[SRU][Trusty][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

[SRU][Trusty][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

Juerg Haefliger
This is the second round of IBPB/IBRS runtime control cleanups for Trusty.
With this, Trusty matches Xenial. The introduced fuctional changes are:
 - Write every IBPB and IBRS state change to the kernel log.
 - Return an error if the user tries to enable IBRS or IBPB on HW that
   doesn't support it.
 - Expose the IBRS state through sysfs.

Compile-tested all architectures.

Signed-off-by: Juerg Haefliger <[hidden email]>


Juerg Haefliger (3):
  UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
    (v2)
  UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
    (v2)
  UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk

 arch/x86/include/asm/nospec-branch.h | 12 +++--
 arch/x86/include/asm/spec_ctrl.h     |  3 ++
 arch/x86/kernel/acpi/cstate.c        |  4 +-
 arch/x86/kernel/cpu/bugs.c           | 69 ++++++++++++++--------------
 arch/x86/kernel/process.c            |  6 +--
 arch/x86/kernel/smpboot.c            |  4 +-
 kernel/sysctl.c                      | 61 ++++++++++++++----------
 7 files changed, 88 insertions(+), 71 deletions(-)

--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Trusty][PATCH 1/3] UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling (v2)

Juerg Haefliger
Cleanup the code to match Xenial. Functional changes introduced:
  - Return an error when someone tries to enable IBPB via procfs on HW that
    doesn't have IBPB support.
  - Write every IBPB state change to the kernel log.

CVE-2017-5715

Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/include/asm/nospec-branch.h |  6 ++++--
 arch/x86/kernel/cpu/bugs.c           | 23 +++++++++++-----------
 kernel/sysctl.c                      | 29 ++++++++++++++++------------
 3 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index dd8f0790fbd9..3cc7e65fbb3a 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -190,9 +190,11 @@
 # define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
 #endif
 
-/* The IBPB and IBRS runtime control knobs */
+/* The IBPB runtime control knob */
 extern unsigned int ibpb_enabled;
-void ibpb_enable(void);
+int set_ibpb_enabled(unsigned int);
+
+/* The IBRS runtime control knob */
 extern unsigned int ibrs_enabled;
 void ibrs_enable(void);
 
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 5b1d8522764e..b4a0a26efc0d 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -428,19 +428,18 @@ retpoline_auto:
  spectre_v2_enabled = mode;
  pr_info("%s\n", spectre_v2_strings[mode]);
 
- /* Initialize Indirect Branch Prediction Barrier if supported */
+ /*
+ * Initialize Indirect Branch Prediction Barrier if supported and not
+ * disabled on the commandline
+ */
  if (boot_cpu_has(X86_FEATURE_IBPB)) {
  setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
-
- /*
- * Enable IBPB support if it's not turned off on the
- * commandline.
- */
- if (!noibpb)
- ibpb_enable();
-
- pr_info("%s Indirect Branch Prediction Barrier\n",
- ibpb_enabled ? "Enabling" : "Disabling");
+ if (noibpb) {
+ /* IBPB disabled via commandline */
+ set_ibpb_enabled(0);
+ } else {
+ set_ibpb_enabled(1);
+ }
  }
 
  /*
@@ -876,7 +875,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
 
  case X86_BUG_SPECTRE_V2:
  return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
-       ibpb_enabled && boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
+       ibpb_enabled ? ", IBPB" : "",
        boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "");
 
  case X86_BUG_SPEC_STORE_BYPASS:
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index e18e18bebd92..9d3084581410 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -203,31 +203,37 @@ static int proc_dostring_coredump(struct ctl_table *table, int write,
 DEFINE_MUTEX(spec_ctrl_mutex);
 
 unsigned int ibpb_enabled = 0;
-EXPORT_SYMBOL(ibpb_enabled);
+EXPORT_SYMBOL(ibpb_enabled);   /* Required in some modules */
 
 static unsigned int __ibpb_enabled = 0;   /* procfs shadow variable */
 
-static void set_ibpb_enabled(unsigned int val)
+int set_ibpb_enabled(unsigned int val)
 {
+ int error = 0;
+
  mutex_lock(&spec_ctrl_mutex);
 
