From patchwork Wed Nov 21 17:31:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 1001273 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 430V3x3GMGz9s5c; Thu, 22 Nov 2018 04:31:25 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gPWLQ-0005nk-RN; Wed, 21 Nov 2018 17:31:20 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gPWLO-0005mt-EU for kernel-team@lists.ubuntu.com; Wed, 21 Nov 2018 17:31:18 +0000 Received: from mail-ed1-f72.google.com ([209.85.208.72]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gPWLO-000293-71 for kernel-team@lists.ubuntu.com; Wed, 21 Nov 2018 17:31:18 +0000 Received: by mail-ed1-f72.google.com with SMTP id x1-v6so3235593edh.8 for ; Wed, 21 Nov 2018 09:31:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZpoBxf9RTMRS6b1czqbltru1IqFWWjXbwX2YudrxTE0=; b=hp4mlcl+EroXmOO8PsTa0pDuPHTT9LiNXS8TmKGoOmm7pHE6zDsL9PAo+DxDwqlTv7 7jA3iR3laY9TJRA0UILmMzdYuFOa2Jace0O1BnLeYRdK7iIlufP3kMvYebV7Vyj/xilQ MvUzk9wCfFAuZn2gOQZEGtZec/f27EhoIcajMrMe6C6t/jTd497XHAj7QWu5cwUG1zAW x6tnDkM2dJMGQwOeoMxIKMTv5vpjwldA5EIrAuX4TLUIr69Fljf+HhQ14W9xSKaZYhj5 xoc71GaIAoTD/vxwPK9UAIA9FmWvlAyFE1m4PmUfdmUm+2rT2LEAiNaMHRzPGRMU095E cV+g== X-Gm-Message-State: AGRZ1gJxggHI9mR3wZPSd8bB5oYJlvmgEDOL737SPAIlWVhENm91DFEh XVA5s8pukaVKWJJvf1RCmozvI3MTxdRoHs36daTL+JRFf26dYwatAXVUCEeFfk9eM2Q+PHPi4b0 ZN+UoovbGGo+QM4LQVe5KSM6qQAPdC2PX6HjWZQ9iHw== X-Received: by 2002:a17:906:69cd:: with SMTP id g13-v6mr5735192ejs.141.1542821477543; Wed, 21 Nov 2018 09:31:17 -0800 (PST) X-Google-Smtp-Source: AJdET5cHfCHS+z5i0mzsnApvhnTg3cao64mROBynQbsw5NoojVcBPG0Kq1w67VBdDt99eHV75Q6VvQ== X-Received: by 2002:a17:906:69cd:: with SMTP id g13-v6mr5735177ejs.141.1542821477302; Wed, 21 Nov 2018 09:31:17 -0800 (PST) Received: from localhost.localdomain ([81.221.192.120]) by smtp.gmail.com with ESMTPSA id p36sm3783066edc.78.2018.11.21.09.31.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Nov 2018 09:31:16 -0800 (PST) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][PATCH 1/3] UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling (v2) Date: Wed, 21 Nov 2018 18:31:11 +0100 Message-Id: <20181121173113.13474-2-juergh@canonical.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181121173113.13474-1-juergh@canonical.com> References: <20181121173113.13474-1-juergh@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: juergh@canonical.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Cleanup the code to match Xenial. Functional changes introduced: - Return an error when someone tries to enable IBPB via procfs on HW that doesn't have IBPB support. - Write every IBPB state change to the kernel log. CVE-2017-5715 Signed-off-by: Juerg Haefliger --- arch/x86/include/asm/nospec-branch.h | 6 ++++-- arch/x86/kernel/cpu/bugs.c | 23 +++++++++++----------- kernel/sysctl.c | 29 ++++++++++++++++------------ 3 files changed, 32 insertions(+), 26 deletions(-) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index dd8f0790fbd9..3cc7e65fbb3a 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -190,9 +190,11 @@ # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) #endif -/* The IBPB and IBRS runtime control knobs */ +/* The IBPB runtime control knob */ extern unsigned int ibpb_enabled; -void ibpb_enable(void); +int set_ibpb_enabled(unsigned int); + +/* The IBRS runtime control knob */ extern unsigned int ibrs_enabled; void ibrs_enable(void); diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5b1d8522764e..b4a0a26efc0d 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -428,19 +428,18 @@ retpoline_auto: spectre_v2_enabled = mode; pr_info("%s\n", spectre_v2_strings[mode]); - /* Initialize Indirect Branch Prediction Barrier if supported */ + /* + * Initialize Indirect Branch Prediction Barrier if supported and not + * disabled on the commandline + */ if (boot_cpu_has(X86_FEATURE_IBPB)) { setup_force_cpu_cap(X86_FEATURE_USE_IBPB); - - /* - * Enable