|
| 1 | +x86/bugs: Fix BHI retpoline check |
| 2 | + |
| 3 | +jira LE-2015 |
| 4 | +cve CVE-2024-2201 |
| 5 | +Rebuild_History Non-Buildable kernel-5.14.0-427.42.1.el9_4 |
| 6 | +commit-author Josh Poimboeuf < [email protected]> |
| 7 | +commit 69129794d94c544810e68b2b4eaa7e44063f9bf2 |
| 8 | +Empty-Commit: Cherry-Pick Conflicts during history rebuild. |
| 9 | +Will be included in final tarball splat. Ref for failed cherry-pick at: |
| 10 | +ciq/ciq_backports/kernel-5.14.0-427.42.1.el9_4/69129794.failed |
| 11 | + |
| 12 | +Confusingly, X86_FEATURE_RETPOLINE doesn't mean retpolines are enabled, |
| 13 | +as it also includes the original "AMD retpoline" which isn't a retpoline |
| 14 | +at all. |
| 15 | + |
| 16 | +Also replace cpu_feature_enabled() with boot_cpu_has() because this is |
| 17 | +before alternatives are patched and cpu_feature_enabled()'s fallback |
| 18 | +path is slower than plain old boot_cpu_has(). |
| 19 | + |
| 20 | +Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") |
| 21 | + Signed-off-by: Josh Poimboeuf < [email protected]> |
| 22 | + Signed-off-by: Ingo Molnar < [email protected]> |
| 23 | + Reviewed-by: Pawan Gupta < [email protected]> |
| 24 | + Cc: Borislav Petkov < [email protected]> |
| 25 | + Cc: Linus Torvalds < [email protected]> |
| 26 | +Link: https://lore.kernel.org/r/ad3807424a3953f0323c011a643405619f2a4927.1712944776.git.jpoimboe@kernel.org |
| 27 | +(cherry picked from commit 69129794d94c544810e68b2b4eaa7e44063f9bf2) |
| 28 | + Signed-off-by: Jonathan Maple < [email protected]> |
| 29 | + |
| 30 | +# Conflicts: |
| 31 | +# arch/x86/kernel/cpu/bugs.c |
| 32 | +diff --cc arch/x86/kernel/cpu/bugs.c |
| 33 | +index d1c0c8f6898b,ab18185894df..000000000000 |
| 34 | +--- a/arch/x86/kernel/cpu/bugs.c |
| 35 | ++++ b/arch/x86/kernel/cpu/bugs.c |
| 36 | +@@@ -1612,6 -1606,74 +1612,77 @@@ static void __init spectre_v2_determine |
| 37 | + dump_stack(); |
| 38 | + } |
| 39 | + |
| 40 | +++<<<<<<< HEAD |
| 41 | +++======= |
| 42 | ++ /* |
| 43 | ++ * Set BHI_DIS_S to prevent indirect branches in kernel to be influenced by |
| 44 | ++ * branch history in userspace. Not needed if BHI_NO is set. |
| 45 | ++ */ |
| 46 | ++ static bool __init spec_ctrl_bhi_dis(void) |
| 47 | ++ { |
| 48 | ++ if (!boot_cpu_has(X86_FEATURE_BHI_CTRL)) |
| 49 | ++ return false; |
| 50 | ++ |
| 51 | ++ x86_spec_ctrl_base |= SPEC_CTRL_BHI_DIS_S; |
| 52 | ++ update_spec_ctrl(x86_spec_ctrl_base); |
| 53 | ++ setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_HW); |
| 54 | ++ |
| 55 | ++ return true; |
| 56 | ++ } |
| 57 | ++ |
| 58 | ++ enum bhi_mitigations { |
| 59 | ++ BHI_MITIGATION_OFF, |
| 60 | ++ BHI_MITIGATION_ON, |
| 61 | ++ }; |
| 62 | ++ |
| 63 | ++ static enum bhi_mitigations bhi_mitigation __ro_after_init = |
| 64 | ++ IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ? BHI_MITIGATION_ON : BHI_MITIGATION_OFF; |
| 65 | ++ |
| 66 | ++ static int __init spectre_bhi_parse_cmdline(char *str) |
| 67 | ++ { |
| 68 | ++ if (!str) |
