct pt_regs *, unsigned int nr); + /* * Only the low 32 bits of orig_ax are meaningful, so we return int. * This importantly ignores the high bits on 64-bit, so comparisons From patchwork Wed Apr 17 23:53:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924772 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6s2XVFz1yZ2 for ; Thu, 18 Apr 2024 09:54:29 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6d-00060j-KE; Wed, 17 Apr 2024 23:54:23 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6U-0005hA-DR for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:14 +0000 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1E9B03F8D9 for ; Wed, 17 Apr 2024 23:54:14 +0000 (UTC) Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-78ecd94bf1dso36169285a.2 for ; Wed, 17 Apr 2024 16:54:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398052; x=1714002852; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2voCI7el6MsyjnFXLlQIr64mrmxM+fQxlge8OZ9hbuI=; b=nWUsOwSNyWVCuXjXyGx7DFFVLdSp4X4j0VS8xv1qmegAWgg2q3YVKfidqNJSGTrudQ u3srBrRb5Men8bbTxOnOhXLEPTBmABPKrJ970J0kV1XBtDQGp4kr5d//IyKkF0pw8ggc lIbNDghcK6vJWARFTjBABYJPsFqF57kmRmKY0jMGnoI0roM0xKZluJDq9s66W3Cpwi+M hwBFvKVD0R1/Yw6Iz+YEsUjIJSeHMHNrfWEtFaciew1XQpdvZmsu80jfcKU5zHOQ8Jm6 7r3sbck7I1704eJ86wsIQGw1jENSzeyKavenZsEOyw4kPuhqfJHeS4sPTRhT45rHdNmy Fneg== X-Gm-Message-State: AOJu0YzLL7Nb+K5ClsZTXJ5bojRdPLGb6MN+Pnv7LTytEm2TfGwNrN1U OhJP4Z6yiZZVNut1iUmVO0g8YyCdBf2he+u0dOGIR1F/UgPDYXSfa1Er4pavwB9B5GJBUESyIWS CmAyTeHFFM8E2+jmYBOJe8sOg+XDv7N1WtNmPEZEOsLZOrZTswXRh3h3y29o7tD04Aclt/admfd sNv3cGuB68Iuf5 X-Received: by 2002:a05:620a:234:b0:78d:54ab:8ff8 with SMTP id u20-20020a05620a023400b0078d54ab8ff8mr1036961qkm.43.1713398052140; Wed, 17 Apr 2024 16:54:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHBMNR4aDCGIDWqCdjHpwqdr7En6QVxeXTS7OuuJh1rH6t2UM6MFdOdCrOKK34+NoxQ4mpJGQ== X-Received: by 2002:a05:620a:234:b0:78d:54ab:8ff8 with SMTP id u20-20020a05620a023400b0078d54ab8ff8mr1036948qkm.43.1713398051717; Wed, 17 Apr 2024 16:54:11 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:11 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 06/11] x86/bhi: Add support for clearing branch history at syscall entry Date: Wed, 17 Apr 2024 19:53:56 -0400 Message-Id: <20240417235401.243631-7-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pawan Gupta commit 7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 upstream. Branch History Injection (BHI) attacks may allow a malicious application to influence indirect branch prediction in kernel by poisoning the branch history. eIBRS isolates indirect branch targets in ring0. The BHB can still influence the choice of indirect branch predictor entry, and although branch predictor entries are isolated between modes when eIBRS is enabled, the BHB itself is not isolated between modes. Alder Lake and new processors supports a hardware control BHI_DIS_S to mitigate BHI. For older processors Intel has released a software sequence to clear the branch history on parts that don't support BHI_DIS_S. Add support to execute the software sequence at syscall entry and VMexit to overwrite the branch history. For now, branch history is not cleared at interrupt entry, as malicious applications are not believed to have sufficient control over the registers, since previous register state is cleared at interrupt entry. Researchers continue to poke at this area and it may become necessary to clear at interrupt entry as well in the future. This mitigation is only defined here. It is enabled later. Signed-off-by: Pawan Gupta Co-developed-by: Daniel Sneddon Signed-off-by: Daniel Sneddon Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Reviewed-by: Josh Poimboeuf Signed-off-by: Daniel Sneddon Signed-off-by: Greg Kroah-Hartman (backported from commit bd53ec80f21839cfd4d852a6088279d602d67e5b stable/linux-5.15.y) [yuxuan.luo: manually added new lines.] CVE-2024-2201 Signed-off-by: Yuxuan Luo --- arch/x86/entry/entry_64.S | 61 ++++++++++++++++++++++++++++ arch/x86/entry/entry_64_compat.S | 3 ++ arch/x86/include/asm/cpufeatures.h | 8 ++++ arch/x86/include/asm/nospec-branch.h | 12 ++++++ arch/x86/kvm/vmx/vmenter.S | 2 + 5 files changed, 86 insertions(+) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index 640c7d36c26c7..e460416679c88 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -175,6 +175,7 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) /* clobbers %rax, make sure it is after saving the syscall nr */ IBRS_ENTER + CLEAR_BRANCH_HISTORY call do_syscall_64 /* returns with IRQs disabled */ @@ -1768,3 +1769,63 @@ ENTRY(rewind_stack_and_make_dead) call make_task_dead END(rewind_stack_and_make_dead) + +/* + * This sequence executes branches in order to remove user branch information + * from the branch history tracker in the Branch Predictor, therefore removing + * user influence on subsequent BTB lookups. + * + * It should be used on parts prior to Alder Lake. Newer parts should use the + * BHI_DIS_S hardware control instead. If a pre-Alder Lake part is being + * virtualized on newer hardware the VMM should protect against BHI attacks by + * setting BHI_DIS_S for the guests. + * + * CALLs/RETs are necessary to prevent Loop Stream Detector(LSD) from engaging + * and not clearing the branch