IBPB support if it's not turned off on the - * commandline. - */ - if (!noibpb) - ibpb_enable(); - - pr_info("%s Indirect Branch Prediction Barrier\n", - ibpb_enabled ? "Enabling" : "Disabling"); + if (noibpb) { + /* IBPB disabled via commandline */ + set_ibpb_enabled(0); + } else { + set_ibpb_enabled(1); + } } /* @@ -876,7 +875,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr case X86_BUG_SPECTRE_V2: return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], - ibpb_enabled && boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", + ibpb_enabled ? ", IBPB" : "", boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : ""); case X86_BUG_SPEC_STORE_BYPASS: diff --git a/kernel/sysctl.c b/kernel/sysctl.c index e18e18bebd92..9d3084581410 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -203,31 +203,37 @@ static int proc_dostring_coredump(struct ctl_table *table, int write, DEFINE_MUTEX(spec_ctrl_mutex); unsigned int ibpb_enabled = 0; -EXPORT_SYMBOL(ibpb_enabled); +EXPORT_SYMBOL(ibpb_enabled); /* Required in some modules */ static unsigned int __ibpb_enabled = 0; /* procfs shadow variable */ -static void set_ibpb_enabled(unsigned int val) +int set_ibpb_enabled(unsigned int val) { + int error = 0; + mutex_lock(&spec_ctrl_mutex); /* Only enable IBPB if the CPU supports it */ - if (val && boot_cpu_has(X86_FEATURE_USE_IBPB)) - ibpb_enabled = 1; - else + if (boot_cpu_has(X86_FEATURE_IBPB)) { + ibpb_enabled = val; + pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect " + "Branch Prediction Barrier\n", + ibpb_enabled ? "Enabling" : "Disabling"); + } else { ibpb_enabled = 0; + if (val) { + /* IBPB is not supported but we try to turn it on */ + error = -EINVAL; + } + } /* Update the shadow variable */ __ibpb_enabled = ibpb_enabled; mutex_unlock(&spec_ctrl_mutex); -} -inline void ibpb_enable(void) -{ - set_ibpb_enabled(1); + return error; } -EXPORT_SYMBOL(ibpb_enable); static int ibpb_enabled_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, @@ -239,8 +245,7 @@ static int ibpb_enabled_handler(struct ctl_table *table, int write, if (error) return error; - set_ibpb_enabled(__ibpb_enabled); - return 0; + return set_ibpb_enabled(__ibpb_enabled); } unsigned int ibrs_enabled = 0; From patchwork Wed Nov 21 17:31:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 1001275 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 430V3y45hFz9s9G; Thu, 22 Nov 2018 04:31:26 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gPWLR-0005nw-0m; Wed, 21 Nov 2018 17:31:21 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gPWLP-0005nN-NP for kernel-team@lists.ubuntu.com; Wed, 21 Nov 2018 17:31:19 +0000 Received: from mail-ed1-f69.google.com ([209.85.208.69]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gPWLP-00029Y-Er for kernel-team@lists.ubuntu.com; Wed, 21 Nov 2018 17:31:19 +0000 Received: by mail-ed1-f69.google.com with SMTP id w2so2854867edc.13 for ; Wed, 21 Nov 2018 09:31:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LxEkJ4T97nQ2AQCoI5R4CosGMvXfmPNY+j6YxygsLr4=; b=C4Yd0WK/ApqJ10ioT3ITksVeCZtNMjvpAkKM4ZSqVa/yReWRuiFTXhKMh6V9q7nGuc MtZJJcYl3lTkM6Yr8Ly2yr7LBT2ESyua5LdA00VBnLys94z3mbUuSnY+mgsXQ9Qkai84 7vxiPGFjqbFkviclpBGsdFLvD0dPNcvrBphj4NW/zerys80r26Y/g+vJaxOTcpW7yYWV KS/TzITtmYlNAC2K8/DS6GHYDLn5qgoJiLKx0Ai2TpQ7Ytp03UCobmKIyz4uv5KA5yvW E0CWooEACDy1ap6OPd2Xg3z+Akvt+/7U39sDmOrVyeC9Iw7ciCvQwpv0X6HQEHlY7rlh fd1Q== X-Gm-Message-State: AGRZ1gL/bdoZV86P3azpN+XFrIr9EsQgJbJ3JK7hOXsjZyLBy3XIMgoF F9ypnDuatTlSlhM5lOg96/3ortGP6QReM9AcXG7Q2giz+DXY2YQpQ1VexEY7AHc4IH6r6ZauLTb iz4XD/4IWAV3Gta8ii+n+ar96bvgij8Kh0R7UOYZAww== X-Received: by 2002:a17:906:f14e:: with SMTP id gw14-v6mr5748578ejb.231.1542821478669; Wed, 21 Nov 2018 09:31:18 -0800 (PST) X-Google-Smtp-Source: AJdET5f8UA+Q23nXZHtv6qhFBU610c0ZPwiVi4WuoqoDXULTelTY/yANJCgZcUHg2BamNZEB8ViVSg== X-Received: by 2002:a17:906:f14e:: with SMTP id gw14-v6mr5748552ejb.231.1542821478139; Wed, 21 Nov 2018 09:31:18 -0800 (PST) Received: from localhost.localdomain ([81.221.192.120]) by smtp.gmail.com with ESMTPSA id p36sm3783066edc.78.2018.11.21.09.31.