[SRU,artful] retpoline/IBPB combined mitigation

Message ID 20180209170821.GA4572@brain
State New
Headers show
Series
  • [SRU,artful] retpoline/IBPB combined mitigation
Related show

Pull-request

https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-speculation-control-intel

Message

Andy Whitcroft Feb. 9, 2018, 5:08 p.m.
The previous retpoline update dropped IBPB support.  This would reduce our
protection for userspace/VMs.  This patch kit reinstates that protection
and uses it in combination with retpoline where each is available.  Note
that IBPB support is dependent on having microcode for your CPU which
supports it.

Proposing for SRU to artful.

-apw

The following changes since commit d878dfee54cf6cef17a3d8a661effd3c9731420d:

  UBUNTU: Ubuntu-4.13.0-33.36 (2018-02-06 13:22:54 -0500)

are available in the Git repository at:

  https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-speculation-control-intel

for you to fetch changes up to 6a36999c9ce2f76b7db724f5132832ae46a5a36e:

  UBUNTU: SAUCE: turn off IBPB when full retpoline is present (2018-02-09 12:12:34 +0000)

----------------------------------------------------------------
  * CVE-2017-5715 (Spectre v2 Intel)
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: turn off IBPB when full retpoline is present

Comments

Colin King Feb. 9, 2018, 5:12 p.m. | #1
On 09/02/18 17:08, Andy Whitcroft wrote:
> The previous retpoline update dropped IBPB support.  This would reduce our
> protection for userspace/VMs.  This patch kit reinstates that protection
> and uses it in combination with retpoline where each is available.  Note
> that IBPB support is dependent on having microcode for your CPU which
> supports it.
> 
> Proposing for SRU to artful.
> 
> -apw
> 
> The following changes since commit d878dfee54cf6cef17a3d8a661effd3c9731420d:
> 
>   UBUNTU: Ubuntu-4.13.0-33.36 (2018-02-06 13:22:54 -0500)
> 
> are available in the Git repository at:
> 
>   https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-speculation-control-intel
> 
> for you to fetch changes up to 6a36999c9ce2f76b7db724f5132832ae46a5a36e:
> 
>   UBUNTU: SAUCE: turn off IBPB when full retpoline is present (2018-02-09 12:12:34 +0000)
> 
> ----------------------------------------------------------------
>   * CVE-2017-5715 (Spectre v2 Intel)
>     - x86/feature: Enable the x86 feature to control Speculation
>     - x86/feature: Report presence of IBPB and IBRS control
>     - x86/enter: MACROS to set/clear IBRS and set IBPB
>     - x86/enter: Use IBRS on syscall and interrupts
>     - x86/idle: Disable IBRS entering idle and enable it on wakeup
>     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
>     - x86/mm: Set IBPB upon context switch
>     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
>     - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
>     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
>     - x86/kvm: Set IBPB when switching VM
>     - x86/kvm: Toggle IBRS on VM entry and exit
>     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
>     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
>     - x86/cpu/AMD: Add speculative control support for AMD
>     - x86/microcode: Extend post microcode reload to support IBPB feature
>     - KVM: SVM: Do not intercept new speculative control MSRs
>     - x86/svm: Set IBRS value on VM entry and exit
>     - x86/svm: Set IBPB when running a different VCPU
>     - KVM: x86: Add speculative control CPUID support for guests
>     - SAUCE: turn off IBPB when full retpoline is present
> 

I've tested these and didn't see any regressions.

