git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

x86/speculation: Disable RRSBA behavior

commit 4ad3278df6fe2b0852b00d5757fc2ccd8e92c26e upstream.

Some Intel processors may use alternate predictors for RETs on
RSB-underflow. This condition may be vulnerable to Branch History
Injection (BHI) and intramode-BTI.

Kernel earlier added spectre_v2 mitigation modes (eIBRS+Retpolines,
eIBRS+LFENCE, Retpolines) which protect indirect CALLs and JMPs against
such attacks. However, on RSB-underflow, RET target prediction may
fallback to alternate predictors. As a result, RET's predicted target
may get influenced by branch history.

A new MSR_IA32_SPEC_CTRL bit (RRSBA_DIS_S) controls this fallback
behavior when in kernel mode. When set, RETs will not take predictions
from alternate predictors, hence mitigating RETs as well. Support for
this is enumerated by CPUID.7.2.EDX[RRSBA_CTRL] (bit2).

For spectre v2 mitigation, when a user selects a mitigation that
protects indirect CALLs and JMPs against BHI and intramode-BTI, set
RRSBA_DIS_S also to protect RETs for RSB-underflow case.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
[cascardo: no X86_FEATURE_INTEL_PPIN]
CVE-2022-29900
CVE-2022-29901
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
	Fri, 8 Jul 2022 20:36:09 +0000 (13:36 -0700)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Tue, 19 Jul 2022 19:20:07 +0000 (16:20 -0300)
commit	da068dd3af2db91dc85a72c7548e355f4d394dcd
tree	dc5631d2b85efec026b59ede5482792fc778a9fd	tree
parent	e31b8345491e4eeb004d437354f07b599edd7b63	commit \| diff

arch/x86/include/asm/cpufeatures.h		diff \| blob \| blame \| history
arch/x86/include/asm/msr-index.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/scattered.c		diff \| blob \| blame \| history
tools/arch/x86/include/asm/msr-index.h		diff \| blob \| blame \| history