Patch "x86: Add straight-line-speculation mitigation" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    x86: Add straight-line-speculation mitigation

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-add-straight-line-speculation-mitigation.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Tue Jul 12 05:07:35 PM CEST 2022
From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Date: Sat, 4 Dec 2021 14:43:44 +0100
Subject: x86: Add straight-line-speculation mitigation

From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>

commit e463a09af2f0677b9485a7e8e4e70b396b2ffb6f upstream.

Make use of an upcoming GCC feature to mitigate
straight-line-speculation for x86:

  https://gcc.gnu.org/g:53a643f8568067d7700a9f2facc8ba39974973d3
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102952
  https://bugs.llvm.org/show_bug.cgi?id=52323

It's built tested on x86_64-allyesconfig using GCC-12 and GCC-11.

Maintenance overhead of this should be fairly low due to objtool
validation.

Size overhead of all these additional int3 instructions comes to:

     text	   data	    bss	    dec	    hex	filename
  22267751	6933356	2011368	31212475	1dc43bb	defconfig-build/vmlinux
  22804126	6933356	1470696	31208178	1dc32f2	defconfig-build/vmlinux.sls

Or roughly 2.4% additional text.

Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Signed-off-by: Borislav Petkov <bp@xxxxxxx>
Link: https://lore.kernel.org/r/20211204134908.140103474@xxxxxxxxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[bwh: Backported to 5.10:
 - In scripts/Makefile.build, add the objtool option with an ifdef
   block, same as for other options
 - Adjust context]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/x86/Kconfig                   |   12 ++++++++++++
 arch/x86/Makefile                  |    6 +++++-
 arch/x86/include/asm/linkage.h     |   10 ++++++++++
 arch/x86/include/asm/static_call.h |    2 +-
 arch/x86/kernel/ftrace.c           |    2 +-
 arch/x86/kernel/static_call.c      |    5 +++--
 arch/x86/lib/memmove_64.S          |    2 +-
 arch/x86/lib/retpoline.S           |    2 +-
 scripts/Makefile.build             |    3 +++
 scripts/link-vmlinux.sh            |    3 +++
 10 files changed, 40 insertions(+), 7 deletions(-)

--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -462,6 +462,18 @@ config RETPOLINE
 	  branches. Requires a compiler with -mindirect-branch=thunk-extern
 	  support for full protection. The kernel may run slower.
 
+config CC_HAS_SLS
+	def_bool $(cc-option,-mharden-sls=all)
+
+config SLS
+	bool "Mitigate Straight-Line-Speculation"
+	depends on CC_HAS_SLS && X86_64
+	default n
+	help
+	  Compile the kernel with straight-line-speculation options to guard
+	  against straight line speculation. The kernel image might be slightly
+	  larger.
+
 config X86_CPU_RESCTRL
 	bool "x86 CPU resource control support"
 	depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD)
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -196,7 +196,11 @@ ifdef CONFIG_RETPOLINE
   endif
 endif
 
-KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE)
+ifdef CONFIG_SLS
+  KBUILD_CFLAGS += -mharden-sls=all
+endif
+
+KBUILD_LDFLAGS += -m elf_$(UTS_MACHINE)
 
 ifdef CONFIG_X86_NEED_RELOCS
 LDFLAGS_vmlinux := --emit-relocs --discard-none
--- a/arch/x86/include/asm/linkage.h
+++ b/arch/x86/include/asm/linkage.h
@@ -18,9 +18,19 @@
 #define __ALIGN_STR	__stringify(__ALIGN)
 #endif
 
+#ifdef CONFIG_SLS
+#define RET	ret; int3
+#else
+#define RET	ret
+#endif
+
 #else /* __ASSEMBLY__ */
 
+#ifdef CONFIG_SLS
+#define ASM_RET	"ret; int3\n\t"
+#else
 #define ASM_RET	"ret\n\t"
+#endif
 
