Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp581023pxp;
        Wed, 9 Mar 2022 08:32:26 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxvWqNTpm/9Tegi1MvmgIb/+PDCl3/Lssm0vxq6hXyd7CxqL09HbP9Via4azSNleF5zUfBp
X-Received: by 2002:a17:907:6e90:b0:6da:886b:ab with SMTP id sh16-20020a1709076e9000b006da886b00abmr526880ejc.285.1646843546118;
        Wed, 09 Mar 2022 08:32:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1646843546; cv=none;
        d=google.com; s=arc-20160816;
        b=vAsEavwibaMpyXJ+iX0nkqCZvqVqs8BJHMmyEyFqZRTahUyVYH2DHP/gzKH8G5+rdu
         ArRPPULvrqFpXCLCInJuJ2Vnl/2HPWjRQpazHOUYd4nWdgJUoyBuRQ7Da6HzKZ3Ju9j9
         L707WYTxAHkIkD0GIJQRSOP6uTzgGeQInWoWQFXdpw+lE3v21/KvcGjpNYC86YL/xQGp
         lKQ71GsTuXBsUH7iCsA/7uJ+5z9xYF3bfbwo9FISXnVPaFXqKP42t+Mk0tkhe92RPuSn
         GUrpzbyjjbore5fiuIzlq1lt2jpWPMaA7J1C5bYA5k/ZTaed2OeImQTTj18K6Hpk3kYl
         snbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=/3T9xCHkSBQCYqADNMQlbOJE9ejkkQHhbSuWxsiqCv8=;
        b=AzlVXlaPj628M7Mia1A+UWRzWaI9C8i4pAN7L2JLZlQfJ7A4i+u88GKAne0DOrBwW4
         SEB1cU5bnb9ZMiKmXySQMOhgBxpycQrBf4d6+diZzQdEA3nxbVzm1DmalSdd5acbdy/u
         jYHQ0hxeNKHqvrPI17vXhLw6Gigi1WMFp20b2BC+s42c7llVmj+z4SD3LEp9ap3lS/w+
         crKJPM8I6gr1BNBxTRzdG90t0Bj9kPq1AFtwMuJnxpUj0prlSAfMM2VvTnz0TYX3649p
         GDLT9PSXQ9SXAwIVq8BIgUdnFVrKPRzxglNxQLpLTBqEyIKz23qD0n4KWiJdCTbctAWR
         Vf/Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="egdxb/Jl";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id g14-20020a056402090e00b00415d55330ddsi1945525edz.488.2022.03.09.08.31.46;
        Wed, 09 Mar 2022 08:32:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="egdxb/Jl";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234343AbiCIQE6 (ORCPT <rfc822;antony.sucheston@gmail.com>
        + 99 others); Wed, 9 Mar 2022 11:04:58 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40400 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234217AbiCIQCx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Mar 2022 11:02:53 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9CC717225B;
        Wed,  9 Mar 2022 08:01:45 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 7D274B82222;
        Wed,  9 Mar 2022 16:01:44 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id CE290C36AE3;
        Wed,  9 Mar 2022 16:01:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1646841703;
        bh=VTroE0o8H/coKQKT5Ucdb5Tee+fIceA46G9VPM0drL0=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=egdxb/Jl/Hj9rbhVCp+OOi3CxuPSdEIzoy6B6vsy3e4Xf0KdLrw4f94YMD84UYNn+
         H+M8soJWojgVyoukf6OoOX2HGGSMmsHVtZnZnaySgai0SmtCB0SKdgSmqZNKKPHIxV
         q44n0a9p59asmBzsY9WU1JcWPmK/K3xLgNYzcJbg=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Josh Poimboeuf <jpoimboe@redhat.com>,
        Borislav Petkov <bp@suse.de>,
        Ben Hutchings <ben@decadent.org.uk>
Subject: [PATCH 4.9 15/24] x86/speculation: Warn about Spectre v2 LFENCE mitigation
Date:   Wed,  9 Mar 2022 16:59:28 +0100
Message-Id: <20220309155856.747356696@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220309155856.295480966@linuxfoundation.org>
References: <20220309155856.295480966@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Josh Poimboeuf <jpoimboe@redhat.com>

commit eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678 upstream.

With:

  f8a66d608a3e ("x86,bugs: Unconditionally allow spectre_v2=retpoline,amd")

it became possible to enable the LFENCE "retpoline" on Intel. However,
Intel doesn't recommend it, as it has some weaknesses compared to
retpoline.

Now AMD doesn't recommend it either.

It can still be left available as a cmdline option. It's faster than
retpoline but is weaker in certain scenarios -- particularly SMT, but
even non-SMT may be vulnerable in some cases.

So just unconditionally warn if the user requests it on the cmdline.

  [ bp: Massage commit message. ]

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kernel/cpu/bugs.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -607,6 +607,7 @@ static inline const char *spectre_v2_mod
 static inline const char *spectre_v2_module_string(void) { return ""; }
 #endif
 
+#define SPECTRE_V2_LFENCE_MSG "WARNING: LFENCE mitigation is not recommended for this CPU, data leaks possible!\n"
 #define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n"
 
 #ifdef CONFIG_BPF_SYSCALL
@@ -928,6 +929,7 @@ static void __init spectre_v2_select_mit
 		break;
 
 	case SPECTRE_V2_CMD_RETPOLINE_LFENCE:
+		pr_err(SPECTRE_V2_LFENCE_MSG);
 		mode = SPECTRE_V2_LFENCE;
 		break;
 
@@ -1694,6 +1696,9 @@ static char *ibpb_state(void)
 
 static ssize_t spectre_v2_show_state(char *buf)
 {
+	if (spectre_v2_enabled == SPECTRE_V2_LFENCE)
+		return sprintf(buf, "Vulnerable: LFENCE\n");
+
 	if (spectre_v2_enabled == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled())
 		return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");