Received: by 2002:ab2:1347:0:b0:1f4:ac9d:b246 with SMTP id g7csp258069lqg; Thu, 11 Apr 2024 01:40:48 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUpKt0waeFwNEvmKh/oLM3FwWhtKsXfaWRCqbhWnoY8jA21WoOfUummr/lZSMHMCm3e7gIBRhHwJBdS6qRmrO+flIjKfZv3dxG6IheTtQ== X-Google-Smtp-Source: AGHT+IFWaowhqMTLRe5fQsUfzoQW+Z6k0gRSCb2Az0BznizzfUnadaZmcFz2eexCvnu9JMaNOyuQ X-Received: by 2002:a05:6102:26c7:b0:47a:19cc:758a with SMTP id m7-20020a05610226c700b0047a19cc758amr5009298vss.1.1712824847856; Thu, 11 Apr 2024 01:40:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712824847; cv=pass; d=google.com; s=arc-20160816; b=BBgyNvrE/TTkeIr5Zh1VNVCMqFFurmA8LWaZ1+Z4+EdjMhz+36+J/rJnjZ4ul/F2P4 gjS7E/6VaFe+Lah8YGlLj87p1g5pubJUTBirqdnpJO9nKq9sYhtZNemNsUtkgulf0Nle FMsY/vOiv3GqinBX+CpZQb1rBv75O583ryUpKlft6p7NnIv1aCQo9mlcrjzIIP2SLpog YdGlCID+s2MfzmaNU08WpNtVavs4+Ph7mxqZfKdZw6XlJyXpKS7OTsy5uEibu4GUzZTG 8b91AQVuodwFldfaRCh/uTAmScjVU0W61efupZ9vkMS1Td0MsqYiUW9H8deVws6NAA0m iF7A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:precedence:robot-unsubscribe:robot-id :message-id:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:references:in-reply-to:cc:subject:to:reply-to:sender :from:dkim-signature:dkim-signature:date; bh=nAurd2+Y6lQur3oxoMWVh57CbsrekTTX/o24SxAOO8Y=; fh=d3HZVZB9sRYuF7bycx+OpgKllfJjh6vh0uJCgzEWQTE=; b=IUFD21bJKevsAw8KP/ozPokhDyQe/irvp8ucOOx9zIMpOtNk1EPt7oyezWlgqd9Zxc +ShWPvDVPWNakd7+CYMxa4QA6G2xSvL1aAUI3tkAnlbNb6lnF7SokaUGXHk90RFynZNr H6Y+fjCq86JOphwBFt5neJqB1laRZXPVK6Z/EvR+XtYjiC5yc5Ismd8UAq4Yed6Z3ARO 9Zr++NgTkEHYhaWxLSHrFo7IsRBulV5QxQi9/4pU6YF8Qpi0vkQTRjKUOR+dgh5FJW3J f8Rq/CoDMAgrMVLI2X0yf3IOT+5PMcRbXgfedUd5/70qs+oJv3W3eaU6iF6H+pKAydR4 aZog==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=SAs1SN2l; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=CKa4QZNc; arc=pass (i=1 spf=pass spfdomain=linutronix.de dkim=pass dkdomain=linutronix.de dmarc=pass fromdomain=linutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-140104-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-140104-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id c9-20020ac87dc9000000b00431161c89e7si1019341qte.675.2024.04.11.01.40.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 01:40:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-140104-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=SAs1SN2l; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=CKa4QZNc; arc=pass (i=1 spf=pass spfdomain=linutronix.de dkim=pass dkdomain=linutronix.de dmarc=pass fromdomain=linutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-140104-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-140104-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 83A4E1C20CBF for ; Thu, 11 Apr 2024 08:40:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 372F4143C62; Thu, 11 Apr 2024 08:40:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="SAs1SN2l"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="CKa4QZNc" Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72525A32; Thu, 11 Apr 2024 08:40:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712824830; cv=none; b=fOoqKSkX6rCal2rxRzAtVroWxv9gJyihQukzLBo8JmAnNpFgLUIvNxG/f/DWI/qM9utaLG7hr3wFj50BXasOb4ltxNGiut5qawpzr/rJcHHD8bGcfgARb1+RtG1spjzZQMJdpYjxSQQuWRbU550fV/AQDWq4a3WXui96tmFmcAg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712824830; c=relaxed/simple; bh=9SB/yhqXyhvyHCaKIY9CH3Z3zO3Dd+A5vL2i0sKTOCA=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=r9Am+foaA6sU0I3FOXmdSCscR+68lniYgnQaF/eG8CGOmMv6L3BNE/DUfnPtrpnFuqyGqwFJG/xYFXFcRESNHSqUb6gWQgt68EhScuD9p/Zn6+BnB2SSZymveMboyHYH5OqxRVBc4/aifq/CNUKUNB/JAG0INDBMEWnbg3A3w+w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=SAs1SN2l; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=CKa4QZNc; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Date: Thu, 11 Apr 2024 08:40:20 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1712824821; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nAurd2+Y6lQur3oxoMWVh57CbsrekTTX/o24SxAOO8Y=; b=SAs1SN2lX+ojS7DWRhlnNSNozCiH6zikzQNrKs5SM4V5OY4o9WfdKrEttbJ+G9XK02XOjz