history. The call tree looks like: + * + * call 1 + * call 2 + * call 2 + * call 2 + * call 2 + * call 2 + * ret + * ret + * ret + * ret + * ret + * ret + * + * This means that the stack is non-constant and ORC can't unwind it with %rsp + * alone. Therefore we unconditionally set up the frame pointer, which allows + * ORC to unwind properly. + * + * The alignment is for performance and not for safety, and may be safely + * refactored in the future if needed. + */ +ENTRY(clear_bhb_loop) + push %rbp + mov %rsp, %rbp + movl $5, %ecx + ANNOTATE_INTRA_FUNCTION_CALL + call 1f + jmp 5f + .align 64, 0xcc + ANNOTATE_INTRA_FUNCTION_CALL +1: call 2f + RET + .align 64, 0xcc +2: movl $5, %eax +3: jmp 4f + nop +4: sub $1, %eax + jnz 3b + sub $1, %ecx + jnz 1b + RET +5: lfence + pop %rbp + RET +END(clear_bhb_loop) +EXPORT_SYMBOL_GPL(clear_bhb_loop) +STACK_FRAME_NON_STANDARD(clear_bhb_loop) diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S index c3c4ea4a6711a..fe6e25951d408 100644 --- a/arch/x86/entry/entry_64_compat.S +++ b/arch/x86/entry/entry_64_compat.S @@ -108,6 +108,7 @@ ENTRY(entry_SYSENTER_compat) cld IBRS_ENTER + CLEAR_BRANCH_HISTORY /* * SYSENTER doesn't filter flags, so we need to clear NT and AC @@ -257,6 +258,7 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe) TRACE_IRQS_OFF IBRS_ENTER + CLEAR_BRANCH_HISTORY movq %rsp, %rdi call do_fast_syscall_32 @@ -417,6 +419,7 @@ ENTRY(entry_INT80_compat) */ TRACE_IRQS_OFF IBRS_ENTER + CLEAR_BRANCH_HISTORY movq %rsp, %rdi call do_int80_syscall_32 diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 1ccdc67151453..e1298dd15f7d1 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -382,6 +382,14 @@ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ +/* + * Extended auxiliary flags: Linux defined - for features scattered in various + * CPUID levels like 0x80000022, etc and Linux defined features. + * + * Reuse free bits when adding new feature flags! + */ +#define X86_FEATURE_CLEAR_BHB_LOOP (21*32+ 1) /* "" Clear branch history at syscall entry using SW loop */ + /* * BUG word(s) */ diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index c8819358a332c..d6824fb49080d 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -175,6 +175,14 @@ .Lskip_rsb_\@: .endm +#ifdef CONFIG_X86_64 +.macro CLEAR_BRANCH_HISTORY + ALTERNATIVE "", "call clear_bhb_loop", X86_FEATURE_CLEAR_BHB_LOOP +.endm +#else +#define CLEAR_BRANCH_HISTORY +#endif + #else /* __ASSEMBLY__ */ #define ANNOTATE_RETPOLINE_SAFE \ @@ -183,6 +191,10 @@ _ASM_PTR " 999b\n\t" \ ".popsection\n\t" +#ifdef CONFIG_X86_64 +extern void clear_bhb_loop(void); +#endif + #ifdef CONFIG_RETPOLINE #ifdef CONFIG_X86_64 diff --git a/arch/x86/kvm/vmx/vmenter.S b/arch/x86/kvm/vmx/vmenter.S index 2850670c38bb0..8cbebde85a4f6 100644 --- a/arch/x86/kvm/vmx/vmenter.S +++ b/arch/x86/kvm/vmx/vmenter.S @@ -198,6 +198,8 @@ SYM_INNER_LABEL(vmx_vmexit, SYM_L_GLOBAL) call vmx_spec_ctrl_restore_host + CLEAR_BRANCH_HISTORY + /* Put return value in AX */ mov %_ASM_BX, %_ASM_AX From patchwork Wed Apr 17 23:53:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924770 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6n5GY1z1yZ2 for ; Thu, 18 Apr 2024 09:54:25 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6Z-0005s8-9w; Wed, 17 Apr 2024 23:54:19 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6V-0005hT-8o for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:15 +0000 Received: from mail-qt1-f200.google.com (mail-qt1-f200.google.com [209.85.160.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id E5A503F8D9 for ; Wed, 17 Apr 2024 23:54:14 +0000 (UTC) Received: by mail-qt1-f200.google.com with SMTP id d75a77b69052e-4378ed3d5f3so3499981cf.2 for ; Wed, 17 Apr 2024 16:54:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398053; x=1714002853; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=d2jpJ5aogfyZq/koSso1Ux0kJGqGYWLK6/m4KGOPCl4=; b=uXn+Euuiwp8jQ+XplRsS+NLulvkZtmfCx3RCC9CVz2bhHeKkXfI4Bd8M+UgblpG5RF 8rPvX1NzB3r/HW4BT2pA7nOO3utxnqqJWmDtT2WgIVr9Ks6ME4RsNhW918dQ81kC3xIt dNV4TaS1C+wA02LKoEN2+Ybr4nKkfaN8pq+5LNDpJjONtuk6ykE3xyfNcSyM00NEjVZh uDHTRzm6IvVl1v57Xo0+OhDzxM6PsP9QMNTWPGtHtlH4oaWia6c1vTjAMam6jU2rU95U 9C+ubCKt3VkHjplSCtINYwjvPp6IFDJxb0gWIgu3HIp8ohKw9p6CF+V0NGb/4gJHnGxc 2nCg== X-Gm-Message-State: AOJu0YwTdoW/1Lo4nHkVpjUqPTHAg/WA5J4ySar1jngDzWBqiy59yBAd Db5jfkVmFm1NwEgJjgU75d6N/cQB87Asdt5BzLK6ul9A0NC7KpJnuQ9aTJkXNXKemFH+cL+RA6v PbCblYvAUiZOzFexQO48ts7TC37mQZON3ZzRVFfqGgn11ecc0vm8w9pTSbb6oua/yvzk7Oo/aH7 XpD6Jpa2KmMiY/ X-Received: by 2002:a05:622a:c9:b0:436:7933:59cd with SMTP id p9-20020a05622a00c900b00436793359cdmr1489413qtw.11.1713398053031; Wed, 17 Apr 2024 16:54:13 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFPL8XYvenVFTsR1qvj6kn5NJKlz35fqN88dDCa5ENQ393Ox/WZVDZKE4qoU5DO9WKphPHA3A== X-Received: by 2002:a05:622a:c9:b0:436:7933:59cd with SMTP id p9-20020a05622a00c900b00436793359cdmr1489397qtw.11.1713398052729; Wed, 17 Apr 2024 16:54:12 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:12 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 07/11] x86/bhi: Define SPEC_CTRL_BHI_DIS_S Date: Wed, 17 Apr 2024 19:53:57 -0400 Message-Id: <20240417235401.243631-8-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Daniel Sneddon Newer processors supports