tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'x86_urgent_for_v5.19_rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:
"A couple more retbleed fallout fixes.

It looks like their urgency is decreasing so it seems like we've
managed to catch whatever snafus the limited -rc testing has exposed.
Maybe we're getting ready... :)

- Make retbleed mitigations 64-bit only (32-bit will need a bit more
work if even needed, at all).

- Prevent return thunks patching of the LKDTM modules as it is not
needed there

- Avoid writing the SPEC_CTRL MSR on every kernel entry on eIBRS
parts

- Enhance error output of apply_returns() when it fails to patch a
return thunk

- A sparse fix to the sev-guest module

- Protect EFI fw calls by issuing an IBPB on AMD"

* tag 'x86_urgent_for_v5.19_rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/speculation: Make all RETbleed mitigations 64-bit only
lkdtm: Disable return thunks in rodata.c
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
x86/alternative: Report missing return thunk details
virt: sev-guest: Pass the appropriate argument type to iounmap()
x86/amd: Use IBPB for firmware calls

Linus Torvalds 05017fed 714b82c1

+36 -12
+4 -4
arch/x86/Kconfig
··· 2474 2474 bool "Enable return-thunks" 2475 2475 depends on RETPOLINE && CC_HAS_RETURN_THUNK 2476 2476 select OBJTOOL if HAVE_OBJTOOL 2477 - default y 2477 + default y if X86_64 2478 2478 help 2479 2479 Compile the kernel with the return-thunks compiler option to guard 2480 2480 against kernel-to-user data leaks by avoiding return speculation. ··· 2483 2483 2484 2484 config CPU_UNRET_ENTRY 2485 2485 bool "Enable UNRET on kernel entry" 2486 - depends on CPU_SUP_AMD && RETHUNK 2486 + depends on CPU_SUP_AMD && RETHUNK && X86_64 2487 2487 default y 2488 2488 help 2489 2489 Compile the kernel with support for the retbleed=unret mitigation. 2490 2490 2491 2491 config CPU_IBPB_ENTRY 2492 2492 bool "Enable IBPB on kernel entry" 2493 - depends on CPU_SUP_AMD 2493 + depends on CPU_SUP_AMD && X86_64 2494 2494 default y 2495 2495 help 2496 2496 Compile the kernel with support for the retbleed=ibpb mitigation. 2497 2497 2498 2498 config CPU_IBRS_ENTRY 2499 2499 bool "Enable IBRS on kernel entry" 2500 - depends on CPU_SUP_INTEL 2500 + depends on CPU_SUP_INTEL && X86_64 2501 2501 default y 2502 2502 help 2503 2503 Compile the kernel with support for the spectre_v2=ibrs mitigation.
+1
arch/x86/Makefile
··· 27 27 RETPOLINE_CFLAGS += $(RETHUNK_CFLAGS) 28 28 endif 29 29 30 + export RETHUNK_CFLAGS 30 31 export RETPOLINE_CFLAGS 31 32 export RETPOLINE_VDSO_CFLAGS 32 33
+1
arch/x86/include/asm/cpufeatures.h
··· 302 302 #define X86_FEATURE_RETPOLINE_LFENCE (11*32+13) /* "" Use LFENCE for Spectre variant 2 */ 303 303 #define X86_FEATURE_RETHUNK (11*32+14) /* "" Use REturn THUNK */ 304 304 #define X86_FEATURE_UNRET (11*32+15) /* "" AMD BTB untrain return */ 305 + #define X86_FEATURE_USE_IBPB_FW (11*32+16) /* "" Use IBPB during runtime firmware calls */ 305 306 306 307 /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ 307 308 #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */
+2
arch/x86/include/asm/nospec-branch.h
··· 297 297 alternative_msr_write(MSR_IA32_SPEC_CTRL, \ 298 298 spec_ctrl_current() | SPEC_CTRL_IBRS, \ 299 299 X86_FEATURE_USE_IBRS_FW); \ 300 + alternative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB, \ 301 + X86_FEATURE_USE_IBPB_FW); \ 300 302 } while (0) 301 303 302 304 #define firmware_restrict_branch_speculation_end() \
+3 -1
arch/x86/kernel/alternative.c
