Lines Matching +full:i +full:- +full:leak +full:- +full:current
1 // SPDX-License-Identifier: GPL-2.0
6 * - Rafael R. Reilova (moved everything from head.S),
8 * - Channing Corn (tests & fixes),
9 * - Andrew D. Balsa (code cleanup).
20 #include <asm/spec-ctrl.h>
24 #include <asm/processor-flags.h>
53 /* The base value of the SPEC_CTRL MSR without task-specific bits set */
57 /* The current value of the SPEC_CTRL MSR with task-specific bits set */
78 * Keep track of the SPEC_CTRL MSR value for the current task, which may differ
89 * When KERNEL_IBRS this MSR is written on return-to-user, unless in update_spec_ctrl_cond()
201 * current's TIF_SSBD thread flag. in x86_virt_spec_ctrl()
206 hostval = ssbd_tif_to_spec_ctrl(ti->flags); in x86_virt_spec_ctrl()
235 /* Default mitigation for MDS-affected CPUs */
271 return -EINVAL; in mds_cmdline()
296 /* Default mitigation for TAA-affected CPUs */
371 return -EINVAL; in tsx_async_abort_parse_cmdline()
428 * mitigations, disable KVM-only mitigation in that case. in mmio_select_mitigation()
436 * If Processor-MMIO-Stale-Data bug is present and Fill Buffer data can in mmio_select_mitigation()
468 return -EINVAL; in mmio_stale_data_parse_cmdline()
520 return -EINVAL; in rfds_parse_cmdline()
593 * As these mitigations are inter-related and rely on VERW instruction in md_clear_select_mitigation()
688 return -EINVAL; in srbds_parse_cmdline()
852 return -EINVAL; in gds_parse_cmdline()
895 * Consider SMAP to be non-functional as a mitigation on these in smap_works_speculatively()
914 * path of a conditional swapgs with a user-controlled GS in spectre_v1_select_mitigation()
939 * Enable lfences in the kernel entry (non-swapgs) in spectre_v1_select_mitigation()
998 return -EINVAL; in retbleed_parse_cmdline()
1121 * software-based untraining so clear those in case some in retbleed_select_mitigation()
1200 return spectre_v2_bad_module ? " - vulnerable module loaded" : ""; in spectre_v2_module_string()
1267 [SPECTRE_V2_USER_STRICT_PREFERRED] = "User space: Mitigation: STIBP always-on protection",
1298 int ret, i; in spectre_v2_parse_user_cmdline() local
1314 for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { in spectre_v2_parse_user_cmdline()
1315 if (match_option(arg, ret, v2_user_options[i].option)) { in spectre_v2_parse_user_cmdline()
1316 spec_v2_user_print_cond(v2_user_options[i].option, in spectre_v2_parse_user_cmdline()
1317 v2_user_options[i].secure); in spectre_v2_parse_user_cmdline()
1318 return v2_user_options[i].cmd; in spectre_v2_parse_user_cmdline()
1389 "always-on" : "conditional"); in spectre_v2_user_select_mitigation()
1396 * Intel's Enhanced IBRS also protects against cross-thread branch target in spectre_v2_user_select_mitigation()
1397 * injection in user-mode as the IBRS bit remains always set which in spectre_v2_user_select_mitigation()
1398 * implicitly enables cross-thread protections. However, in legacy IBRS in spectre_v2_user_select_mitigation()
1401 * These modes therefore disable the implicit cross-thread protection, in spectre_v2_user_select_mitigation()
1412 * If STIBP support is not being forced, check if STIBP always-on in spectre_v2_user_select_mitigation()
1423 pr_info("Selecting STIBP always-on mode to complement retbleed mitigation\n"); in spectre_v2_user_select_mitigation()
1471 int ret, i; in spectre_v2_parse_cmdline() local
1482 for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { in spectre_v2_parse_cmdline()
1483 if (!match_option(arg, ret, mitigation_options[i].option)) in spectre_v2_parse_cmdline()
1485 cmd = mitigation_options[i].cmd; in spectre_v2_parse_cmdline()
1489 if (i >= ARRAY_SIZE(mitigation_options)) { in spectre_v2_parse_cmdline()
1501 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1510 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1518 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1524 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1530 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1536 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1542 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1546 spec_v2_print_cond(mitigation_options[i].option, in spectre_v2_parse_cmdline()
1547 mitigation_options[i].secure); in spectre_v2_parse_cmdline()
1563 /* Disable in-kernel use of non-RSB RET predictors */
1598 * user-space-poisoned RSB entries. in spectre_v2_determine_rsb_fill_type_at_vmexit()
1612 pr_info("Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT\n"); in spectre_v2_determine_rsb_fill_type_at_vmexit()
1657 return -EINVAL; in spectre_bhi_parse_cmdline()