  /* Only enable IBPB if the CPU supports it */
- if (val && boot_cpu_has(X86_FEATURE_USE_IBPB))
- ibpb_enabled = 1;
- else
+ if (boot_cpu_has(X86_FEATURE_IBPB)) {
+ ibpb_enabled = val;
+ pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect "
+ "Branch Prediction Barrier\n",
+ ibpb_enabled ? "Enabling" : "Disabling");
+ } else {
  ibpb_enabled = 0;
+ if (val) {
+ /* IBPB is not supported but we try to turn it on */
+ error = -EINVAL;
+ }
+ }
 
  /* Update the shadow variable */
  __ibpb_enabled = ibpb_enabled;
 
  mutex_unlock(&spec_ctrl_mutex);
-}
 
-inline void ibpb_enable(void)
-{
- set_ibpb_enabled(1);
+ return error;
 }
-EXPORT_SYMBOL(ibpb_enable);
 
 static int ibpb_enabled_handler(struct ctl_table *table, int write,
  void __user *buffer, size_t *lenp,
@@ -239,8 +245,7 @@ static int ibpb_enabled_handler(struct ctl_table *table, int write,
  if (error)
  return error;
 
- set_ibpb_enabled(__ibpb_enabled);
- return 0;
+ return set_ibpb_enabled(__ibpb_enabled);
 }
 
 unsigned int ibrs_enabled = 0;
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Trusty][PATCH 2/3] UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling (v2)

Juerg Haefliger
In reply to this post by Juerg Haefliger
Cleanup the code to match Xenial. Functional changes introduced:
  - Return an error when someone tries to enable IBRS via procfs on HW that
    doesn't have IBRS support.
  - Write every IBRS state change to the kernel log.
  - Add an IBRS state entry to
    /sys/devices/system/cpu/vulnerabilities/spectre_v2.

CVE-2017-5715

Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/include/asm/nospec-branch.h |  6 +++---
 arch/x86/include/asm/spec_ctrl.h     |  3 +++
 arch/x86/kernel/acpi/cstate.c        |  4 ++--
 arch/x86/kernel/cpu/bugs.c           | 24 +++++++++++----------
 arch/x86/kernel/process.c            |  6 +++---
 arch/x86/kernel/smpboot.c            |  4 ++--
 kernel/sysctl.c                      | 32 +++++++++++++++++-----------
 7 files changed, 45 insertions(+), 34 deletions(-)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 3cc7e65fbb3a..4049dd47a444 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -196,7 +196,7 @@ int set_ibpb_enabled(unsigned int);
 
 /* The IBRS runtime control knob */
 extern unsigned int ibrs_enabled;
-void ibrs_enable(void);
+int set_ibrs_enabled(unsigned int);
 
 /* The Spectre V2 mitigation variants */
 enum spectre_v2_mitigation {
@@ -266,7 +266,7 @@ do { \
  preempt_enable(); \
 } while (0)
 
-#define restricted_branch_speculation_on() \
+#define ubuntu_restrict_branch_speculation_start() \
 do { \
  u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS; \
  \
@@ -274,7 +274,7 @@ do { \
  native_wrmsrl(MSR_IA32_SPEC_CTRL, val); \
 } while (0)
 
-#define restricted_branch_speculation_off() \
+#define ubuntu_restrict_branch_speculation_end() \
 do { \
  u64 val = x86_spec_ctrl_base; \
  \
diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h
index e603ee905bab..b4d6ffae202c 100644
--- a/arch/x86/include/asm/spec_ctrl.h
+++ b/arch/x86/include/asm/spec_ctrl.h
@@ -21,11 +21,13 @@
  popq %rdx; \
  popq %rcx; \
  popq %rax
+
 #define __ASM_ENABLE_IBRS_CLOBBER \
  movl $MSR_IA32_SPEC_CTRL, %ecx; \
  movl $0, %edx; \
  movl $SPEC_CTRL_IBRS, %eax; \
  wrmsr;
+
 #define __ASM_DISABLE_IBRS \
  pushq %rax; \
  pushq %rcx; \
@@ -37,6 +39,7 @@
  popq %rdx; \
  popq %rcx; \
  popq %rax
+
 #define __ASM_STUFF_RSB \
  call 1f; \
  pause; \
diff --git a/arch/x86/kernel/acpi/cstate.c b/arch/x86/kernel/acpi/cstate.c
index f11345902f20..dc9443dea8c8 100644
--- a/arch/x86/kernel/acpi/cstate.c
+++ b/arch/x86/kernel/acpi/cstate.c
@@ -167,14 +167,14 @@ void mwait_idle_with_hints(unsigned long ax, unsigned long cx)
  if (this_cpu_has(X86_FEATURE_CLFLUSH_MONITOR))
  clflush((void *)&current_thread_info()->flags);
 