a hardware control BHI_DIS_S to mitigate Branch History Injection (BHI). Setting BHI_DIS_S protects the kernel from userspace BHI attacks without having to manually overwrite the branch history. Define MSR_SPEC_CTRL bit BHI_DIS_S and its enumeration CPUID.BHI_CTRL. Mitigation is enabled later. Signed-off-by: Daniel Sneddon Signed-off-by: Pawan Gupta Signed-off-by: Daniel Sneddon Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Reviewed-by: Josh Poimboeuf (backported from commit 0f4a837615ff925ba62648d280a861adf1582df7) [yuxuan.luo: since 4e66c0cb79b732b01b82e094b21b8e22a20dff83 (“KVM: x86: Add support for reverse CPUID lookup of scattered features“) is not in the tree, there is no point backporting reverse_cpuid.h related changes. ] CVE-2024-2201 Signed-off-by: Yuxuan Luo --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 5 ++++- arch/x86/kernel/cpu/scattered.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index e1298dd15f7d1..f3b10b24478c2 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -389,6 +389,7 @@ * Reuse free bits when adding new feature flags! */ #define X86_FEATURE_CLEAR_BHB_LOOP (21*32+ 1) /* "" Clear branch history at syscall entry using SW loop */ +#define X86_FEATURE_BHI_CTRL (21*32+ 2) /* "" BHI_DIS_S HW control available */ /* * BUG word(s) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 5a4a391f556ab..cf4a269a056a7 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -49,10 +49,13 @@ #define SPEC_CTRL_SSBD BIT(SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ #define SPEC_CTRL_RRSBA_DIS_S_SHIFT 6 /* Disable RRSBA behavior */ #define SPEC_CTRL_RRSBA_DIS_S BIT(SPEC_CTRL_RRSBA_DIS_S_SHIFT) +#define SPEC_CTRL_BHI_DIS_S_SHIFT 10 /* Disable Branch History Injection behavior */ +#define SPEC_CTRL_BHI_DIS_S BIT(SPEC_CTRL_BHI_DIS_S_SHIFT) /* A mask for bits which the kernel toggles when controlling mitigations */ #define SPEC_CTRL_MITIGATIONS_MASK (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD \ - | SPEC_CTRL_RRSBA_DIS_S) + | SPEC_CTRL_RRSBA_DIS_S \ + | SPEC_CTRL_BHI_DIS_S) #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ #define PRED_CMD_IBPB BIT(0) /* Indirect Branch Prediction Barrier */ diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 37f716eaf0e6d..f9e9cb4ca40fb 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -27,6 +27,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_APERFMPERF, CPUID_ECX, 0, 0x00000006, 0 }, { X86_FEATURE_EPB, CPUID_ECX, 3, 0x00000006, 0 }, { X86_FEATURE_RRSBA_CTRL, CPUID_EDX, 2, 0x00000007, 2 }, + { X86_FEATURE_BHI_CTRL, CPUID_EDX, 4, 0x00000007, 2 }, { X86_FEATURE_CQM_LLC, CPUID_EDX, 1, 0x0000000f, 0 }, { X86_FEATURE_CQM_OCCUP_LLC, CPUID_EDX, 0, 0x0000000f, 1 }, { X86_FEATURE_CQM_MBM_TOTAL, CPUID_EDX, 1, 0x0000000f, 1 }, From patchwork Wed Apr 17 23:53:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924774 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6w1PWDz1yZ2 for ; Thu, 18 Apr 2024 09:54:32 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6g-000678-9a; Wed, 17 Apr 2024 23:54:26 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6X-0005k7-0S for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:17 +0000 Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id B7B5F3F36F for ; Wed, 17 Apr 2024 23:54:16 +0000 (UTC) Received: by mail-qt1-f199.google.com with SMTP id d75a77b69052e-434d4339f98so2426611cf.3 for ; Wed, 17 Apr 2024 16:54:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398055; x=1714002855; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KYZ8XjwzfKHaAm7PMQreg4W50j5tas+EWjFe82AOW0E=; b=tZcsdT1MxapJmfIPdv9cl5xrPTT8sUdjFs3zt5LsQ35naMuayGYskBZ+su2X1iKLmm oTej1sws3pFWgHGwCYC9QjgTnMPJI2nSZ+aXiM2CZaSREV6QKG04Vzf3RhkWys7mlE8S F/WPiPE7YzbSrJtB37hFpGMd7ArczyAdkwvRtRAk57qBxSDw3WfkauBkcymJaZl5PE/5 7mApMSJmVOUHvyxX3hiXtFq7NTRS3cy9WtVOpRtVntQ6BjyxVH69y5VvL1ATzXDcChua TB6dM0MU9gTLAGwIcxnLFR/n/yrg8vR1fBjcUqvF3fQmFPj6aXaXBGic8mL34KF7LARu wIpw== X-Gm-Message-State: AOJu0YyNBPsby2wfT+hcR3hw2g9vjdlyzrN/7O8VFWZUBugVNhke9BpF mq/Dy4VNqHohlKhgh1i34ELesk+oDVSNFi4zyHG56X/DCA9t7awVs1WxsYOhd1pUAmlZl8qWaWS C8gTZ4xAGqqm+9dat+iJtUavFH+FHMu7lpdO6PkFu0N5Kdd0PWsPUg+iqZwOSK1Nm0r9IvX7d9P 6k3FH9gZF2XVzG X-Received: by 2002:a05:622a:2c1:b0:436:aafd:aa9d with SMTP id a1-20020a05622a02c100b00436aafdaa9dmr1326305qtx.13.1713398054852; Wed, 17 Apr 2024 16:54:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGGZYzg5neg3cg84ghz60ITD56ZnIjMD73ch0T3nal02pnDChIcVj1UV9ZP9mRJW8Yr6R2owQ== X-Received: by 2002:a05:622a:2c1:b0:436:aafd:aa9d with SMTP id a1-20020a05622a02c100b00436aafdaa9dmr1326290qtx.13.1713398054482; Wed, 17 Apr 2024 16:54:14 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:13 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 08/11] x86/bhi: Enumerate Branch History Injection (BHI) bug Date: Wed, 17 Apr 2024 19:53:58 -0400 Message-Id: <20240417235401.243631-9-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pawan Gupta Mitigation for BHI is selected based on the bug enumeration. Add bits needed to enumerate BHI bug. Signed-off-by: Pawan Gupta Signed-off-by: Daniel Sneddon Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Reviewed-by: Josh Poimboeuf (backported from commit be482ff9500999f56093738f9219bbabc729d163) [yuxuan.luo: ignored context