1806 * JMPs gets protection against BHI and Intramode-BTI, but RET in spectre_v2_select_mitigation()
1807 * prediction from a non-RSB predictor is still a risk. in spectre_v2_select_mitigation()
1829 * which could have a user-poisoned BTB or BHB entry. in spectre_v2_select_mitigation()
1834 * When IBRS or eIBRS is enabled, the "user -> kernel" attack in spectre_v2_select_mitigation()
1839 * The "user -> user" attack scenario is mitigated by RSB filling. in spectre_v2_select_mitigation()
1843 * If the 'next' in-kernel return stack is shorter than 'prev', in spectre_v2_select_mitigation()
1844 * 'next' could be tricked into speculating with a user-poisoned RSB in spectre_v2_select_mitigation()
1847 * The "user -> kernel" attack scenario is mitigated by SMEP and in spectre_v2_select_mitigation()
1850 * The "user -> user" scenario, also known as SpectreBHB, requires in spectre_v2_select_mitigation()
1856 * FIXME: Is this pointless for retbleed-affected AMD? in spectre_v2_select_mitigation()
1871 * the CPU supports Enhanced IBRS, kernel might un-intentionally not in spectre_v2_select_mitigation()
1911 mask & SPEC_CTRL_STIBP ? "always-on" : "off"); in update_stibp_strict()
1937 * repartitioning leak would be a window dressing exercise. in update_mds_branch_idle()
1950 …T "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/…
1951 …T "TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/…
1952 …e Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/…
2046 int ret, i; in ssb_parse_cmdline() local
2059 for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { in ssb_parse_cmdline()
2060 if (!match_option(arg, ret, ssb_mitigation_options[i].option)) in ssb_parse_cmdline()
2063 cmd = ssb_mitigation_options[i].cmd; in ssb_parse_cmdline()
2067 if (i >= ARRAY_SIZE(ssb_mitigation_options)) { in ssb_parse_cmdline()
2114 * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. in __ssb_select_mitigation()
2115 * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass in __ssb_select_mitigation()
2116 * - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation in __ssb_select_mitigation()
2153 * Immediately update the speculation control MSRs for the current in task_update_spec_tif()
2154 * task, but for a non-current task delay setting the CPU in task_update_spec_tif()
2158 * always the current task. in task_update_spec_tif()
2160 if (tsk == current) in task_update_spec_tif()
2168 return -EPERM; in l1d_flush_prctl_set()
2172 set_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH); in l1d_flush_prctl_set()
2175 clear_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH); in l1d_flush_prctl_set()
2178 return -ERANGE; in l1d_flush_prctl_set()
2186 return -ENXIO; in ssb_prctl_set()
2192 return -EPERM; in ssb_prctl_set()
2210 return -EPERM; in ssb_prctl_set()
2216 return -ERANGE; in ssb_prctl_set()
2245 * updated, unless it was force-disabled by a previous prctl in ib_prctl_set()
2254 return -EPERM; in ib_prctl_set()
2267 return -EPERM; in ib_prctl_set()
2276 if (task == current) in ib_prctl_set()
2280 return -ERANGE; in ib_prctl_set()
2296 return -ENODEV; in arch_prctl_spec_ctrl_set()
2316 if (test_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH)) in l1d_flush_prctl_get()
2376 return -ENODEV; in arch_prctl_spec_ctrl_get()
2395 /* Default mitigation for L1TF-affected CPUs */
2420 if (c->x86 != 6) in override_cache_bits()
2423 switch (c->x86_vfm) { in override_cache_bits()
2437 if (c->x86_cache_bits < 44) in override_cache_bits()
2438 c->x86_cache_bits = 44; in override_cache_bits()
2478 e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { in l1tf_select_mitigation()
2483 …pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html might help y… in l1tf_select_mitigation()
2496 return -EINVAL; in l1tf_cmdline()
2552 return -EINVAL; in srso_parse_cmdline()
2558 else if (!strcmp(str, "safe-ret")) in srso_parse_cmdline()
2562 else if (!strcmp(str, "ibpb-vmexit")) in srso_parse_cmdline()
2571 #define SRSO_NOTICE "WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html …
2602 pr_warn("IBPB-extending microcode not applied!\n"); in srso_select_mitigation()
2650 * software-based untraining so clear those in case some in srso_select_mitigation()
2810 return "; STIBP: always-on"; in stibp_state()
2823 return "; IBPB: always-on"; in ibpb_state()
2836 return "; PBRSB-eIBRS: SW sequence"; in pbrsb_eibrs_state()
2838 return "; PBRSB-eIBRS: Vulnerable"; in pbrsb_eibrs_state()
2840 return "; PBRSB-eIBRS: Not affected"; in pbrsb_eibrs_state()
2897 return sysfs_emit(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n"); in retbleed_show_state()