- restricted_branch_speculation_off();
+ ubuntu_restrict_branch_speculation_end();
 
  __monitor((void *)&current_thread_info()->flags, 0, 0);
  smp_mb();
  if (!need_resched())
  __mwait(ax, cx);
 
- restricted_branch_speculation_on();
+ ubuntu_restrict_branch_speculation_start();
  }
 }
 
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index b4a0a26efc0d..c86a805557fc 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -450,16 +450,17 @@ retpoline_auto:
  setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW);
  pr_info("Enabling Restricted Speculation for firmware calls\n");
 
- /*
- * Enable IBRS support if it's not turned off on the
- * commandline and we don't have full retpoline mode
- */
- if (!noibrs && mode != SPECTRE_V2_RETPOLINE_AMD &&
-    mode != SPECTRE_V2_RETPOLINE_GENERIC)
- ibrs_enable();
-
- pr_info("%s Indirect Banch Restricted Speculation\n",
- ibrs_enabled ? "Enabling" : "Disabling");
+ if (noibrs ||
+    mode == SPECTRE_V2_RETPOLINE_GENERIC ||
+    mode == SPECTRE_V2_RETPOLINE_AMD) {
+ /*
+ * IBRS disabled via commandline or the kernel is
+ * retpoline compiled
+ */
+ set_ibrs_enabled(0);
+ } else {
+ set_ibrs_enabled(1);
+ }
  }
 
  /*
@@ -874,8 +875,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
  return sprintf(buf, "Mitigation: __user pointer sanitization\n");
 
  case X86_BUG_SPECTRE_V2:
- return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
+ return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
        ibpb_enabled ? ", IBPB" : "",
+       ibrs_enabled == 2 ? ", IBRS (user space)" : ibrs_enabled ? ", IBRS" : "",
        boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "");
 
  case X86_BUG_SPEC_STORE_BYPASS:
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index c7e291dbc1e3..d7302c788d15 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -583,15 +583,15 @@ static void mwait_idle(void)
  mb();
  }
 
- restricted_branch_speculation_off();
+ ubuntu_restrict_branch_speculation_end();
 
  __monitor((void *)&current_thread_info()->flags, 0, 0);
 
  if (!need_resched()) {
  __sti_mwait(0, 0);
- restricted_branch_speculation_on();
+ ubuntu_restrict_branch_speculation_start();
  } else {
- restricted_branch_speculation_on();
+ ubuntu_restrict_branch_speculation_start();
  local_irq_enable();
  }
 
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 57a339630449..21204d161a6e 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -1625,13 +1625,13 @@ void native_play_dead(void)
  play_dead_common();
  tboot_shutdown(TB_SHUTDOWN_WFS);
 
- restricted_branch_speculation_off();
+ ubuntu_restrict_branch_speculation_end();
 
  mwait_play_dead(); /* Only returns on failure */
  if (cpuidle_play_dead())
  hlt_play_dead();
 
- restricted_branch_speculation_on();
+ ubuntu_restrict_branch_speculation_start();
 }
 
 #else /* ... !CONFIG_HOTPLUG_CPU */
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 9d3084581410..60e96b6e809d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -249,61 +249,67 @@ static int ibpb_enabled_handler(struct ctl_table *table, int write,
 }
 
 unsigned int ibrs_enabled = 0;
-EXPORT_SYMBOL(ibrs_enabled);
+EXPORT_SYMBOL(ibrs_enabled);   /* Required in some modules */
 
 static unsigned int __ibrs_enabled = 0;   /* procfs shadow variable */
 
-static void set_ibrs_enabled(unsigned int val)
+int set_ibrs_enabled(unsigned int val)
 {
+ int error = 0;
  unsigned int cpu;
 
  mutex_lock(&spec_ctrl_mutex);
 