 #endif /* __ASSEMBLY__ */
 
--- a/arch/x86/include/asm/static_call.h
+++ b/arch/x86/include/asm/static_call.h
@@ -35,7 +35,7 @@
 	__ARCH_DEFINE_STATIC_CALL_TRAMP(name, ".byte 0xe9; .long " #func " - (. + 4)")
 
 #define ARCH_DEFINE_STATIC_CALL_NULL_TRAMP(name)			\
-	__ARCH_DEFINE_STATIC_CALL_TRAMP(name, "ret; nop; nop; nop; nop")
+	__ARCH_DEFINE_STATIC_CALL_TRAMP(name, "ret; int3; nop; nop; nop")
 
 
 #define ARCH_ADD_TRAMP_KEY(name)					\
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -308,7 +308,7 @@ union ftrace_op_code_union {
 	} __attribute__((packed));
 };
 
-#define RET_SIZE		1
+#define RET_SIZE		1 + IS_ENABLED(CONFIG_SLS)
 
 static unsigned long
 create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
--- a/arch/x86/kernel/static_call.c
+++ b/arch/x86/kernel/static_call.c
@@ -11,6 +11,8 @@ enum insn_type {
 	RET = 3,  /* tramp / site cond-tail-call */
 };
 
+static const u8 retinsn[] = { RET_INSN_OPCODE, 0xcc, 0xcc, 0xcc, 0xcc };
+
 static void __ref __static_call_transform(void *insn, enum insn_type type, void *func)
 {
 	int size = CALL_INSN_SIZE;
@@ -30,8 +32,7 @@ static void __ref __static_call_transfor
 		break;
 
 	case RET:
-		code = text_gen_insn(RET_INSN_OPCODE, insn, func);
-		size = RET_INSN_SIZE;
+		code = &retinsn;
 		break;
 	}
 
--- a/arch/x86/lib/memmove_64.S
+++ b/arch/x86/lib/memmove_64.S
@@ -40,7 +40,7 @@ SYM_FUNC_START(__memmove)
 	/* FSRM implies ERMS => no length checks, do the copy directly */
 .Lmemmove_begin_forward:
 	ALTERNATIVE "cmp $0x20, %rdx; jb 1f", "", X86_FEATURE_FSRM
-	ALTERNATIVE "", "movq %rdx, %rcx; rep movsb; RET", X86_FEATURE_ERMS
+	ALTERNATIVE "", __stringify(movq %rdx, %rcx; rep movsb; RET), X86_FEATURE_ERMS
 
 	/*
 	 * movsq instruction have many startup latency
--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -34,7 +34,7 @@ SYM_INNER_LABEL(__x86_indirect_thunk_\re
 
 	ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; jmp *%\reg), \
 		      __stringify(RETPOLINE \reg), X86_FEATURE_RETPOLINE, \
-		      __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *%\reg), X86_FEATURE_RETPOLINE_LFENCE
+		      __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *%\reg; int3), X86_FEATURE_RETPOLINE_LFENCE
 
 .endm
 
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -230,6 +230,9 @@ endif
 ifdef CONFIG_X86_SMAP
   objtool_args += --uaccess
 endif
+ifdef CONFIG_SLS
+  objtool_args += --sls
+endif
 
 # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory
 # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -77,6 +77,9 @@ objtool_link()
 		if [ -n "${CONFIG_X86_SMAP}" ]; then
 			objtoolopt="${objtoolopt} --uaccess"
 		fi
+		if [ -n "${CONFIG_SLS}" ]; then
+			objtoolopt="${objtoolopt} --sls"
+		fi
 		info OBJTOOL ${1}
 		tools/objtool/objtool ${objtoolopt} ${1}
 	fi