Acked-by: Colin Ian King <colin.king@canonical.com>
Kamal Mostafa Feb. 9, 2018, 5:13 p.m. | #2
Acked-by: Kamal Mostafa <kamal@canonical.com>

On Fri, Feb 09, 2018 at 05:08:21PM +0000, Andy Whitcroft wrote:
> The previous retpoline update dropped IBPB support.  This would reduce our
> protection for userspace/VMs.  This patch kit reinstates that protection
> and uses it in combination with retpoline where each is available.  Note
> that IBPB support is dependent on having microcode for your CPU which
> supports it.
> 
> Proposing for SRU to artful.
> 
> -apw
> 
> The following changes since commit d878dfee54cf6cef17a3d8a661effd3c9731420d:
> 
>   UBUNTU: Ubuntu-4.13.0-33.36 (2018-02-06 13:22:54 -0500)
> 
> are available in the Git repository at:
> 
>   https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-speculation-control-intel
> 
> for you to fetch changes up to 6a36999c9ce2f76b7db724f5132832ae46a5a36e:
> 
>   UBUNTU: SAUCE: turn off IBPB when full retpoline is present (2018-02-09 12:12:34 +0000)
> 
> ----------------------------------------------------------------
>   * CVE-2017-5715 (Spectre v2 Intel)
>     - x86/feature: Enable the x86 feature to control Speculation
>     - x86/feature: Report presence of IBPB and IBRS control
>     - x86/enter: MACROS to set/clear IBRS and set IBPB
>     - x86/enter: Use IBRS on syscall and interrupts
>     - x86/idle: Disable IBRS entering idle and enable it on wakeup
>     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
>     - x86/mm: Set IBPB upon context switch
>     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
>     - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
>     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
>     - x86/kvm: Set IBPB when switching VM
>     - x86/kvm: Toggle IBRS on VM entry and exit
>     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
>     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
>     - x86/cpu/AMD: Add speculative control support for AMD
>     - x86/microcode: Extend post microcode reload to support IBPB feature
>     - KVM: SVM: Do not intercept new speculative control MSRs
>     - x86/svm: Set IBRS value on VM entry and exit
>     - x86/svm: Set IBPB when running a different VCPU
>     - KVM: x86: Add speculative control CPUID support for guests
>     - SAUCE: turn off IBPB when full retpoline is present
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Khaled Elmously Feb. 9, 2018, 11:16 p.m. | #3
Applied to artful/master-next

On 2018-02-09 17:08:21 , Andy Whitcroft wrote:
> The previous retpoline update dropped IBPB support.  This would reduce our
> protection for userspace/VMs.  This patch kit reinstates that protection
> and uses it in combination with retpoline where each is available.  Note
> that IBPB support is dependent on having microcode for your CPU which
> supports it.
> 
> Proposing for SRU to artful.
> 
> -apw
> 
> The following changes since commit d878dfee54cf6cef17a3d8a661effd3c9731420d:
> 
>   UBUNTU: Ubuntu-4.13.0-33.36 (2018-02-06 13:22:54 -0500)
> 
> are available in the Git repository at:
> 
>   https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-speculation-control-intel
> 
> for you to fetch changes up to 6a36999c9ce2f76b7db724f5132832ae46a5a36e:
> 
>   UBUNTU: SAUCE: turn off IBPB when full retpoline is present (2018-02-09 12:12:34 +0000)
> 
> ----------------------------------------------------------------
>   * CVE-2017-5715 (Spectre v2 Intel)
>     - x86/feature: Enable the x86 feature to control Speculation
>     - x86/feature: Report presence of IBPB and IBRS control
>     - x86/enter: MACROS to set/clear IBRS and set IBPB
>     - x86/enter: Use IBRS on syscall and interrupts
>     - x86/idle: Disable IBRS entering idle and enable it on wakeup
>     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
>     - x86/mm: Set IBPB upon context switch
>     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
>     - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
>     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
>     - x86/kvm: Set IBPB when switching VM
>     - x86/kvm: Toggle IBRS on VM entry and exit
>     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
>     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
>     - x86/cpu/AMD: Add speculative control support for AMD
>     - x86/microcode: Extend post microcode reload to support IBPB feature
>     - KVM: SVM: Do not intercept new speculative control MSRs
>     - x86/svm: Set IBRS value on VM entry and exit
>     - x86/svm: Set IBPB when running a different VCPU
>     - KVM: x86: Add speculative control CPUID support for guests
>     - SAUCE: turn off IBPB when full retpoline is present
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team