  /* Only enable/disable IBRS if the CPU supports it */
- if (boot_cpu_has(X86_FEATURE_USE_IBRS_FW)) {
+ if (boot_cpu_has(X86_FEATURE_IBRS)) {
  ibrs_enabled = val;
+ pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect "
+ "Branch Restricted Speculation%s\n",
+ ibrs_enabled ? "Enabling" : "Disabling",
+ ibrs_enabled == 2 ? " (user space)" : "");
+
  if (ibrs_enabled == 0) {
  /* Always disable IBRS */
  u64 val = x86_spec_ctrl_base;
 
- for_each_online_cpu(cpu)
+ for_each_online_cpu(cpu) {
  wrmsrl_on_cpu(cpu, MSR_IA32_SPEC_CTRL, val);
+ }
  } else if (ibrs_enabled == 2) {
  /* Always enable IBRS, even in user space */
  u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS;
 
- for_each_online_cpu(cpu)
+ for_each_online_cpu(cpu) {
  wrmsrl_on_cpu(cpu, MSR_IA32_SPEC_CTRL, val);
+ }
  }
  } else {
  ibrs_enabled = 0;
+ if (val) {
+ /* IBRS is not supported but we try to turn it on */
+ error = -EINVAL;
+ }
  }
 
  /* Update the shadow variable */
  __ibrs_enabled = ibrs_enabled;
 
  mutex_unlock(&spec_ctrl_mutex);
-}
 
-inline void ibrs_enable(void)
-{
- set_ibrs_enabled(1);
+ return error;
 }
-EXPORT_SYMBOL(ibrs_enable);
 
 static int ibrs_enabled_handler(struct ctl_table *table, int write,
  void __user *buffer, size_t *lenp,
  loff_t *ppos)
 {
  int error;
- unsigned int cpu;
 
  error = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
  if (error)
  return error;
 
- set_ibrs_enabled(__ibrs_enabled);
- return 0;
+ return set_ibrs_enabled(__ibrs_enabled);
 }
 #endif
 
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Trusty][PATCH 3/3] UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk

Juerg Haefliger
In reply to this post by Juerg Haefliger
Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to
match upstream. No functional changes.

CVE-2017-5715

Signed-off-by: Juerg Haefliger <[hidden email]>
---
 arch/x86/kernel/cpu/bugs.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index c86a805557fc..4a8b8fedffe1 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -428,6 +428,17 @@ retpoline_auto:
  spectre_v2_enabled = mode;
  pr_info("%s\n", spectre_v2_strings[mode]);
 
+ /*
+ * If spectre v2 protection has been enabled, unconditionally fill
+ * RSB during a context switch; this protects against two independent
+ * issues:
+ *
+ * - RSB underflow (and switch to BTB) on Skylake+
+ * - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs
+ */
+ setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
+ pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
+
  /*
  * Initialize Indirect Branch Prediction Barrier if supported and not
  * disabled on the commandline
@@ -462,17 +473,6 @@ retpoline_auto:
  set_ibrs_enabled(1);
  }
  }
-
- /*
- * If spectre v2 protection has been enabled, unconditionally fill
- * RSB during a context switch; this protects against two independent
- * issues:
- *
- * - RSB underflow (and switch to BTB) on Skylake+
- * - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs
- */
- setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
- pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
 }
 
 #undef pr_fmt
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU][Trusty][PATCH] UBUNTU: SAUCE: x86/speculation: Only report IBPB/IBRS state changes

Juerg Haefliger
In reply to this post by Juerg Haefliger
Only print the IBPB/IBRS state to the log if it actually changes. Otherwise
the log is polluted everytime the procfs file is read from.