Patches currently in stable-queue which might be from peterz@xxxxxxxxxxxxx are

queue-5.10/objtool-cache-instruction-relocs.patch
queue-5.10/x86-sev-avoid-using-__x86_return_thunk.patch
queue-5.10/objtool-add-elf_create_undef_symbol.patch
queue-5.10/x86-ftrace-use-alternative-ret-encoding.patch
queue-5.10/objtool-re-add-unwind_hint_-save_restore.patch
queue-5.10/x86-bugs-add-retbleed-ibpb.patch
queue-5.10/x86-bugs-enable-stibp-for-jmp2ret.patch
queue-5.10/x86-retpoline-cleanup-some-ifdefery.patch
queue-5.10/objtool-handle-__sanitize_cov-tail-calls.patch
queue-5.10/x86-prepare-asm-files-for-straight-line-speculation.patch
queue-5.10/kvm-vmx-flatten-__vmx_vcpu_run.patch
queue-5.10/x86-kvm-vmx-make-noinstr-clean.patch
queue-5.10/objtool-x86-replace-alternatives-with-.retpoline_sites.patch
queue-5.10/objtool-skip-magical-retpoline-.altinstr_replacement.patch
queue-5.10/x86-retbleed-add-fine-grained-kconfig-knobs.patch
queue-5.10/x86-cpu-amd-add-spectral-chicken.patch
queue-5.10/objtool-add-straight-line-speculation-validation.patch
queue-5.10/kvm-vmx-fix-ibrs-handling-after-vmexit.patch
queue-5.10/kvm-vmx-prevent-guest-rsb-poisoning-attacks-with-eibrs.patch
queue-5.10/x86-vsyscall_emu-64-don-t-use-ret-in-vsyscall-emulation.patch
queue-5.10/tools-arch-update-arch-x86-lib-mem-cpy-set-_64.s-copies-used-in-perf-bench-mem-memcpy.patch
queue-5.10/x86-add-straight-line-speculation-mitigation.patch
queue-5.10/x86-add-magic-amd-return-thunk.patch
queue-5.10/x86-bugs-keep-a-per-cpu-ia32_spec_ctrl-value.patch
queue-5.10/x86-alternatives-optimize-optimize_nops.patch
queue-5.10/x86-objtool-create-.return_sites.patch
queue-5.10/crypto-x86-poly1305-fixup-sls.patch
queue-5.10/x86-alternative-handle-jcc-__x86_indirect_thunk_-reg.patch
queue-5.10/x86-kvm-fix-setcc-emulation-for-return-thunks.patch
queue-5.10/objtool-fix-objtool-regression-on-x32-systems.patch
queue-5.10/x86-alternative-relax-text_poke_bp-constraint.patch
queue-5.10/x86-retpoline-swizzle-retpoline-thunk.patch
queue-5.10/objtool-rework-the-elf_rebuild_reloc_section-logic.patch
queue-5.10/x86-speculation-fix-firmware-entry-spec_ctrl-handling.patch
queue-5.10/x86-retpoline-remove-unused-replacement-symbols.patch
queue-5.10/objtool-fix-symbol-creation.patch
queue-5.10/x86-speculation-add-spectre_v2-ibrs-option-to-support-kernel-ibrs.patch
queue-5.10/bpf-x86-respect-x86_feature_retpoline.patch
queue-5.10/objtool-fix-type-of-reloc-addend.patch
queue-5.10/objtool-x86-rewrite-retpoline-thunk-calls.patch
queue-5.10/x86-undo-return-thunk-damage.patch
queue-5.10/x86-prepare-inline-asm-for-straight-line-speculation.patch
queue-5.10/x86-alternative-support-alternative_ternary.patch
queue-5.10/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch
queue-5.10/objtool-handle-per-arch-retpoline-naming.patch
queue-5.10/x86-retpoline-create-a-retpoline-thunk-array.patch
queue-5.10/x86-retpoline-simplify-retpolines.patch
queue-5.10/x86-asm-fix-register-order.patch
queue-5.10/x86-speculation-fill-rsb-on-vmexit-for-ibrs.patch
queue-5.10/objtool-add-entry-unret-validation.patch