difference and applied changes.] CVE-2024-2201 Signed-off-by: Yuxuan Luo --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 4 ++++ arch/x86/kernel/cpu/common.c | 24 ++++++++++++++++-------- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index f3b10b24478c2..62907abcd89a4 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -436,4 +436,5 @@ /* BUG word 2 */ #define X86_BUG_DIV0 X86_BUG(1*32 + 1) /* AMD DIV0 speculation bug */ +#define X86_BUG_BHI X86_BUG(1*32 + 3) /* CPU is affected by Branch History Injection */ #endif /* _ASM_X86_CPUFEATURES_H */ diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index cf4a269a056a7..7375a874cf384 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -146,6 +146,10 @@ * are restricted to targets in * kernel. */ +#define ARCH_CAP_BHI_NO BIT(20) /* + * CPU is not affected by Branch + * History Injection. + */ #define ARCH_CAP_PBRSB_NO BIT(24) /* * Not susceptible to Post-Barrier * Return Stack Buffer Predictions. diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index d0b223e5e4806..5a58b26be286f 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1033,6 +1033,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) #define NO_SPECTRE_V2 BIT(8) #define NO_EIBRS_PBRSB BIT(9) #define NO_MMIO BIT(10) +#define NO_BHI BIT(11) #define VULNWL(_vendor, _family, _model, _whitelist) \ { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } @@ -1093,18 +1094,18 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { VULNWL_INTEL(ATOM_TREMONT_D, NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB), /* AMD Family 0xf - 0x12 */ - VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), - VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), - VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), - VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), + VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), + VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), + VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), + VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ - VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), - VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), + VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), + VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_BHI), /* Zhaoxin Family 7 */ - VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_MMIO), - VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_MMIO), + VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_MMIO | NO_BHI), + VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_MMIO | NO_BHI), {} }; @@ -1298,6 +1299,13 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) boot_cpu_has(X86_FEATURE_AVX)) setup_force_cpu_bug(X86_BUG_GDS); + /* When virtualized, eIBRS could be hidden, assume vulnerable */ + if (!(ia32_cap & ARCH_CAP_BHI_NO) && + !cpu_matches(cpu_vuln_whitelist, NO_BHI) && + (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED) || + boot_cpu_has(X86_FEATURE_HYPERVISOR))) + setup_force_cpu_bug(X86_BUG_BHI); + if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) return; From patchwork Wed Apr 17 23:53:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924773 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6t1r2lz1yZx for ; Thu, 18 Apr 2024 09:54:30 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6e-00063Z-R9; Wed, 17 Apr 2024 23:54:24 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6Y-0005q1-Mf for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:18 +0000 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1113B3F8D9 for ; Wed, 17 Apr 2024 23:54:18 +0000 (UTC) Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-78d6dd9ee11so30576985a.2 for ; Wed, 17 Apr 2024 16:54:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398056; x=1714002856; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KnrxSlgw9C3panwE+RNGwkwwUf8BDqPXDrUi21XvCtk=; b=i0jZUGgvaJbFoAr1HCvvWm5fYU5Dvspvr9XndSgcN/79BPfwAmpXdHCTF8XG9aUNFL aMgxrtn2XOVN3JBNrAQ3zFlYvKu07BgRSxK0kYryV1aE/SViOVJM1GHirmMaroYuCYA4 bCZNVISTW+WzFXuvxrX+91G2T1vpu5S1Pkz+jMjuwAD3SI96detOeEHCb2w2DM0vBnsP O1/Q+PnoIK8tzdyebFDWWAzkl6iZjmr5a662TiKqJw/xkZej+BvAQe8X7iaFBIpKumiI N6e3iYyxiwuoFgpwOfCGhecvlhCF/50dlUtx3aKb9+lUjZDfNAMHwEmoY87AUmZo6oGY 0FdQ== X-Gm-Message-State: AOJu0Yxz+9y7rHHaLlIF/1zthpZZoZ6CbNT1Kf3a1GSGsxv/ZQ5miO9s tXxKTLNV9tirvNh/CqW9cvFcm7GN6Yr/LqLnWDOEmgjc/nWQ4znAG70nHBxH7cDIlVA4DAh0CMt wPA9/hy1iUL3V0mwYn+aKOrZLRtxdcxSCQemO2TcJrN19IcnQKyxzDka2/O0FGcVN5Vtbe2RPfj cSD8RhAlWtyn4U X-Received: by 2002:a05:620a:4d02:b0:78d:61b8:6920 with SMTP id wa2-20020a05620a4d0200b0078d61b86920mr990168qkn.27.1713398055732; Wed, 17 Apr 2024 16:54:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGcw/YE1PYaOnwFuIaQedX04lSZh3ewx4eF5GUdjY6odqY5mQ9M0toLpi3pxNVLkgB7fzKUqw== X-Received: by 2002:a05:620a:4d02:b0:78d:61b8:6920 with SMTP id wa2-20020a05620a4d0200b0078d61b86920mr990155qkn.27.1713398055352; Wed, 17 Apr 2024 16:54:15 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:14 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 09/11] x86/bhi: Add BHI mitigation knob Date: Wed, 17 Apr 2024 19:53:59 -0400 Message-Id: <20240417235401.243631-10-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pawan Gupta commit