Signed-off-by: Juerg Haefliger <[hidden email]>
---
 kernel/sysctl.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 60e96b6e809d..a9380bfdc647 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -210,15 +210,17 @@ static unsigned int __ibpb_enabled = 0;   /* procfs shadow variable */
 int set_ibpb_enabled(unsigned int val)
 {
  int error = 0;
+ unsigned int prev = ibpb_enabled;
 
  mutex_lock(&spec_ctrl_mutex);
 
  /* Only enable IBPB if the CPU supports it */
  if (boot_cpu_has(X86_FEATURE_IBPB)) {
  ibpb_enabled = val;
- pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect "
- "Branch Prediction Barrier\n",
- ibpb_enabled ? "Enabling" : "Disabling");
+ if (ibpb_enabled != prev)
+ pr_info("Spectre V2 : Spectre v2 mitigation: %s "
+ "Indirect Branch Prediction Barrier\n",
+ ibpb_enabled ? "Enabling" : "Disabling");
  } else {
  ibpb_enabled = 0;
  if (val) {
@@ -257,16 +259,18 @@ int set_ibrs_enabled(unsigned int val)
 {
  int error = 0;
  unsigned int cpu;
+ unsigned int prev = ibrs_enabled;
 
  mutex_lock(&spec_ctrl_mutex);
 
  /* Only enable/disable IBRS if the CPU supports it */
  if (boot_cpu_has(X86_FEATURE_IBRS)) {
  ibrs_enabled = val;
- pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect "
- "Branch Restricted Speculation%s\n",
- ibrs_enabled ? "Enabling" : "Disabling",
- ibrs_enabled == 2 ? " (user space)" : "");
+ if (ibrs_enabled != prev)
+ pr_info("Spectre V2 : Spectre v2 mitigation: %s "
+ "Indirect Branch Restricted Speculation%s\n",
+ ibrs_enabled ? "Enabling" : "Disabling",
+ ibrs_enabled == 2 ? " (user space)" : "");
 
  if (ibrs_enabled == 0) {
  /* Always disable IBRS */
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [SRU][Trusty][PATCH] UBUNTU: SAUCE: x86/speculation: Only report IBPB/IBRS state changes

Juerg Haefliger
This should be applied after the series. Sorry, it's missing the CVE
line :-(

...Juerg

On Tue, 27 Nov 2018 10:28:08 +0100
Juerg Haefliger <[hidden email]> wrote:

> Only print the IBPB/IBRS state to the log if it actually changes.
> Otherwise the log is polluted everytime the procfs file is read from.

CVE-2017-5715
 

> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>  kernel/sysctl.c | 18 +++++++++++-------
>  1 file changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 60e96b6e809d..a9380bfdc647 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -210,15 +210,17 @@ static unsigned int __ibpb_enabled = 0;   /*
> procfs shadow variable */ int set_ibpb_enabled(unsigned int val)
>  {
>   int error = 0;
> + unsigned int prev = ibpb_enabled;
>  
>   mutex_lock(&spec_ctrl_mutex);
>  
>   /* Only enable IBPB if the CPU supports it */
>   if (boot_cpu_has(X86_FEATURE_IBPB)) {
>   ibpb_enabled = val;
> - pr_info("Spectre V2 : Spectre v2 mitigation: %s
> Indirect "
> - "Branch Prediction Barrier\n",
> - ibpb_enabled ? "Enabling" : "Disabling");
> + if (ibpb_enabled != prev)
> + pr_info("Spectre V2 : Spectre v2 mitigation:
> %s "
> + "Indirect Branch Prediction
> Barrier\n",
> + ibpb_enabled ? "Enabling" :
> "Disabling"); } else {
>   ibpb_enabled = 0;
>   if (val) {
> @@ -257,16 +259,18 @@ int set_ibrs_enabled(unsigned int val)
>  {
>   int error = 0;
>   unsigned int cpu;
> + unsigned int prev = ibrs_enabled;
>  
>   mutex_lock(&spec_ctrl_mutex);
>  
>   /* Only enable/disable IBRS if the CPU supports it */
>   if (boot_cpu_has(X86_FEATURE_IBRS)) {
>   ibrs_enabled = val;
> - pr_info("Spectre V2 : Spectre v2 mitigation: %s
> Indirect "
> - "Branch Restricted Speculation%s\n",
> - ibrs_enabled ? "Enabling" : "Disabling",
> - ibrs_enabled == 2 ? " (user space)" : "");
> + if (ibrs_enabled != prev)
> + pr_info("Spectre V2 : Spectre v2 mitigation:
> %s "
> + "Indirect Branch Restricted
> Speculation%s\n",
> + ibrs_enabled ? "Enabling" :
> "Disabling",
> + ibrs_enabled == 2 ? " (user
> space)" : "");
>   if (ibrs_enabled == 0) {
>   /* Always disable IBRS */

