Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp798611pxp;
        Fri, 11 Mar 2022 15:26:32 -0800 (PST)
X-Google-Smtp-Source: ABdhPJw3gKK9jPybjPAiqkPh6Jz3heWpSoZNobdL/9P1L/Y/s7BK5Ti5IE0iiEo+V+5inZSWKREp
X-Received: by 2002:a17:90a:aa83:b0:1b9:7c62:61e5 with SMTP id l3-20020a17090aaa8300b001b97c6261e5mr13394569pjq.118.1647041192651;
        Fri, 11 Mar 2022 15:26:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1647041192; cv=none;
        d=google.com; s=arc-20160816;
        b=FO8hh3Z7Qj60sNBQAWyZ2IiVnnPHzjhiwDS5qMwwjx9k4u3y2ccFukh7AZlWeeGOnj
         HZWpEOgVP3ddNAiA8U1FNFbLcTGj4Uy3S5XfTnDNWC2RMvzSZXtZNZqJMsB2gdN55SUA
         nOggKsuaUWY1UbIagdHoUjYlJ4FI8prsvI4o8tl2UEvDTXlYTYbHetYEemrwRbD17Ba2
         jIxEDrCrMWzpYm+VHjhk5SXEzAiMLqEQ8jgGJEKNXJdce5JIe2CTSEWwmu+7TDU0wu6q
         G8mDx/Hh9yRQY9B1w9cpau8GoVordMGF8oAY5S3X37Z9YK3BkB5lGcOEhmcvanLqncBI
         WvVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=/3T9xCHkSBQCYqADNMQlbOJE9ejkkQHhbSuWxsiqCv8=;
        b=luCXvnlc370h6ny81Yx28NTWVhwkUuO5oQzaI4AshKAItrwvgcxbXl25PPfOQuwW8/
         tGNeJFtrA1rvJp/toOvCvAlHXcWbjvts26r+RpVykkfuoIhMPhs6xqsd3f93QDJ9Ua8r
         s/SEUTerN8RORpRp8j10Ng89O0HKjXvF/05EpzipYJlWHGshzsAFE8h9noS1MqHKkW24
         kU2RmtbQpt4vlWAmPqbSqE4Y2mhA/VUE9Q7qolL42/kxdoQbXku93VQV1zlEiEeyxAmx
         5KpPIrceLeId70ixrJS7OTY2xAM7NOXF/YZtS2oE9UEZK00zgsIsOLNFUfmzco96pqaC
         2xew==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xc3HgE18;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id l15-20020a170903244f00b00151ec644f10si11220824pls.211.2022.03.11.15.26.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 11 Mar 2022 15:26:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xc3HgE18;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id A96A31D97E0;
	Fri, 11 Mar 2022 14:13:44 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242949AbiCJOVP (ORCPT <rfc822;antony.sucheston@gmail.com>
        + 99 others); Thu, 10 Mar 2022 09:21:15 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40398 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S243651AbiCJOSO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Mar 2022 09:18:14 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A8F6A1617DD;
        Thu, 10 Mar 2022 06:14:27 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 33371B825F3;
        Thu, 10 Mar 2022 14:14:26 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8196CC340E8;
        Thu, 10 Mar 2022 14:14:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1646921664;
        bh=VTroE0o8H/coKQKT5Ucdb5Tee+fIceA46G9VPM0drL0=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=xc3HgE18RkWcQOi/dO6rbBqIzjOXZhBobnnAZB+0INOGBhzxzGd5cZt61wOJHo6lq
         uu5wFBdEhvF5LDCUqTVWQ1jfs3v8LH/LMVHNV+4xyFFYa3C/Z1aCs8dzIcIwfj8L6R
         RNTb3K7Q+yPcQO6SJzta8DSwVcmOfzKm2IQM5GTw=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Josh Poimboeuf <jpoimboe@redhat.com>,
        Borislav Petkov <bp@suse.de>,
        Ben Hutchings <ben@decadent.org.uk>
Subject: [PATCH 4.9 15/38] x86/speculation: Warn about Spectre v2 LFENCE mitigation
Date:   Thu, 10 Mar 2022 15:13:28 +0100
Message-Id: <20220310140808.582689668@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220310140808.136149678@linuxfoundation.org>
References: <20220310140808.136149678@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Josh Poimboeuf <jpoimboe@redhat.com>

commit eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678 upstream.

With:

  f8a66d608a3e ("x86,bugs: Unconditionally allow spectre_v2=retpoline,amd")

it became possible to enable the LFENCE "retpoline" on Intel. However,
Intel doesn't recommend it, as it has some weaknesses compared to
retpoline.

Now AMD doesn't recommend it either.

It can still be left available as a cmdline option. It's faster than
retpoline but is weaker in certain scenarios -- particularly SMT, but
even non-SMT may be vulnerable in some cases.

So just unconditionally warn if the user requests it on the cmdline.

  [ bp: Massage commit message. ]

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kernel/cpu/bugs.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -607,6 +607,7 @@ static inline const char *spectre_v2_mod
 static inline const char *spectre_v2_module_string(void) { return ""; }
 #endif
 
+#define SPECTRE_V2_LFENCE_MSG "WARNING: LFENCE mitigation is not recommended for this CPU, data leaks possible!\n"
 #define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n"
 
 #ifdef CONFIG_BPF_SYSCALL
@@ -928,6 +929,7 @@ static void __init spectre_v2_select_mit
 		break;
 
 	case SPECTRE_V2_CMD_RETPOLINE_LFENCE:
+		pr_err(SPECTRE_V2_LFENCE_MSG);
 		mode = SPECTRE_V2_LFENCE;
 		break;
 
@@ -1694,6 +1696,9 @@ static char *ibpb_state(void)
 
 static ssize_t spectre_v2_show_state(char *buf)
 {
+	if (spectre_v2_enabled == SPECTRE_V2_LFENCE)
+		return sprintf(buf, "Vulnerable: LFENCE\n");
+
 	if (spectre_v2_enabled == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled())
 		return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");