Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9a596426 authored by Alexandre Chartre's avatar Alexandre Chartre Committed by Greg Kroah-Hartman
Browse files

x86/bugs: Add AMD retbleed= boot parameter 



commit 7fbf47c7ce50b38a64576b150e7011ae73d54669 upstream.

Add the "retbleed=<value>" boot parameter to select a mitigation for
RETBleed. Possible values are "off", "auto" and "unret"
(JMP2RET mitigation). The default value is "auto".

Currently, "retbleed=auto" will select the unret mitigation on
AMD and Hygon and no mitigation on Intel (JMP2RET is not effective on
Intel).

  [peterz: rebase; add hygon]
  [jpoimboe: cleanups]

Signed-off-by: default avatarAlexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
[cascardo: this effectively remove the UNRET mitigation as an option, so it
 has to be complemented by a later pick of the same commit later. This is
 done in order to pick retbleed_select_mitigation]
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 063b7f98

Documentation/admin-guide/kernel-parameters.txt

+12 −0
Original line number Diff line number Diff line
@@ -4298,6 +4298,18 @@ 


	retain_initrd	[RAM] Keep initrd memory after extraction



	retbleed=	[X86] Control mitigation of RETBleed (Arbitrary

			Speculative Code Execution with Return Instructions)

			vulnerability.



			off         - unconditionally disable

			auto        - automatically select a migitation



			Selecting 'auto' will choose a mitigation method at run

			time according to the CPU.



			Not specifying this option is equivalent to retbleed=auto.



	rfkill.default_state=

		0	"airplane mode".  All wifi, bluetooth, wimax, gps, fm,

			etc. communication is blocked by default.

arch/x86/kernel/cpu/bugs.c

+73 −1
Original line number Diff line number Diff line
@@ -36,6 +36,7 @@ 
#include "cpu.h"



static void __init spectre_v1_select_mitigation(void);

static void __init retbleed_select_mitigation(void);

static void __init spectre_v2_select_mitigation(void);

static void __init ssb_select_mitigation(void);

static void __init l1tf_select_mitigation(void);
@@ -111,6 +112,12 @@ void __init check_bugs(void) 


	/* Select the proper CPU mitigations before patching alternatives: */

	spectre_v1_select_mitigation();

	retbleed_select_mitigation();

	/*

	 * spectre_v2_select_mitigation() relies on the state set by

	 * retbleed_select_mitigation(); specifically the STIBP selection is

	 * forced for UNRET.

	 */

	spectre_v2_select_mitigation();

	ssb_select_mitigation();

	l1tf_select_mitigation();
@@ -705,6 +712,71 @@ static int __init nospectre_v1_cmdline(char *str) 
}

early_param("nospectre_v1", nospectre_v1_cmdline);



#undef pr_fmt

#define pr_fmt(fmt)     "RETBleed: " fmt



enum retbleed_mitigation {

	RETBLEED_MITIGATION_NONE,

};



enum retbleed_mitigation_cmd {

	RETBLEED_CMD_OFF,

	RETBLEED_CMD_AUTO,

};



const char * const retbleed_strings[] = {

	[RETBLEED_MITIGATION_NONE]	= "Vulnerable",

};



static enum retbleed_mitigation retbleed_mitigation __ro_after_init =

	RETBLEED_MITIGATION_NONE;

static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init =

	RETBLEED_CMD_AUTO;



static int __init retbleed_parse_cmdline(char *str)

{

	if (!str)

		return -EINVAL;



	if (!strcmp(str, "off"))

		retbleed_cmd = RETBLEED_CMD_OFF;

	else if (!strcmp(str, "auto"))

		retbleed_cmd = RETBLEED_CMD_AUTO;

	else

		pr_err("Unknown retbleed option (%s). Defaulting to 'auto'\n", str);



	return 0;

}

early_param("retbleed", retbleed_parse_cmdline);



#define RETBLEED_UNTRAIN_MSG "WARNING: BTB untrained return thunk mitigation is only effective on AMD/Hygon!\n"

#define RETBLEED_COMPILER_MSG "WARNING: kernel not compiled with RETPOLINE or -mfunction-return capable compiler!\n"



static void __init retbleed_select_mitigation(void)

{

	if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off())

		return;



	switch (retbleed_cmd) {

	case RETBLEED_CMD_OFF:

		return;



	case RETBLEED_CMD_AUTO:

	default:

		if (!boot_cpu_has_bug(X86_BUG_RETBLEED))

			break;



		break;

	}



	switch (retbleed_mitigation) {

	default:

		break;

	}



	pr_info("%s\n", retbleed_strings[retbleed_mitigation]);

}



#undef pr_fmt

#define pr_fmt(fmt)     "Spectre V2 : " fmt
@@ -1913,7 +1985,7 @@ static ssize_t srbds_show_state(char *buf) 


static ssize_t retbleed_show_state(char *buf)

{

	return sprintf(buf, "Vulnerable\n");

	return sprintf(buf, "%s\n", retbleed_strings[retbleed_mitigation]);

}



static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,