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

attachment0 (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

ACK/cmt: [SRU][Trusty][PATCH] UBUNTU: SAUCE: x86/speculation: Only report IBPB/IBRS state changes

Colin Ian King-2
In reply to this post by Juerg Haefliger
On 27/11/2018 09:28, Juerg Haefliger wrote:

> Only print the IBPB/IBRS state to the log if it actually changes. Otherwise
> the log is polluted everytime the procfs file is read from.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
> ---
>  kernel/sysctl.c | 18 +++++++++++-------
>  1 file changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 60e96b6e809d..a9380bfdc647 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -210,15 +210,17 @@ static unsigned int __ibpb_enabled = 0;   /* procfs shadow variable */
>  int set_ibpb_enabled(unsigned int val)
>  {
>   int error = 0;
> + unsigned int prev = ibpb_enabled;
>  
>   mutex_lock(&spec_ctrl_mutex);
>  
>   /* Only enable IBPB if the CPU supports it */
>   if (boot_cpu_has(X86_FEATURE_IBPB)) {
>   ibpb_enabled = val;
> - pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect "
> - "Branch Prediction Barrier\n",
> - ibpb_enabled ? "Enabling" : "Disabling");
> + if (ibpb_enabled != prev)
> + pr_info("Spectre V2 : Spectre v2 mitigation: %s "
> + "Indirect Branch Prediction Barrier\n",
> + ibpb_enabled ? "Enabling" : "Disabling");
>   } else {
>   ibpb_enabled = 0;
>   if (val) {
> @@ -257,16 +259,18 @@ int set_ibrs_enabled(unsigned int val)
>  {
>   int error = 0;
>   unsigned int cpu;
> + unsigned int prev = ibrs_enabled;
>  
>   mutex_lock(&spec_ctrl_mutex);
>  
>   /* Only enable/disable IBRS if the CPU supports it */
>   if (boot_cpu_has(X86_FEATURE_IBRS)) {
>   ibrs_enabled = val;
> - pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect "
> - "Branch Restricted Speculation%s\n",
> - ibrs_enabled ? "Enabling" : "Disabling",
> - ibrs_enabled == 2 ? " (user space)" : "");
> + if (ibrs_enabled != prev)
> + pr_info("Spectre V2 : Spectre v2 mitigation: %s "
> + "Indirect Branch Restricted Speculation%s\n",
> + ibrs_enabled ? "Enabling" : "Disabling",
> + ibrs_enabled == 2 ? " (user space)" : "");
>  
>   if (ibrs_enabled == 0) {
>   /* Always disable IBRS */
>

+ missing CVE-2017-5715

Acked-by: Colin Ian King <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK/cmnt: [SRU][Trusty][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

Kleber Souza
In reply to this post by Juerg Haefliger
On 11/21/18 6:31 PM, Juerg Haefliger wrote:

> This is the second round of IBPB/IBRS runtime control cleanups for Trusty.
> With this, Trusty matches Xenial. The introduced fuctional changes are:
>  - Write every IBPB and IBRS state change to the kernel log.
>  - Return an error if the user tries to enable IBRS or IBPB on HW that
>    doesn't support it.
>  - Expose the IBRS state through sysfs.
>
> Compile-tested all architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
>
>
> Juerg Haefliger (3):
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
>
>  arch/x86/include/asm/nospec-branch.h | 12 +++--
>  arch/x86/include/asm/spec_ctrl.h     |  3 ++
>  arch/x86/kernel/acpi/cstate.c        |  4 +-
>  arch/x86/kernel/cpu/bugs.c           | 69 ++++++++++++++--------------
>  arch/x86/kernel/process.c            |  6 +--
>  arch/x86/kernel/smpboot.c            |  4 +-
>  kernel/sysctl.c                      | 61 ++++++++++++++----------
>  7 files changed, 88 insertions(+), 71 deletions(-)
>
With the fixed CVE reference fixed on the last patch:

Acked-by: Kleber Sacilotto de Souza <[hidden email]>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[Acked] [SRU][Trusty][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