dYjMF7yhV77mRkGEv7owqWReM0szuinYD6l0Y2fvUTrgRSlclexm9OHfORxqhkwXZohQoX ho4eBbqatG51Bgv0v0JCgeV2JNOatjdf3vCBhOFc9MP4mu/C/I4LwLZ2kMQxUWCt2X3F2h AVjxDAkGJaDujQM7dtKw/Xu5kdyVI8YgA9Y7y1zKAAD5ay33tgyDr88sL+QN8+upGw9Ohm cpFEwiqwc8kIgCwxftXqo92YCmfmcU1190nhOAmmu11R9BRwGf02btjsmGE7xQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1712824821; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nAurd2+Y6lQur3oxoMWVh57CbsrekTTX/o24SxAOO8Y=; b=CKa4QZNcy9IKJKBJReAu2Io+SoWouiiRsWokKPE230trP75szzUVsYftfbNuo3KOzigVBN Nx+1y2jPEvC6Y/CQ== From: "tip-bot2 for Josh Poimboeuf" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Cc: Josh Poimboeuf , Ingo Molnar , Linus Torvalds , Sean Christopherson , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <171282482058.10875.1352246687357623520.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 5f882f3b0a8bf0788d5a0ee44b1191de5319bb8a Gitweb: https://git.kernel.org/tip/5f882f3b0a8bf0788d5a0ee44b1191de5319bb8a Author: Josh Poimboeuf AuthorDate: Wed, 10 Apr 2024 22:40:48 -07:00 Committer: Ingo Molnar CommitterDate: Thu, 11 Apr 2024 10:30:33 +02:00 x86/bugs: Clarify that syscall hardening isn't a BHI mitigation While syscall hardening helps prevent some BHI attacks, there's still other low-hanging fruit remaining. Don't classify it as a mitigation and make it clear that the system may still be vulnerable if it doesn't have a HW or SW mitigation enabled. Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") Signed-off-by: Josh Poimboeuf Signed-off-by: Ingo Molnar Cc: Linus Torvalds Cc: Sean Christopherson Link: https://lore.kernel.org/r/b5951dae3fdee7f1520d5136a27be3bdfe95f88b.1712813475.git.jpoimboe@kernel.org --- Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++------ Documentation/admin-guide/kernel-parameters.txt | 3 +-- arch/x86/kernel/cpu/bugs.c | 6 +++--- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 3cf18e4..5a39acf 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -441,10 +441,10 @@ The possible values in this file are: - System is protected by BHI_DIS_S * - BHI: SW loop, KVM SW loop - System is protected by software clearing sequence - * - BHI: Syscall hardening - - Syscalls are hardened against BHI - * - BHI: Syscall hardening, KVM: SW loop - - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence + * - BHI: Vulnerable + - System is vulnerable to BHI + * - BHI: Vulnerable, KVM: SW loop + - System is vulnerable; KVM is protected by software clearing sequence Full mitigation might require a microcode update from the CPU vendor. When the necessary microcode is not available, the kernel will @@ -661,8 +661,7 @@ kernel command line. spectre_bhi= [X86] Control mitigation of Branch History Injection - (BHI) vulnerability. Syscalls are hardened against BHI - regardless of this setting. This setting affects the deployment + (BHI) vulnerability. This setting affects the deployment of the HW BHI control and the SW BHB clearing sequence. on diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index a029ad6..a3874cc 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -6065,8 +6065,7 @@ See Documentation/admin-guide/laptops/sonypi.rst spectre_bhi= [X86] Control mitigation of Branch History Injection - (BHI) vulnerability. Syscalls are hardened against BHI - reglardless of this setting. This setting affects the + (BHI) vulnerability. This setting affects the deployment of the HW BHI control and the SW BHB clearing sequence. diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 08dfb94..9eeb60f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2818,10 +2818,10 @@ static const char *spectre_bhi_state(void) return "; BHI: SW loop, KVM: SW loop"; else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && rrsba_disabled) return "; BHI: Retpoline"; - else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT)) - return "; BHI: Syscall hardening, KVM: SW loop"; + else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT)) + return "; BHI: Vulnerable, KVM: SW loop"; - return "; BHI: Vulnerable (Syscall hardening enabled)"; + return "; BHI: Vulnerable"; } static ssize_t spectre_v2_show_state(char *buf)