ec9404e40e8f36421a2b66ecb76dc2209fe7f3ef upstream. Branch history clearing software sequences and hardware control BHI_DIS_S were defined to mitigate Branch History Injection (BHI). Add cmdline spectre_bhi={on|off|auto} to control BHI mitigation: auto - Deploy the hardware mitigation BHI_DIS_S, if available. on - Deploy the hardware mitigation BHI_DIS_S, if available, otherwise deploy the software sequence at syscall entry and VMexit. off - Turn off BHI mitigation. The default is auto mode which does not deploy the software sequence mitigation. This is because of the hardening done in the syscall dispatch path, which is the likely target of BHI. Signed-off-by: Pawan Gupta Signed-off-by: Daniel Sneddon Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Reviewed-by: Josh Poimboeuf Signed-off-by: Daniel Sneddon Signed-off-by: Greg Kroah-Hartman (backported from commit f825494f2c6fab421c5c59b5def321775c825818 stable/linux-5.15.y) [yuxuan.luo: spectre.rst: - To imply the situation that the commit above is not backported but the fix commit is, appending the new lines to the paragraph. Kconfig, bugs.c: - ignored context conflicts and applied changes. ] CVE-2024-2201 Signed-off-by: Yuxuan Luo --- Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++++++-- .../admin-guide/kernel-parameters.txt | 11 +++ arch/x86/Kconfig | 25 ++++++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kernel/cpu/bugs.c | 90 ++++++++++++++++++- 5 files changed, 167 insertions(+), 8 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 0fba3758d0da8..7e2761f15c9d7 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -138,11 +138,10 @@ associated with the source address of the indirect branch. Specifically, the BHB might be shared across privilege levels even in the presence of Enhanced IBRS. -Currently the only known real-world BHB attack vector is via -unprivileged eBPF. Therefore, it's highly recommended to not enable -unprivileged eBPF, especially when eIBRS is used (without retpolines). -For a full mitigation against BHB attacks, it's recommended to use -retpolines (or eIBRS combined with retpolines). +Previously the only known real-world BHB attack vector was via unprivileged +eBPF. Further research has found attacks that don't require unprivileged eBPF. +For a full mitigation against BHB attacks it is recommended to set BHI_DIS_S or +use the BHB clearing sequence. Attack scenarios ---------------- @@ -430,6 +429,21 @@ The possible values in this file are: 'PBRSB-eIBRS: Not affected' CPU is not affected by PBRSB =========================== ======================================================= + - Branch History Injection (BHI) protection status: + +.. list-table:: + + * - BHI: Not affected + - System is not affected + * - BHI: Retpoline + - System is protected by retpoline + * - BHI: BHI_DIS_S + - System is protected by BHI_DIS_S + * - BHI: SW loop + - System is protected by software clearing sequence + * - BHI: Syscall hardening + - Syscalls are hardened against BHI + Full mitigation might require a microcode update from the CPU vendor. When the necessary microcode is not available, the kernel will report vulnerability. @@ -484,8 +498,11 @@ Spectre variant 2 Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at boot, by setting the IBRS bit, and they're automatically protected against - Spectre v2 variant attacks, including cross-thread branch target injections - on SMT systems (STIBP). In other words, eIBRS enables STIBP too. + some Spectre v2 variant attacks. The BHB can still influence the choice of + indirect branch predictor entry, and although branch predictor entries are + isolated between modes when eIBRS is enabled, the BHB itself is not isolated + between modes. Systems which support BHI_DIS_S will set it to protect against + BHI attacks. Legacy IBRS systems clear the IBRS bit on exit to userspace and therefore explicitly enable STIBP for that @@ -684,6 +701,23 @@ For user space mitigation: spectre_v2=off. Spectre variant 1 mitigations cannot be disabled. + spectre_bhi= + + [X86] Control mitigation of Branch History Injection + (BHI) vulnerability. Syscalls are hardened against BHI + regardless of this setting. This setting affects the deployment + of the HW BHI control and the SW BHB clearing sequence. + + on + unconditionally enable. + off + unconditionally disable. + auto + enable if hardware mitigation + control(BHI_DIS_S) is available. + +For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt + Mitigation selection guide -------------------------- diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index a578ec85c26c8..c97f8435f86c7 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -4605,6 +4605,17 @@ sonypi.*= [HW] Sony Programmable I/O Control Device driver See Documentation/admin-guide/laptops/sonypi.rst + spectre_bhi= [X86] Control mitigation of Branch History Injection + (BHI) vulnerability. Syscalls are hardened against BHI + reglardless of this setting. This setting affects the + deployment of the HW BHI control and the SW BHB + clearing sequence. + + on - unconditionally enable. + off - unconditionally disable. + auto - (default) enable only if hardware mitigation + control(BHI_DIS_S) is available. + spectre_v2= [X86] Control mitigation of Spectre variant 2 (indirect branch speculation) vulnerability. The default operation protects the kernel from diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 74f469dc13d38..705b8baad4ebb 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2500,6 +2500,31 @@ config GDS_FORCE_MITIGATION If in doubt, say N. +choice + prompt "Clear branch history" + depends on CPU_SUP_INTEL + default SPECTRE_BHI_AUTO + help + Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks + where the branch history buffer is poisoned to speculatively steer + indirect branches. + See + +config SPECTRE_BHI_ON + bool "on" + help + Equivalent to setting spectre_bhi=on command line parameter. +config SPECTRE_BHI_OFF + bool "off" + help + Equivalent to setting spectre_bhi=off command line parameter. +config SPECTRE_BHI_AUTO + bool "auto" + help + Equivalent to setting spectre_bhi=auto command line parameter. + +endchoice + config ARCH_HAS_ADD_PAGES def_bool y depends on X86_64 && ARCH_ENABLE_MEMORY_HOTPLUG diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 62907abcd89a4..b27bf8ed9e4c3 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -390,6 +390,7 @@ */ #define X86_FEATURE_CLEAR_BHB_LOOP (21*32+ 1) /* "" Clear branch history at syscall entry using SW loop */ #define X86_FEATURE_BHI_CTRL (21*32+ 2) /* "" BHI_DIS_S HW control available */ +#define X86_FEATURE_CLEAR_BHB_HW (21*32+ 3) /* "" BHI_DIS_S HW control enabled */ /* * BUG word(s) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index be2c0cf95f3f3..b43c29c3f0a72 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1367,6 +1367,74 @@ static void __init spectre_v2_determine_rsb_fill_type_at_vmexit(enum spectre_v2_ dump_stack(); } +/* + * Set BHI_DIS_S to prevent indirect branches in kernel to be influenced by + * branch history in userspace. Not needed if BHI_NO is set. + */ +static bool __init spec_ctrl_bhi_dis(void) +{ + if (!boot_cpu_has(X86_FEATURE_BHI_CTRL)) + return false; + + x86_spec_ctrl_base |= SPEC_CTRL_BHI_DIS_S; + update_spec_ctrl(x86_spec_ctrl_base); + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_HW); + + return true; +} + +enum bhi_mitigations { + BHI_MITIGATION_OFF, + BHI_MITIGATION_ON, + BHI_MITIGATION_AUTO, +}; + +static enum bhi_mitigations bhi_mitigation __ro_after_init = + IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : + IS_ENABLED(CONFIG_SPECTRE_BHI_OFF) ? BHI_MITIGATION_OFF : + BHI_MITIGATION_AUTO; + +static int __init spectre_bhi_parse_cmdline(char *str) +{ + if (!str) + return -EINVAL; + + if (!strcmp(str, "off")) + bhi_mitigation = BHI_MITIGATION_OFF; + else if (!strcmp(str, "on")) + bhi_mitigation = BHI_MITIGATION_ON; + else if (!strcmp(str, "auto")) + bhi_mitigation = BHI_MITIGATION_AUTO; + else + pr_err("Ignoring unknown spectre_bhi option (%s)", str); + + return 0; +} +early_param("spectre_bhi", spectre_bhi_parse_cmdline); + +static void __init bhi_select_mitigation(void) +{ + if (bhi_mitigation == BHI_MITIGATION_OFF) + return; + + /* Retpoline mitigates against BHI unless the CPU has RRSBA behavior */ + if (cpu_feature_enabled(X86_FEATURE_RETPOLINE) && + !(x86_read_arch_cap_msr() & ARCH_CAP_RRSBA)) + return; + + if (spec_ctrl_bhi_dis()) + return; + + if (!IS_ENABLED(CONFIG_X86_64)) + return; + + if (bhi_mitigation == BHI_MITIGATION_AUTO) + return; + + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP); + pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n"); +} + static void __init spectre_v2_select_mitigation(void) { enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); @@ -1472,6 +1540,9 @@ static void __init spectre_v2_select_mitigation(void) mode == SPECTRE_V2_RETPOLINE) spec_ctrl_disable_kernel_rrsba(); + if (boot_cpu_has(X86_BUG_BHI)) + bhi_select_mitigation(); + spectre_v2_enabled = mode; pr_info("%s\n", spectre_v2_strings[mode]); @@ -2271,6 +2342,21 @@ static char *pbrsb_eibrs_state(void) } } +static const char * const spectre_bhi_state(void) +{ + if (!boot_cpu_has_bug(X86_BUG_BHI)) + return "; BHI: Not affected"; + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_HW)) + return "; BHI: BHI_DIS_S"; + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP)) + return "; BHI: SW loop"; + else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && + !(x86_read_arch_cap_msr() & ARCH_CAP_RRSBA)) + return "; BHI: Retpoline"; + + return "; BHI: Vulnerable (Syscall hardening enabled)"; +} + static ssize_t spectre_v2_show_state(char *buf) { if (spectre_v2_enabled == SPECTRE_V2_LFENCE) @@ -2283,13 +2369,15 @@ static ssize_t spectre_v2_show_state(char *buf) spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE) return sprintf(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n"); - return sprintf(buf, "%s%s%s%s%s%s%s\n", + return sprintf(buf, "%s%s%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], ibpb_state(), boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? "; IBRS_FW" : "", stibp_state(), boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? "; RSB filling" : "", pbrsb_eibrs_state(), + spectre_bhi_state(), + /* this should always be at the end */ spectre_v2_module_string()); } From patchwork Wed Apr 17 23:54:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924776 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6x3C6jz1yZ2 for ; Thu, 18 Apr 2024 09:54:33 