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Nov 2018 09:31:17 -0800 (PST) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][PATCH 2/3] UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling (v2) Date: Wed, 21 Nov 2018 18:31:12 +0100 Message-Id: <20181121173113.13474-3-juergh@canonical.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181121173113.13474-1-juergh@canonical.com> References: <20181121173113.13474-1-juergh@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: juergh@canonical.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Cleanup the code to match Xenial. Functional changes introduced: - Return an error when someone tries to enable IBRS via procfs on HW that doesn't have IBRS support. - Write every IBRS state change to the kernel log. - Add an IBRS state entry to /sys/devices/system/cpu/vulnerabilities/spectre_v2. CVE-2017-5715 Signed-off-by: Juerg Haefliger --- arch/x86/include/asm/nospec-branch.h | 6 +++--- arch/x86/include/asm/spec_ctrl.h | 3 +++ arch/x86/kernel/acpi/cstate.c | 4 ++-- arch/x86/kernel/cpu/bugs.c | 24 +++++++++++---------- arch/x86/kernel/process.c | 6 +++--- arch/x86/kernel/smpboot.c | 4 ++-- kernel/sysctl.c | 32 +++++++++++++++++----------- 7 files changed, 45 insertions(+), 34 deletions(-) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 3cc7e65fbb3a..4049dd47a444 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -196,7 +196,7 @@ int set_ibpb_enabled(unsigned int); /* The IBRS runtime control knob */ extern unsigned int ibrs_enabled; -void ibrs_enable(void); +int set_ibrs_enabled(unsigned int); /* The Spectre V2 mitigation variants */ enum spectre_v2_mitigation { @@ -266,7 +266,7 @@ do { \ preempt_enable(); \ } while (0) -#define restricted_branch_speculation_on() \ +#define ubuntu_restrict_branch_speculation_start() \ do { \ u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS; \ \ @@ -274,7 +274,7 @@ do { \ native_wrmsrl(MSR_IA32_SPEC_CTRL, val); \ } while (0) -#define restricted_branch_speculation_off() \ +#define ubuntu_restrict_branch_speculation_end() \ do { \ u64 val = x86_spec_ctrl_base; \ \ diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h index e603ee905bab..b4d6ffae202c 100644 --- a/arch/x86/include/asm/spec_ctrl.h +++ b/arch/x86/include/asm/spec_ctrl.h @@ -21,11 +21,13 @@ popq %rdx; \ popq %rcx; \ popq %rax + #define __ASM_ENABLE_IBRS_CLOBBER \ movl $MSR_IA32_SPEC_CTRL, %ecx; \ movl $0, %edx; \ movl $SPEC_CTRL_IBRS, %eax; \ wrmsr; + #define __ASM_DISABLE_IBRS \ pushq %rax; \ pushq %rcx; \ @@ -37,6 +39,7 @@ popq %rdx; \ popq %rcx; \ popq %rax + #define __ASM_STUFF_RSB \ call 1f; \ pause; \ diff --git a/arch/x86/kernel/acpi/cstate.c b/arch/x86/kernel/acpi/cstate.c index f11345902f20..dc9443dea8c8 100644 --- a/arch/x86/kernel/acpi/cstate.c +++ b/arch/x86/kernel/acpi/cstate.c @@ -167,14 +167,14 @@ void mwait_idle_with_hints(unsigned long ax, unsigned long cx) if (this_cpu_has(X86_FEATURE_CLFLUSH_MONITOR)) clflush((void *)¤t_thread_info()->flags); - restricted_branch_speculation_off(); + ubuntu_restrict_branch_speculation_end(); __monitor((void *)¤t_thread_info()->flags, 0, 0); smp_mb(); if (!need_resched()) __mwait(ax, cx); - restricted_branch_speculation_on(); + ubuntu_restrict_branch_speculation_start(); } } diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index b4a0a26efc0d..c86a805557fc 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -450,16 +450,17 @@ retpoline_auto: setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); pr_info("Enabling Restricted Speculation for firmware calls\n"); - /* - * Enable IBRS support if it's not turned off on the - * commandline and we don't have full retpoline mode - */ - if (!noibrs && mode != SPECTRE_V2_RETPOLINE_AMD && - mode != SPECTRE_V2_RETPOLINE_GENERIC) - ibrs_enable(); - - pr_info("%s Indirect Banch Restricted Speculation\n", - ibrs_enabled ? "Enabling" : "Disabling"); + if (noibrs || + mode == SPECTRE_V2_RETPOLINE_GENERIC || + mode == SPECTRE_V2_RETPOLINE_AMD) { + /* + * IBRS disabled via commandline or the kernel is + * retpoline compiled + */ + set_ibrs_enabled(0); + } else { + set_ibrs_enabled(1); + } } /* @@ -874,8 +875,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr return sprintf(buf, "Mitigation: __user pointer sanitization\n"); case X86_BUG_SPECTRE_V2: - return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], + return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], ibpb_enabled ? ", IBPB" : "", + ibrs_enabled == 2 ? ", IBRS (user space)" : ibrs_enabled ? ", IBRS" : "", boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : ""); case X86_BUG_SPEC_STORE_BYPASS: diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index c7e291dbc1e3..d7302c788d15 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -583,15 +583,15 @@ static void mwait_idle(void) mb(); } - restricted_branch_speculation_off(); + ubuntu_restrict_branch_speculation_end(); __monitor((void *)¤t_thread_info()->flags, 0, 0); if (!need_resched()) { __sti_mwait(0, 0); - restricted_branch_speculation_on(); + ubuntu_restrict_branch_speculation_start(); } else { - restricted_branch_speculation_on(); + ubuntu_restrict_branch_speculation_start(); local_irq_enable(); } diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c index 57a339630449..21204d161a6e 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -1625,13 +1625,13 @@ void native_play_dead(void) play_dead_common(); tboot_shutdown(TB_SHUTDOWN_WFS); - restricted_branch_speculation_off(); + ubuntu_restrict_branch_speculation_end(); mwait_play_dead(); /* Only returns on failure */ if (cpuidle_play_dead()) hlt_play_dead(); - restricted_branch_speculation_on(); + ubuntu_restrict_branch_speculation_start(); } #else /* ... !CONFIG_HOTPLUG_CPU */ diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 9d3084581410..60e96b6e809d 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -249,61 +249,67 @@ static int ibpb_enabled_handler(struct ctl_table *table, int write, } unsigned int ibrs_enabled = 0; -EXPORT_SYMBOL(ibrs_enabled); +EXPORT_SYMBOL(ibrs_enabled); /* Required in some modules */ static unsigned int __ibrs_enabled = 0; /* procfs shadow variable */ -static void set_ibrs_enabled(unsigned int val) +int set_ibrs_enabled(unsigned int val) { + int error = 0; unsigned int cpu; mutex_lock(&spec_ctrl_mutex); /* Only enable/disable IBRS if the CPU supports it */ - if (boot_cpu_has(X86_FEATURE_USE_IBRS_FW)) { + if (boot_cpu_has(X86_FEATURE_IBRS)) { ibrs_enabled = val; + pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect " + "Branch Restricted Speculation%s\n", + ibrs_enabled ? "Enabling" : "Disabling", + ibrs_enabled == 2 ? " (user space)" : ""); + if (ibrs_enabled == 0) { /* Always disable IBRS */ u64 val = x86_spec_ctrl_base; - for_each_online_cpu(cpu) + for_each_online_cpu(cpu) { wrmsrl_on_cpu(cpu, MSR_IA32_SPEC_CTRL, val); + } } else if (ibrs_enabled == 2) { /* Always enable IBRS, even in user space */ u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS; - for_each_online_cpu(cpu) + for_each_online_cpu(cpu) { wrmsrl_on_cpu(cpu, MSR_IA32_SPEC_CTRL, val); + } } } else { ibrs_enabled = 0; + if (val) { + /* IBRS is not supported but we try to turn it on */ + error = -EINVAL; + } } /* Update the shadow variable */ __ibrs_enabled = ibrs_enabled; mutex_unlock(&spec_ctrl_mutex); -} -inline void ibrs_enable(void) -{ - set_ibrs_enabled(1); + return error; } -EXPORT_SYMBOL(ibrs_enable); static int ibrs_enabled_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { int error; - unsigned int cpu; error = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (error) return error; - set_ibrs_enabled(__ibrs_enabled); - return 0; + return set_ibrs_enabled(__ibrs_enabled); } #endif From patchwork Wed Nov 21 17:31:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 1001274 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 430V3y3pcGz9s7T; Thu, 22 Nov 2018 04:31:26 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gPWLR-0005oM-9B; Wed, 21 Nov 2018 17:31:21 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gPWLQ-0005nY-45 for kernel-team@lists.ubuntu.com; Wed, 21 Nov 2018 17:31:20 +0000 Received: from mail-ed1-f70.google.com ([209.85.208.70]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gPWLP-00029i-Pb for kernel-team@lists.ubuntu.com; Wed, 21 Nov 2018 17:31:19 +0000 Received: by mail-ed1-f70.google.com with SMTP id e17so3301392edr.7 for ; Wed, 21 Nov 2018 09:31:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/hkk8ZMFS4I1LAz5JA0zPPda8sUC36NXJAQGN02JWs0=; b=MhryCNu0hmaYVtVYffpg9KvoDrG1iVGXB2ZUGSwXv6DSyRVNp/TKvuXbfRj9Hh3ids t61+3AJYZa1eEht3U9XXxcwNcnhRWdfhgGt7LARODKk4vbWT4nTJtjI3L2r1B/upIBpZ CEQ5LRXFsXis5oQ8g5s8z//Ws/qDl4NWant1QBVKMbJoKlQR/zmSX/zerDL8LC5Hi+oc d4vM6W8Na+zQe2eu1zoH5kd8RJaBRalv1dsX8s2D0euSvvAmve92uQ1wjx9RKAOUUkNT 5xxAL8GixVpdwWhGmXATFFHDPkSeOC6tnBT5E/ElT+qHg4sxob0BIqnFic2dTc5FucNM +p3w== X-Gm-Message-State: AA+aEWaYPfEB7mOdFQwIRoWnFUdmV1ltoK7zYGnUOq/NuBCAZ4IKmnzJ jj8zdmS1ta5Fi3hY4JIEjh7B4V85b73ht9WcnCgouUHESQos3O3VhxFvL+masf8dzaVQHWNr5yt hef0dzUuG7OGsE+Qtm1hd58oI4ZiXC7gODd0VKh9dmA== X-Received: by 2002:a50:a663:: with SMTP id d90-v6mr6617782edc.290.1542821479152; Wed, 21 Nov 2018 09:31:19 -0800 (PST) X-Google-Smtp-Source: AFSGD/Wl4vRWa2yjAraKyF6NvzqEfguSUoEsR1wQU4AulT5miiGQ7zzZPl2kdsC9sms877BJY1JG3w== X-Received: by 2002:a50:a663:: with SMTP id d90-v6mr6617774edc.290.1542821478995; Wed, 21 Nov 2018 09:31:18 -0800 (PST) Received: from localhost.localdomain ([81.221.192.120]) by smtp.gmail.com with ESMTPSA id p36sm3783066edc.78.2018.11.21.09.31.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Nov 2018 09:31:18 -0800 (PST) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][PATCH 3/3] UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk Date: Wed, 21 Nov 2018 18:31:13 +0100 Message-Id: <20181121173113.13474-4-juergh@canonical.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181121173113.13474-1-juergh@canonical.com> References: <20181121173113.13474-1-juergh@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: juergh@canonical.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to match upstream. No functional changes. CVE-2017-5715 Signed-off-by: Juerg Haefliger --- arch/x86/kernel/cpu/bugs.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index c86a805557fc..4a8b8fedffe1 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -428,6 +428,17 @@ retpoline_auto: spectre_v2_enabled = mode; pr_info("%s\n", spectre_v2_strings[mode]); + /* + * If spectre v2 protection has been enabled, unconditionally fill + * RSB during a context switch; this protects against two independent + * issues: + * + * - RSB underflow (and switch to BTB) on Skylake+ + * - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs + */ + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); + pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); + /* * Initialize Indirect Branch Prediction Barrier if supported and not * disabled on the commandline @@ -462,17 +473,6 @@ retpoline_auto: set_ibrs_enabled(1); } } - - /* - * If spectre v2 protection has been enabled, unconditionally fill - * RSB during a context switch; this protects against two independent - * issues: - * - * - RSB underflow (and switch to BTB) on Skylake+ - * - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs - */ - setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); - pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); } #undef pr_fmt