Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9f3baace authored by Thomas Gleixner's avatar Thomas Gleixner Committed by Greg Kroah-Hartman
Browse files

x86/speculation: Provide IBPB always command line options 



commit 55a974021ec952ee460dc31ca08722158639de72 upstream

Provide the possibility to enable IBPB always in combination with 'prctl'
and 'seccomp'.

Add the extra command line options and rework the IBPB selection to
evaluate the command instead of the mode selected by the STIPB switch case.

Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Reviewed-by: default avatarIngo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Casey Schaufler <casey.schaufler@intel.com>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Waiman Long <longman9394@gmail.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Dave Stewart <david.c.stewart@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20181125185006.144047038@linutronix.de


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent d1ec2354

Documentation/admin-guide/kernel-parameters.txt

+12 −0
Original line number Original line Diff line number Diff line
@@ -4216,11 +4216,23 @@ 
				  per thread.  The mitigation control state

				  per thread.  The mitigation control state

				  is inherited on fork.

				  is inherited on fork.





			prctl,ibpb

				- Like "prctl" above, but only STIBP is

				  controlled per thread. IBPB is issued

				  always when switching between different user

				  space processes.



			seccomp

			seccomp

				- Same as "prctl" above, but all seccomp

				- Same as "prctl" above, but all seccomp

				  threads will enable the mitigation unless

				  threads will enable the mitigation unless

				  they explicitly opt out.

				  they explicitly opt out.





			seccomp,ibpb

				- Like "seccomp" above, but only STIBP is

				  controlled per thread. IBPB is issued

				  always when switching between different

				  user space processes.



			auto    - Kernel selects the mitigation depending on

			auto    - Kernel selects the mitigation depending on

				  the available CPU features and vulnerability.

				  the available CPU features and vulnerability.

arch/x86/kernel/cpu/bugs.c

+23 −11
Original line number Original line Diff line number Diff line
@@ -256,7 +256,9 @@ enum spectre_v2_user_cmd { 
	SPECTRE_V2_USER_CMD_AUTO,

	SPECTRE_V2_USER_CMD_AUTO,

	SPECTRE_V2_USER_CMD_FORCE,

	SPECTRE_V2_USER_CMD_FORCE,

	SPECTRE_V2_USER_CMD_PRCTL,

	SPECTRE_V2_USER_CMD_PRCTL,

	SPECTRE_V2_USER_CMD_PRCTL_IBPB,

	SPECTRE_V2_USER_CMD_SECCOMP,

	SPECTRE_V2_USER_CMD_SECCOMP,

	SPECTRE_V2_USER_CMD_SECCOMP_IBPB,

};

};





static const char * const spectre_v2_user_strings[] = {

static const char * const spectre_v2_user_strings[] = {
@@ -275,7 +277,9 @@ static const struct { 
	{ "off",		SPECTRE_V2_USER_CMD_NONE,		false },

	{ "off",		SPECTRE_V2_USER_CMD_NONE,		false },

	{ "on",			SPECTRE_V2_USER_CMD_FORCE,		true  },

	{ "on",			SPECTRE_V2_USER_CMD_FORCE,		true  },

	{ "prctl",		SPECTRE_V2_USER_CMD_PRCTL,		false },

	{ "prctl",		SPECTRE_V2_USER_CMD_PRCTL,		false },

	{ "prctl,ibpb",		SPECTRE_V2_USER_CMD_PRCTL_IBPB,		false },

	{ "seccomp",		SPECTRE_V2_USER_CMD_SECCOMP,		false },

	{ "seccomp",		SPECTRE_V2_USER_CMD_SECCOMP,		false },

	{ "seccomp,ibpb",	SPECTRE_V2_USER_CMD_SECCOMP_IBPB,	false },

};

};





static void __init spec_v2_user_print_cond(const char *reason, bool secure)

static void __init spec_v2_user_print_cond(const char *reason, bool secure)
@@ -321,6 +325,7 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) 
{

{

	enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE;

	enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE;

	bool smt_possible = IS_ENABLED(CONFIG_SMP);

	bool smt_possible = IS_ENABLED(CONFIG_SMP);

	enum spectre_v2_user_cmd cmd;





	if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP))

	if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP))

		return;

		return;
@@ -329,17 +334,20 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) 
	    cpu_smt_control == CPU_SMT_NOT_SUPPORTED)

	    cpu_smt_control == CPU_SMT_NOT_SUPPORTED)

		smt_possible = false;

		smt_possible = false;





	switch (spectre_v2_parse_user_cmdline(v2_cmd)) {

	cmd = spectre_v2_parse_user_cmdline(v2_cmd);

	switch (cmd) {

	case SPECTRE_V2_USER_CMD_NONE:

	case SPECTRE_V2_USER_CMD_NONE:

		goto set_mode;

		goto set_mode;

	case SPECTRE_V2_USER_CMD_FORCE:

	case SPECTRE_V2_USER_CMD_FORCE:

		mode = SPECTRE_V2_USER_STRICT;

		mode = SPECTRE_V2_USER_STRICT;

		break;

		break;

	case SPECTRE_V2_USER_CMD_PRCTL:

	case SPECTRE_V2_USER_CMD_PRCTL:

	case SPECTRE_V2_USER_CMD_PRCTL_IBPB:

		mode = SPECTRE_V2_USER_PRCTL;

		mode = SPECTRE_V2_USER_PRCTL;

		break;

		break;

	case SPECTRE_V2_USER_CMD_AUTO:

	case SPECTRE_V2_USER_CMD_AUTO:

	case SPECTRE_V2_USER_CMD_SECCOMP:

	case SPECTRE_V2_USER_CMD_SECCOMP:

	case SPECTRE_V2_USER_CMD_SECCOMP_IBPB:

		if (IS_ENABLED(CONFIG_SECCOMP))

		if (IS_ENABLED(CONFIG_SECCOMP))

			mode = SPECTRE_V2_USER_SECCOMP;

			mode = SPECTRE_V2_USER_SECCOMP;

		else

		else
@@ -351,12 +359,15 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) 
	if (boot_cpu_has(X86_FEATURE_IBPB)) {

	if (boot_cpu_has(X86_FEATURE_IBPB)) {

		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);

		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);





		switch (mode) {

		switch (cmd) {

		case SPECTRE_V2_USER_STRICT:

		case SPECTRE_V2_USER_CMD_FORCE:

		case SPECTRE_V2_USER_CMD_PRCTL_IBPB:

		case SPECTRE_V2_USER_CMD_SECCOMP_IBPB:

			static_branch_enable(&switch_mm_always_ibpb);

			static_branch_enable(&switch_mm_always_ibpb);

			break;

			break;

		case SPECTRE_V2_USER_PRCTL:

		case SPECTRE_V2_USER_CMD_PRCTL:

		case SPECTRE_V2_USER_SECCOMP:

		case SPECTRE_V2_USER_CMD_AUTO:

		case SPECTRE_V2_USER_CMD_SECCOMP:

			static_branch_enable(&switch_mm_cond_ibpb);

			static_branch_enable(&switch_mm_cond_ibpb);

			break;

			break;

		default:

		default:
@@ -364,7 +375,8 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) 
		}

		}





		pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n",

		pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n",

			mode == SPECTRE_V2_USER_STRICT ? "always-on" : "conditional");

			static_key_enabled(&switch_mm_always_ibpb) ?

			"always-on" : "conditional");

	}

	}





	/* If enhanced IBRS is enabled no STIPB required */

	/* If enhanced IBRS is enabled no STIPB required */