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6h-0006Bx-M3; Wed, 17 Apr 2024 23:54:27 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6Z-0005se-QA for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:19 +0000 Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id C7D2F3F8D9 for ; Wed, 17 Apr 2024 23:54:18 +0000 (UTC) Received: by mail-qk1-f198.google.com with SMTP id af79cd13be357-78d5718e092so28997585a.1 for ; Wed, 17 Apr 2024 16:54:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398057; x=1714002857; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D69f5Ae0L6RSElz8xE1+E2TQvMudii4p/ZqY9iS0EoQ=; b=jKqhwDRsqzbF9bcpvHLbl+KLlkViPsQTMzpfG616QGYLPRRuWyuGQstR5k/u4HcV8O I8X3xWWdxLSDCbDQpRcM0XARl2+kZfKZiCS94p1Y9Imo8cyP8VU1RBoEUbfHxI592aSX eOf81kA0Su/P8gTuu31Ykq9T5xf4ewqI2IDM5wc7XuScdnRWOaswUo9IAjd9ckfDrs0K 7xkByS9PF/sxplz4b3qjQ/oTYGcP5P+1ATwFkDhohJSJyAqGDO+lPwxcLBWX24fyt90I ddCckHeZZD4Machcv6abGhLRwEt+QcWqtaihs1DXnoZKIDKapsKyViJoTNDAPo8Bb1VE C7og== X-Gm-Message-State: AOJu0YywdWuoZQiZWeHJ5Yv56VJObdGWTLUBCwTUH3eH4dWXLj/XZcTP 56dS4j97StavHSEebrbrQ6C8YT3QVNlhTxfSHuzv66FSYB3Hw6De/g/aVUwxOZVvD0E8hfMZAO/ JtN55YACZ4b7LbDFbXFyp//5HCmCy8Q33Nf1nwxh6lABpXxUvGQpfInuRkAtfm9Ae8fvtsM1K1J CKe9w/KV5vtKgY X-Received: by 2002:a05:620a:112e:b0:78d:59fb:9436 with SMTP id p14-20020a05620a112e00b0078d59fb9436mr948045qkk.68.1713398056765; Wed, 17 Apr 2024 16:54:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGbz37K0Vy7RyPCag8ZV3Ef68fxIYEZ4KjgwrPpyTEt00j+yt93PO1hCNMsjtmVDU0yUz3iFQ== X-Received: by 2002:a05:620a:112e:b0:78d:59fb:9436 with SMTP id p14-20020a05620a112e00b0078d59fb9436mr948031qkk.68.1713398056379; Wed, 17 Apr 2024 16:54:16 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:15 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 10/11] x86/bhi: Mitigate KVM by default Date: Wed, 17 Apr 2024 19:54:00 -0400 Message-Id: <20240417235401.243631-11-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pawan Gupta BHI mitigation mode spectre_bhi=auto does not deploy the software mitigation by default. In a cloud environment, it is a likely scenario where userspace is trusted but the guests are not trusted. Deploying system wide mitigation in such cases is not desirable. Update the auto mode to unconditionally mitigate against malicious guests. Deploy the software sequence at VMexit in auto mode also, when hardware mitigation is not available. Unlike the force =on mode, software sequence is not deployed at syscalls in auto mode. Suggested-by: Alexandre Chartre Signed-off-by: Pawan Gupta Signed-off-by: Daniel Sneddon Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Reviewed-by: Josh Poimboeuf (cherry picked from commit 95a6ccbdc7199a14b71ad8901cb788ba7fb5167b) CVE-2024-2201 Signed-off-by: Yuxuan Luo --- Documentation/admin-guide/hw-vuln/spectre.rst | 7 +++++-- Documentation/admin-guide/kernel-parameters.txt | 5 +++-- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/nospec-branch.h | 5 +++++ arch/x86/kernel/cpu/bugs.c | 9 ++++++++- arch/x86/kvm/vmx/vmenter.S | 2 +- 6 files changed, 23 insertions(+), 6 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 7e2761f15c9d7..18904b1b6bed2 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -439,10 +439,12 @@ The possible values in this file are: - System is protected by retpoline * - BHI: BHI_DIS_S - System is protected by BHI_DIS_S - * - BHI: SW loop + * - BHI: SW loop; KVM SW loop - System is protected by software clearing sequence * - BHI: Syscall hardening - Syscalls are hardened against BHI + * - BHI: Syscall hardening; KVM: SW loop + - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence Full mitigation might require a microcode update from the CPU vendor. When the necessary microcode is not available, the kernel will @@ -714,7 +716,8 @@ For user space mitigation: unconditionally disable. auto enable if hardware mitigation - control(BHI_DIS_S) is available. + control(BHI_DIS_S) is available, otherwise + enable alternate mitigation in KVM. For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index c97f8435f86c7..9b38050fdf5f0 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -4613,8 +4613,9 @@ on - unconditionally enable. off - unconditionally disable. - auto - (default) enable only if hardware mitigation - control(BHI_DIS_S) is available. + auto - (default) enable hardware mitigation + (BHI_DIS_S) if available, otherwise enable + alternate mitigation in KVM. spectre_v2= [X86] Control mitigation of Spectre variant 2 (indirect branch speculation) vulnerability. diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index b27bf8ed9e4c3..79a20a9dbcd60 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -391,6 +391,7 @@ #define X86_FEATURE_CLEAR_BHB_LOOP (21*32+ 1) /* "" Clear branch history at syscall entry using SW loop */ #define X86_FEATURE_BHI_CTRL (21*32+ 2) /* "" BHI_DIS_S HW control available */ #define X86_FEATURE_CLEAR_BHB_HW (21*32+ 3) /* "" BHI_DIS_S HW control enabled */ +#define X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT (21*32+ 4) /* "" Clear branch history at vmexit using SW loop */ /* * BUG word(s) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index d6824fb49080d..6ba7faf8b938c 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -179,8 +179,13 @@ .macro