Andy Whitcroft-3
In reply to this post by Juerg Haefliger
On Wed, Nov 21, 2018 at 06:31:10PM +0100, Juerg Haefliger wrote:

> This is the second round of IBPB/IBRS runtime control cleanups for Trusty.
> With this, Trusty matches Xenial. The introduced fuctional changes are:
>  - Write every IBPB and IBRS state change to the kernel log.
>  - Return an error if the user tries to enable IBRS or IBPB on HW that
>    doesn't support it.
>  - Expose the IBRS state through sysfs.
>
> Compile-tested all architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
>
>
> Juerg Haefliger (3):
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
>
>  arch/x86/include/asm/nospec-branch.h | 12 +++--
>  arch/x86/include/asm/spec_ctrl.h     |  3 ++
>  arch/x86/kernel/acpi/cstate.c        |  4 +-
>  arch/x86/kernel/cpu/bugs.c           | 69 ++++++++++++++--------------
>  arch/x86/kernel/process.c            |  6 +--
>  arch/x86/kernel/smpboot.c            |  4 +-
>  kernel/sysctl.c                      | 61 ++++++++++++++----------
>  7 files changed, 88 insertions(+), 71 deletions(-)

Again I assume we can test this for semantic correctness once applied.
What we are trying to do is sane.

Acked-by: Andy Whitcroft <[hidden email]>

I assume we are not going to livepatch this.

-apw

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK/CMNT: [SRU][Trusty][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

Tyler Hicks-2
In reply to this post by Juerg Haefliger
On 2018-11-21 18:31:10, Juerg Haefliger wrote:

> This is the second round of IBPB/IBRS runtime control cleanups for Trusty.
> With this, Trusty matches Xenial. The introduced fuctional changes are:
>  - Write every IBPB and IBRS state change to the kernel log.
>  - Return an error if the user tries to enable IBRS or IBPB on HW that
>    doesn't support it.
>  - Expose the IBRS state through sysfs.
>
> Compile-tested all architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
>
>
> Juerg Haefliger (3):
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
>
>  arch/x86/include/asm/nospec-branch.h | 12 +++--
>  arch/x86/include/asm/spec_ctrl.h     |  3 ++
>  arch/x86/kernel/acpi/cstate.c        |  4 +-
>  arch/x86/kernel/cpu/bugs.c           | 69 ++++++++++++++--------------
>  arch/x86/kernel/process.c            |  6 +--
>  arch/x86/kernel/smpboot.c            |  4 +-
>  kernel/sysctl.c                      | 61 ++++++++++++++----------
>  7 files changed, 88 insertions(+), 71 deletions(-)
>
> --
With the same log message adjustment that I asked for in the Xenial
patch set, this gets my ack. This set was a lot more straightforward
than the Xenial set...

Acked-by: Tyler Hicks <[hidden email]>

Tyler

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

NACK: [SRU][Trusty][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

Juerg Haefliger
In reply to this post by Juerg Haefliger
This needs more work.

...Juerg


On Wed, 21 Nov 2018 18:31:10 +0100
Juerg Haefliger <[hidden email]> wrote:

> This is the second round of IBPB/IBRS runtime control cleanups for Trusty.
> With this, Trusty matches Xenial. The introduced fuctional changes are:
>  - Write every IBPB and IBRS state change to the kernel log.
>  - Return an error if the user tries to enable IBRS or IBPB on HW that
>    doesn't support it.
>  - Expose the IBRS state through sysfs.
>
> Compile-tested all architectures.
>
> Signed-off-by: Juerg Haefliger <[hidden email]>
>
>
> Juerg Haefliger (3):
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
>     (v2)
>   UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
>
>  arch/x86/include/asm/nospec-branch.h | 12 +++--
>  arch/x86/include/asm/spec_ctrl.h     |  3 ++
>  arch/x86/kernel/acpi/cstate.c        |  4 +-
>  arch/x86/kernel/cpu/bugs.c           | 69 ++++++++++++++--------------
>  arch/x86/kernel/process.c            |  6 +--
>  arch/x86/kernel/smpboot.c            |  4 +-
>  kernel/sysctl.c                      | 61 ++++++++++++++----------
>  7 files changed, 88 insertions(+), 71 deletions(-)
>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

attachment0 (849 bytes) Download Attachment