··· 555 555 dest = addr + insn.length + insn.immediate.value; 556 556 557 557 if (__static_call_fixup(addr, op, dest) || 558 - WARN_ON_ONCE(dest != &__x86_return_thunk)) 558 + WARN_ONCE(dest != &__x86_return_thunk, 559 + "missing return thunk: %pS-%pS: %*ph", 560 + addr, dest, 5, addr)) 559 561 continue; 560 562 561 563 DPRINTK("return thunk at: %pS (%px) len: %d to: %pS",
+13 -1
arch/x86/kernel/cpu/bugs.c
··· 975 975 #define SPECTRE_V2_LFENCE_MSG "WARNING: LFENCE mitigation is not recommended for this CPU, data leaks possible!\n" 976 976 #define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n" 977 977 #define SPECTRE_V2_EIBRS_LFENCE_EBPF_SMT_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS+LFENCE mitigation and SMT, data leaks possible via Spectre v2 BHB attacks!\n" 978 + #define SPECTRE_V2_IBRS_PERF_MSG "WARNING: IBRS mitigation selected on Enhanced IBRS CPU, this may cause unnecessary performance loss\n" 978 979 979 980 #ifdef CONFIG_BPF_SYSCALL 980 981 void unpriv_ebpf_notify(int new_state) ··· 1416 1415 1417 1416 case SPECTRE_V2_IBRS: 1418 1417 setup_force_cpu_cap(X86_FEATURE_KERNEL_IBRS); 1418 + if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) 1419 + pr_warn(SPECTRE_V2_IBRS_PERF_MSG); 1419 1420 break; 1420 1421 1421 1422 case SPECTRE_V2_LFENCE: ··· 1519 1516 * the CPU supports Enhanced IBRS, kernel might un-intentionally not 1520 1517 * enable IBRS around firmware calls. 1521 1518 */ 1522 - if (boot_cpu_has(X86_FEATURE_IBRS) && !spectre_v2_in_ibrs_mode(mode)) { 1519 + if (boot_cpu_has_bug(X86_BUG_RETBLEED) && 1520 + (boot_cpu_data.x86_vendor == X86_VENDOR_AMD || 1521 + boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)) { 1522 + 1523 + if (retbleed_cmd != RETBLEED_CMD_IBPB) { 1524 + setup_force_cpu_cap(X86_FEATURE_USE_IBPB_FW); 1525 + pr_info("Enabling Speculation Barrier for firmware calls\n"); 1526 + } 1527 + 1528 + } else if (boot_cpu_has(X86_FEATURE_IBRS) && !spectre_v2_in_ibrs_mode(mode)) { 1523 1529 setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); 1524 1530 pr_info("Enabling Restricted Speculation for firmware calls\n"); 1525 1531 }
+6 -3
drivers/misc/lkdtm/Makefile
··· 13 13 lkdtm-$(CONFIG_LKDTM) += fortify.o 14 14 lkdtm-$(CONFIG_PPC_64S_HASH_MMU) += powerpc.o 15 15 16 - KASAN_SANITIZE_rodata.o := n 17 16 KASAN_SANITIZE_stackleak.o := n 18 - KCOV_INSTRUMENT_rodata.o := n 19 - CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO) 17 + 18 + KASAN_SANITIZE_rodata.o := n 19 + KCSAN_SANITIZE_rodata.o := n 20 + KCOV_INSTRUMENT_rodata.o := n 21 + OBJECT_FILES_NON_STANDARD_rodata.o := y 22 + CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO) $(RETHUNK_CFLAGS) 20 23 21 24 OBJCOPYFLAGS := 22 25 OBJCOPYFLAGS_rodata_objcopy.o := \
+6 -3
drivers/virt/coco/sev-guest/sev-guest.c
··· 632 632 struct device *dev = &pdev->dev; 633 633 struct snp_guest_dev *snp_dev; 634 634 struct miscdevice *misc; 635 + void __iomem *mapping; 635 636 int ret; 636 637 637 638 if (!dev->platform_data) 638 639 return -ENODEV; 639 640 640 641 data = (struct sev_guest_platform_data *)dev->platform_data; 641 - layout = (__force void *)ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); 642 - if (!layout) 642 + mapping = ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); 643 + if (!mapping) 643 644 return -ENODEV; 645 + 646 + layout = (__force void *)mapping; 644 647 645 648 ret = -ENOMEM; 646 649 snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); ··· 709 706 e_free_request: 710 707 free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); 711 708 e_unmap: 712 - iounmap(layout); 709 + iounmap(mapping); 713 710 return ret; 714 711 } 715 712