diff options
Diffstat (limited to 'queue-6.8/x86-bugs-clarify-that-syscall-hardening-isn-t-a-bhi-mitigation.patch')
-rw-r--r-- | queue-6.8/x86-bugs-clarify-that-syscall-hardening-isn-t-a-bhi-mitigation.patch | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/queue-6.8/x86-bugs-clarify-that-syscall-hardening-isn-t-a-bhi-mitigation.patch b/queue-6.8/x86-bugs-clarify-that-syscall-hardening-isn-t-a-bhi-mitigation.patch new file mode 100644 index 0000000000..2623f26526 --- /dev/null +++ b/queue-6.8/x86-bugs-clarify-that-syscall-hardening-isn-t-a-bhi-mitigation.patch @@ -0,0 +1,82 @@ +From 5f882f3b0a8bf0788d5a0ee44b1191de5319bb8a Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf <jpoimboe@kernel.org> +Date: Wed, 10 Apr 2024 22:40:48 -0700 +Subject: x86/bugs: Clarify that syscall hardening isn't a BHI mitigation + +From: Josh Poimboeuf <jpoimboe@kernel.org> + +commit 5f882f3b0a8bf0788d5a0ee44b1191de5319bb8a upstream. + +While syscall hardening helps prevent some BHI attacks, there's still +other low-hanging fruit remaining. Don't classify it as a mitigation +and make it clear that the system may still be vulnerable if it doesn't +have a HW or SW mitigation enabled. + +Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") +Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> +Signed-off-by: Ingo Molnar <mingo@kernel.org> +Cc: Linus Torvalds <torvalds@linux-foundation.org> +Cc: Sean Christopherson <seanjc@google.com> +Link: https://lore.kernel.org/r/b5951dae3fdee7f1520d5136a27be3bdfe95f88b.1712813475.git.jpoimboe@kernel.org +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++------ + Documentation/admin-guide/kernel-parameters.txt | 3 +-- + arch/x86/kernel/cpu/bugs.c | 6 +++--- + 3 files changed, 9 insertions(+), 11 deletions(-) + +--- a/Documentation/admin-guide/hw-vuln/spectre.rst ++++ b/Documentation/admin-guide/hw-vuln/spectre.rst +@@ -441,10 +441,10 @@ The possible values in this file are: + - System is protected by BHI_DIS_S + * - BHI: SW loop, KVM SW loop + - System is protected by software clearing sequence +- * - BHI: Syscall hardening +- - Syscalls are hardened against BHI +- * - BHI: Syscall hardening, KVM: SW loop +- - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence ++ * - BHI: Vulnerable ++ - System is vulnerable to BHI ++ * - BHI: Vulnerable, KVM: SW loop ++ - System is vulnerable; KVM is protected by software clearing sequence + + Full mitigation might require a microcode update from the CPU + vendor. When the necessary microcode is not available, the kernel will +@@ -661,8 +661,7 @@ kernel command line. + spectre_bhi= + + [X86] Control mitigation of Branch History Injection +- (BHI) vulnerability. Syscalls are hardened against BHI +- regardless of this setting. This setting affects the deployment ++ (BHI) vulnerability. This setting affects the deployment + of the HW BHI control and the SW BHB clearing sequence. + + on +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -6033,8 +6033,7 @@ + See Documentation/admin-guide/laptops/sonypi.rst + + spectre_bhi= [X86] Control mitigation of Branch History Injection +- (BHI) vulnerability. Syscalls are hardened against BHI +- reglardless of this setting. This setting affects the ++ (BHI) vulnerability. This setting affects the + deployment of the HW BHI control and the SW BHB + clearing sequence. + +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -2817,10 +2817,10 @@ static const char *spectre_bhi_state(voi + return "; BHI: SW loop, KVM: SW loop"; + else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && rrsba_disabled) + return "; BHI: Retpoline"; +- else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT)) +- return "; BHI: Syscall hardening, KVM: SW loop"; ++ else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT)) ++ return "; BHI: Vulnerable, KVM: SW loop"; + +- return "; BHI: Vulnerable (Syscall hardening enabled)"; ++ return "; BHI: Vulnerable"; + } + + static ssize_t spectre_v2_show_state(char *buf) |