This is a note to let you know that I've just added the patch titled
x86/speculation: Disable STIBP when enhanced IBRS is in use
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86speculation_Disable_STIBP_when_enhanced_IBRS_is_in_use.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
Subject: x86/speculation: Disable STIBP when enhanced IBRS is in use
From: Tim Chen tim.c.chen@xxxxxxxxxxxxxxx
Date: Sun Nov 25 19:33:33 2018 +0100
From: Tim Chen tim.c.chen@xxxxxxxxxxxxxxx
commit 34bce7c9690b1d897686aac89604ba7adc365556 upstream
If enhanced IBRS is active, STIBP is redundant for mitigating Spectre v2
user space exploits from hyperthread sibling.
Disable STIBP when enhanced IBRS is used.
Signed-off-by: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Reviewed-by: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Jiri Kosina <jkosina@xxxxxxx>
Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
Cc: David Woodhouse <dwmw@xxxxxxxxxxxx>
Cc: Andi Kleen <ak@xxxxxxxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Casey Schaufler <casey.schaufler@xxxxxxxxx>
Cc: Asit Mallick <asit.k.mallick@xxxxxxxxx>
Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
Cc: Jon Masters <jcm@xxxxxxxxxx>
Cc: Waiman Long <longman9394@xxxxxxxxx>
Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Dave Stewart <david.c.stewart@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Link: https://lkml.kernel.org/r/20181125185003.966801480@xxxxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -319,6 +319,10 @@ static bool stibp_needed(void)
if (spectre_v2_enabled == SPECTRE_V2_NONE)
return false;
+ /* Enhanced IBRS makes using STIBP unnecessary. */
+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+ return false;
+
if (!boot_cpu_has(X86_FEATURE_STIBP))
return false;
@@ -843,6 +847,9 @@ static ssize_t l1tf_show_state(char *buf
static char *stibp_state(void)
{
+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+ return "";
+
if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
return ", STIBP";
else
Patches currently in stable-queue which might be from tim.c.chen@xxxxxxxxxxxxxxx are
queue-4.14/x86speculation_Prepare_for_conditional_IBPB_in_switch_mm.patch
queue-4.14/x86speculation_Rework_SMT_state_change.patch
queue-4.14/x86Kconfig_Select_SCHED_SMT_if_SMP_enabled.patch
queue-4.14/x86speculation_Move_STIPBIBPB_string_conditionals_out_of_cpu_show_common().patch
queue-4.14/x86speculation_Propagate_information_about_RSB_filling_mitigation_to_sysfs.patch
queue-4.14/x86speculation_Prepare_arch_smt_update_for_PRCTL_mode.patch
queue-4.14/x86speculation_Enable_cross-hyperthread_spectre_v2_STIBP_mitigation.patch
queue-4.14/x86speculation_Prevent_stale_SPEC_CTRL_msr_content.patch
queue-4.14/ptrace_Remove_unused_ptrace_may_access_sched_and_MODE_IBRS.patch
queue-4.14/x86speculation_Mark_string_arrays_const_correctly.patch
queue-4.14/x86process_Consolidate_and_simplify_switch_to_xtra_code.patch
queue-4.14/x86speculation_Apply_IBPB_more_strictly_to_avoid_cross-process_data_leak.patch
queue-4.14/x86speculation_Enable_prctl_mode_for_spectre_v2_user.patch
queue-4.14/x86speculation_Rename_SSBD_update_functions.patch
queue-4.14/x86speculation_Add_command_line_control_for_indirect_branch_speculation.patch
queue-4.14/x86l1tf_Show_actual_SMT_state.patch
queue-4.14/x86speculation_Split_out_TIF_update.patch
queue-4.14/schedsmt_Make_sched_smt_present_track_topology.patch
queue-4.14/schedsmt_Expose_sched_smt_present_static_key.patch
queue-4.14/x86speculation_Reorder_the_spec_v2_code.patch
queue-4.14/x86speculation_Add_prctl()_control_for_indirect_branch_speculation.patch
queue-4.14/x86speculation_Provide_IBPB_always_command_line_options.patch
queue-4.14/x86speculation_Prepare_for_per_task_indirect_branch_speculation_control.patch
queue-4.14/x86speculataion_Mark_command_line_parser_data___initdata.patch
queue-4.14/x86speculation_Disable_STIBP_when_enhanced_IBRS_is_in_use.patch
queue-4.14/x86speculation_Reorganize_speculation_control_MSRs_update.patch
queue-4.14/x86speculation_Clean_up_spectre_v2_parse_cmdline().patch
queue-4.14/x86speculation_Update_the_TIF_SSBD_comment.patch
queue-4.14/x86speculation_Add_seccomp_Spectre_v2_user_space_protection_mode.patch
queue-4.14/x86speculation_Unify_conditional_spectre_v2_print_functions.patch
queue-4.14/x86speculation_Avoid___switch_to_xtra_calls.patch
queue-4.14/x86speculation_Remove_unnecessary_ret_variable_in_cpu_show_common().patch