CLEAR_BRANCH_HISTORY ALTERNATIVE "", "call clear_bhb_loop", X86_FEATURE_CLEAR_BHB_LOOP .endm + +.macro CLEAR_BRANCH_HISTORY_VMEXIT + ALTERNATIVE "", "call clear_bhb_loop", X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT +.endm #else #define CLEAR_BRANCH_HISTORY +#define CLEAR_BRANCH_HISTORY_VMEXIT #endif #else /* __ASSEMBLY__ */ diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index b43c29c3f0a72..cd69490b65722 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1428,9 +1428,14 @@ static void __init bhi_select_mitigation(void) if (!IS_ENABLED(CONFIG_X86_64)) return; + /* Mitigate KVM by default */ + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT); + pr_info("Spectre BHI mitigation: SW BHB clearing on vm exit\n"); + if (bhi_mitigation == BHI_MITIGATION_AUTO) return; + /* Mitigate syscalls when the mitigation is forced =on */ setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP); pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n"); } @@ -2349,10 +2354,12 @@ static const char * const spectre_bhi_state(void) else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_HW)) return "; BHI: BHI_DIS_S"; else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP)) - return "; BHI: SW loop"; + return "; BHI: SW loop, KVM: SW loop"; else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && !(x86_read_arch_cap_msr() & ARCH_CAP_RRSBA)) return "; BHI: Retpoline"; + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT)) + return "; BHI: Syscall hardening, KVM: SW loop"; return "; BHI: Vulnerable (Syscall hardening enabled)"; } diff --git a/arch/x86/kvm/vmx/vmenter.S b/arch/x86/kvm/vmx/vmenter.S index 8cbebde85a4f6..15737a22d67f7 100644 --- a/arch/x86/kvm/vmx/vmenter.S +++ b/arch/x86/kvm/vmx/vmenter.S @@ -198,7 +198,7 @@ SYM_INNER_LABEL(vmx_vmexit, SYM_L_GLOBAL) call vmx_spec_ctrl_restore_host - CLEAR_BRANCH_HISTORY + CLEAR_BRANCH_HISTORY_VMEXIT /* Put return value in AX */ mov %_ASM_BX, %_ASM_AX From patchwork Wed Apr 17 23:54:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1924777 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VKd6y2m7zz1yZx for ; Thu, 18 Apr 2024 09:54:34 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rxF6h-0006Ch-VF; Wed, 17 Apr 2024 23:54:27 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rxF6a-0005tc-3A for kernel-team@lists.ubuntu.com; Wed, 17 Apr 2024 23:54:20 +0000 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id D64D43F8D9 for ; Wed, 17 Apr 2024 23:54:19 +0000 (UTC) Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-78f04065740so35051685a.2 for ; Wed, 17 Apr 2024 16:54:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713398058; x=1714002858; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0sUUzdkR0h05Z08GUpnYBc6VfcQ2obVHaLwoxBk0dNQ=; b=mbF6V1k90WRpDn5VD0SKRicXd4KLK5TSIhohKgLo/iaOUPbt5r4C0OeKUt/oOJuK30 MYyqaEyLCR1fhxnqx1AKNH5CG/XZt2i8s0M2YS50H2YhQ5l6Mbkk5JzrvQYLh1SeNNhN Uivgv2QXR11xcrSfZVZW3EZXRF1Vr9rPeSkVtED3fs1L0mBNBHJ8TIPFn/K+nCfcMDxX 88zw6RELw40GC4ftJOxx2t9yY3IT3A5vWaPj/sWsKx3+U2zdNLTjP8XrpLMylaBrmswd M5p1H7BiqA3OTWCoyAO8ve4znqQ/6wtfSjepbjgJeiINWrLVHJx5qc2CJ0cK63Joz9kG svOQ== X-Gm-Message-State: AOJu0YwnOuK5+N7p7EG8ITENARWRsz3QLeYeA0abhlOr3J7tNm3NFlZd OsaJRU+gsQNQYFp7OGNtMtVGUvhZeUccE0oxSQZH7iC1+UegDZOq4V3c8ArnPe74l9NJ0pZjHti PAZhMfr1vWjIoIFVh9PicXsFczmGsHl6nBHcE2j7LrnGeoiMdppn8LoGn2t+wxRQwzYOUDWFnwq eMnLOYhLUXgXb7 X-Received: by 2002:a05:620a:4ad3:b0:78d:6398:d684 with SMTP id sq19-20020a05620a4ad300b0078d6398d684mr1197544qkn.64.1713398057971; Wed, 17 Apr 2024 16:54:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFfMRzXzHe9ZBpXB1NbichLFqNKUI37JgxM/kDp+dMF/TquGQasL0E0gDqaEkfwaSpt3/ey0A== X-Received: by 2002:a05:620a:4ad3:b0:78d:6398:d684 with SMTP id sq19-20020a05620a4ad300b0078d6398d684mr1197530qkn.64.1713398057677; Wed, 17 Apr 2024 16:54:17 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id x27-20020a05620a099b00b0078d6a0d5728sm129208qkx.29.2024.04.17.16.54.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 16:54:16 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 11/11] UBUNTU: [Config] updateconfigs for CONFIG_BHI_{AUTO|OFF|ON} Date: Wed, 17 Apr 2024 19:54:01 -0400 Message-Id: <20240417235401.243631-12-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240417235401.243631-1-yuxuan.luo@canonical.com> References: <20240417235401.243631-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Adds annotation configs to comply new kernel configs. Set AUTO as default to be less intrusive. CVE-2024-2201 Signed-off-by: Yuxuan Luo --- debian.master/config/annotations | 3 +++ 1 file changed, 3 insertions(+) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 06cf3f9744fa9..2b4ec46c8bd99 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -6713,6 +6713,9 @@ CONFIG_MISDN_NETJET policy<{'amd64': 'm', 'arm64': ' CONFIG_MISDN_SPEEDFAX policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm'}> CONFIG_MISDN_W6692 policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm'}> CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_SPECTRE_BHI_AUTO policy<{'amd64': 'y'}> +CONFIG_SPECTRE_BHI_OFF policy<{'amd64': 'n'}> +CONFIG_SPECTRE_BHI_ON policy<{'amd64': 'n'}> CONFIG_MIXCOMWD policy<{'i386': 'm'}> CONFIG_MK6 policy<{'i386': 'n'}> CONFIG_MK7 policy<{'i386': 'n'}>