| 69 | ++ return -EINVAL; |
| 70 | ++ |
| 71 | ++ if (!strcmp(str, "off")) |
| 72 | ++ bhi_mitigation = BHI_MITIGATION_OFF; |
| 73 | ++ else if (!strcmp(str, "on")) |
| 74 | ++ bhi_mitigation = BHI_MITIGATION_ON; |
| 75 | ++ else |
| 76 | ++ pr_err("Ignoring unknown spectre_bhi option (%s)", str); |
| 77 | ++ |
| 78 | ++ return 0; |
| 79 | ++ } |
| 80 | ++ early_param("spectre_bhi", spectre_bhi_parse_cmdline); |
| 81 | ++ |
| 82 | ++ static void __init bhi_select_mitigation(void) |
| 83 | ++ { |
| 84 | ++ if (bhi_mitigation == BHI_MITIGATION_OFF) |
| 85 | ++ return; |
| 86 | ++ |
| 87 | ++ /* Retpoline mitigates against BHI unless the CPU has RRSBA behavior */ |
| 88 | ++ if (boot_cpu_has(X86_FEATURE_RETPOLINE) && |
| 89 | ++ !boot_cpu_has(X86_FEATURE_RETPOLINE_LFENCE)) { |
| 90 | ++ spec_ctrl_disable_kernel_rrsba(); |
| 91 | ++ if (rrsba_disabled) |
| 92 | ++ return; |
| 93 | ++ } |
| 94 | ++ |
| 95 | ++ if (spec_ctrl_bhi_dis()) |
| 96 | ++ return; |
| 97 | ++ |
| 98 | ++ if (!IS_ENABLED(CONFIG_X86_64)) |
| 99 | ++ return; |
| 100 | ++ |
| 101 | ++ /* Mitigate KVM by default */ |
| 102 | ++ setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT); |
| 103 | ++ pr_info("Spectre BHI mitigation: SW BHB clearing on vm exit\n"); |
| 104 | ++ |
| 105 | ++ /* Mitigate syscalls when the mitigation is forced =on */ |
| 106 | ++ setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP); |
| 107 | ++ pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n"); |
| 108 | ++ } |
| 109 | ++ |
| 110 | +++>>>>>>> 69129794d94c (x86/bugs: Fix BHI retpoline check) |
| 111 | + static void __init spectre_v2_select_mitigation(void) |
| 112 | + { |
| 113 | + enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); |
| 114 | +@@@ -2814,6 -2801,24 +2885,27 @@@ static char *pbrsb_eibrs_state(void |
| 115 | + } |
| 116 | + } |
| 117 | + |
| 118 | +++<<<<<<< HEAD |
| 119 | +++======= |
| 120 | ++ static const char *spectre_bhi_state(void) |
| 121 | ++ { |
| 122 | ++ if (!boot_cpu_has_bug(X86_BUG_BHI)) |
| 123 | ++ return "; BHI: Not affected"; |
| 124 | ++ else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_HW)) |
| 125 | ++ return "; BHI: BHI_DIS_S"; |
| 126 | ++ else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP)) |
| 127 | ++ return "; BHI: SW loop, KVM: SW loop"; |
| 128 | ++ else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && |
| 129 | ++ !boot_cpu_has(X86_FEATURE_RETPOLINE_LFENCE) && |
| 130 | ++ rrsba_disabled) |
| 131 | ++ return "; BHI: Retpoline"; |
| 132 | ++ else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT)) |
| 133 | ++ return "; BHI: Vulnerable, KVM: SW loop"; |
| 134 | ++ |
| 135 | ++ return "; BHI: Vulnerable"; |
| 136 | ++ } |
| 137 | ++ |
| 138 | +++>>>>>>> 69129794d94c (x86/bugs: Fix BHI retpoline check) |
| 139 | + static ssize_t spectre_v2_show_state(char *buf) |
| 140 | + { |
| 141 | + if (spectre_v2_enabled == SPECTRE_V2_LFENCE) |
| 142 | +* Unmerged path arch/x86/kernel/cpu/bugs.c |
0 commit comments