queue-5.10/objtool-keep-track-of-retpoline-call-sites.patch
queue-5.10/kvm-vmx-convert-launched-argument-to-flags.patch
queue-5.10/objtool-add-elf_create_reloc-helper.patch
queue-5.10/objtool-make-.altinstructions-section-entry-size-consistent.patch
queue-5.10/x86-bpf-use-alternative-ret-encoding.patch
queue-5.10/x86-common-stamp-out-the-stepping-madness.patch
queue-5.10/x86-bugs-split-spectre_v2_select_mitigation-and-spectre_v2_user_select_mitigation.patch
queue-5.10/x86-bugs-report-intel-retbleed-vulnerability.patch
queue-5.10/bpf-x86-simplify-computing-label-offsets.patch
queue-5.10/x86-cpufeatures-move-retpoline-flags-to-word-11.patch
queue-5.10/x86-speculation-fix-spec_ctrl-write-on-smt-state-change.patch
queue-5.10/x86-retpoline-use-mfunction-return.patch
queue-5.10/x86-xen-rename-sys-entry-points.patch
queue-5.10/objtool-only-rewrite-unconditional-retpoline-thunk-calls.patch
queue-5.10/x86-bugs-optimize-spec_ctrl-msr-writes.patch
queue-5.10/x86-alternative-optimize-single-byte-nops-at-an-arbitrary-position.patch
queue-5.10/objtool-fix-code-relocs-vs-weak-symbols.patch
queue-5.10/x86-bugs-report-amd-retbleed-vulnerability.patch
queue-5.10/x86-static_call-use-alternative-ret-encoding.patch
queue-5.10/x86-speculation-fix-rsb-filling-with-config_retpoline-n.patch
queue-5.10/x86-asm-fixup-odd-gen-for-each-reg.h-usage.patch
queue-5.10/x86-alternative-add-debug-prints-to-apply_retpolines.patch
queue-5.10/objtool-extract-elf_symbol_add.patch
queue-5.10/x86-use-return-thunk-in-asm-code.patch
queue-5.10/objtool-remove-reloc-symbol-type-checks-in-get_alt_entry.patch
queue-5.10/objtool-classify-symbols.patch
queue-5.10/intel_idle-disable-ibrs-during-long-idle.patch
queue-5.10/objtool-correctly-handle-retpoline-thunk-calls.patch
queue-5.10/objtool-fix-.symtab_shndx-handling-for-elf_create_undef_symbol.patch
queue-5.10/x86-retpoline-move-the-retpoline-thunk-declarations-to-nospec-branch.h.patch
queue-5.10/objtool-support-asm-jump-tables.patch
queue-5.10/x86-alternative-implement-.retpoline_sites-support.patch
queue-5.10/objtool-x86-ignore-__x86_indirect_alt_-symbols.patch
queue-5.10/objtool-fix-sls-validation-for-kcov-tail-call-replacement.patch
queue-5.10/x86-alternative-try-inline-spectre_v2-retpoline-amd.patch
queue-5.10/x86-entry-remove-skip_r11rcx.patch
queue-5.10/objtool-explicitly-avoid-self-modifying-code-in-.altinstr_replacement.patch
queue-5.10/x86-speculation-use-cached-host-spec_ctrl-value-for-guest-entry-exit.patch
queue-5.10/x86-bugs-add-amd-retbleed-boot-parameter.patch
queue-5.10/objtool-create-reloc-sections-implicitly.patch
queue-5.10/x86-entry-add-kernel-ibrs-implementation.patch
queue-5.10/objtool-treat-.text.__x86.-as-noinstr.patch
queue-5.10/x86-lib-atomic64_386_32-rename-things.patch
queue-5.10/objtool-introduce-cfi-hash.patch
queue-5.10/objtool-default-ignore-int3-for-unreachable.patch
queue-5.10/objtool-extract-elf_strtab_concat.patch
queue-5.10/objtool-teach-get_alt_entry-about-more-relocation-types.patch
queue-5.10/objtool-update-retpoline-validation.patch



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux