Lines Matching +full:i +full:- +full:leak +full:- +full:current
1 // SPDX-License-Identifier: GPL-2.0
6 * - Rafael R. Reilova (moved everything from head.S),
8 * - Channing Corn (tests & fixes),
9 * - Andrew D. Balsa (code cleanup).
20 #include <asm/spec-ctrl.h>
24 #include <asm/processor-flags.h>
29 #include <asm/intel-family.h>
53 /* The base value of the SPEC_CTRL MSR without task-specific bits set */
57 /* The current value of the SPEC_CTRL MSR with task-specific bits set */
76 * Keep track of the SPEC_CTRL MSR value for the current task, which may differ
87 * When KERNEL_IBRS this MSR is written on return-to-user, unless in update_spec_ctrl_cond()
197 * current's TIF_SSBD thread flag. in x86_virt_spec_ctrl()
202 hostval = ssbd_tif_to_spec_ctrl(ti->flags); in x86_virt_spec_ctrl()
231 /* Default mitigation for MDS-affected CPUs */
266 return -EINVAL; in mds_cmdline()
291 /* Default mitigation for TAA-affected CPUs */
368 return -EINVAL; in tsx_async_abort_parse_cmdline()
429 * If Processor-MMIO-Stale-Data bug is present and Fill Buffer data can in mmio_select_mitigation()
461 return -EINVAL; in mmio_stale_data_parse_cmdline()
524 * As MDS, TAA and MMIO Stale Data mitigations are inter-related, update in md_clear_select_mitigation()
621 return -EINVAL; in srbds_parse_cmdline()
788 return -EINVAL; in gds_parse_cmdline()
830 * Consider SMAP to be non-functional as a mitigation on these in smap_works_speculatively()
849 * path of a conditional swapgs with a user-controlled GS in spectre_v1_select_mitigation()
874 * Enable lfences in the kernel entry (non-swapgs) in spectre_v1_select_mitigation()
933 return -EINVAL; in retbleed_parse_cmdline()
1117 return spectre_v2_bad_module ? " - vulnerable module loaded" : ""; in spectre_v2_module_string()
1184 [SPECTRE_V2_USER_STRICT_PREFERRED] = "User space: Mitigation: STIBP always-on protection",
1215 int ret, i; in spectre_v2_parse_user_cmdline() local
1231 for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { in spectre_v2_parse_user_cmdline()
1232 if (match_option(arg, ret, v2_user_options[i].option)) { in spectre_v2_parse_user_cmdline()
1233 spec_v2_user_print_cond(v2_user_options[i].option, in spectre_v2_parse_user_cmdline()
1234 v2_user_options[i].secure); in spectre_v2_parse_user_cmdline()
1235 return v2_user_options[i].cmd; in spectre_v2_parse_user_cmdline()
1306 "always-on" : "conditional"); in spectre_v2_user_select_mitigation()
1313 * Intel's Enhanced IBRS also protects against cross-thread branch target in spectre_v2_user_select_mitigation()
1314 * injection in user-mode as the IBRS bit remains always set which in spectre_v2_user_select_mitigation()
1315 * implicitly enables cross-thread protections. However, in legacy IBRS in spectre_v2_user_select_mitigation()
1318 * These modes therefore disable the implicit cross-thread protection, in spectre_v2_user_select_mitigation()
1329 * If STIBP support is not being forced, check if STIBP always-on in spectre_v2_user_select_mitigation()
1340 pr_info("Selecting STIBP always-on mode to complement retbleed mitigation\n"); in spectre_v2_user_select_mitigation()
1388 int ret, i; in spectre_v2_parse_cmdline() local
1398 for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { in spectre_v2_parse_cmdline()
1399 if (!match_option(arg, ret, mitigation_options[i].option)) in spectre_v2_parse_cmdline()
1401 cmd = mitigation_options[i].cmd; in spectre_v2_parse_cmdline()
1405 if (i >= ARRAY_SIZE(mitigation_options)) { in spectre_v2_parse_cmdline()
1417 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1426 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1434 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1440 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1446 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1452 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1458 mitigation_options[i].option); in spectre_v2_parse_cmdline()
1462 spec_v2_print_cond(mitigation_options[i].option, in spectre_v2_parse_cmdline()
1463 mitigation_options[i].secure); in spectre_v2_parse_cmdline()
1477 /* Disable in-kernel use of non-RSB RET predictors */
1509 * user-space-poisoned RSB entries. in spectre_v2_determine_rsb_fill_type_at_vmexit()
1523 pr_info("Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT\n"); in spectre_v2_determine_rsb_fill_type_at_vmexit()
1643 * JMPs gets protection against BHI and Intramode-BTI, but RET in spectre_v2_select_mitigation()
1644 * prediction from a non-RSB predictor is still a risk. in spectre_v2_select_mitigation()
1663 * which could have a user-poisoned BTB or BHB entry. in spectre_v2_select_mitigation()
1668 * When IBRS or eIBRS is enabled, the "user -> kernel" attack in spectre_v2_select_mitigation()
1673 * The "user -> user" attack scenario is mitigated by RSB filling. in spectre_v2_select_mitigation()
1677 * If the 'next' in-kernel return stack is shorter than 'prev', in spectre_v2_select_mitigation()
1678 * 'next' could be tricked into speculating with a user-poisoned RSB in spectre_v2_select_mitigation()
1681 * The "user -> kernel" attack scenario is mitigated by SMEP and in spectre_v2_select_mitigation()
1684 * The "user -> user" scenario, also known as SpectreBHB, requires in spectre_v2_select_mitigation()
1690 * FIXME: Is this pointless for retbleed-affected AMD? in spectre_v2_select_mitigation()
1705 * the CPU supports Enhanced IBRS, kernel might un-intentionally not in spectre_v2_select_mitigation()
1745 mask & SPEC_CTRL_STIBP ? "always-on" : "off"); in update_stibp_strict()
1773 * repartitioning leak would be a window dressing exercise. in update_mds_branch_idle()
1786 …T "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/…
1787 …T "TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/…
1788 …e Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/…
1882 int ret, i; in ssb_parse_cmdline() local
1893 for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { in ssb_parse_cmdline()
1894 if (!match_option(arg, ret, ssb_mitigation_options[i].option)) in ssb_parse_cmdline()
1897 cmd = ssb_mitigation_options[i].cmd; in ssb_parse_cmdline()
1901 if (i >= ARRAY_SIZE(ssb_mitigation_options)) { in ssb_parse_cmdline()
1948 * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. in __ssb_select_mitigation()
1949 * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass in __ssb_select_mitigation()
1950 * - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation in __ssb_select_mitigation()
1987 * Immediately update the speculation control MSRs for the current in task_update_spec_tif()
1988 * task, but for a non-current task delay setting the CPU in task_update_spec_tif()
1992 * always the current task. in task_update_spec_tif()
1994 if (tsk == current) in task_update_spec_tif()
2002 return -EPERM; in l1d_flush_prctl_set()
2006 set_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH); in l1d_flush_prctl_set()
2009 clear_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH); in l1d_flush_prctl_set()
2012 return -ERANGE; in l1d_flush_prctl_set()
2020 return -ENXIO; in ssb_prctl_set()
2026 return -EPERM; in ssb_prctl_set()
2044 return -EPERM; in ssb_prctl_set()
2050 return -ERANGE; in ssb_prctl_set()
2079 * updated, unless it was force-disabled by a previous prctl in ib_prctl_set()
2088 return -EPERM; in ib_prctl_set()
2101 return -EPERM; in ib_prctl_set()
2110 if (task == current) in ib_prctl_set()
2114 return -ERANGE; in ib_prctl_set()
2130 return -ENODEV; in arch_prctl_spec_ctrl_set()
2150 if (test_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH)) in l1d_flush_prctl_get()
2210 return -ENODEV; in arch_prctl_spec_ctrl_get()
2229 /* Default mitigation for L1TF-affected CPUs */
2253 if (c->x86 != 6) in override_cache_bits()
2256 switch (c->x86_model) { in override_cache_bits()
2270 if (c->x86_cache_bits < 44) in override_cache_bits()
2271 c->x86_cache_bits = 44; in override_cache_bits()
2311 e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { in l1tf_select_mitigation()
2316 …pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html might help y… in l1tf_select_mitigation()
2329 return -EINVAL; in l1tf_cmdline()
2385 return -EINVAL; in srso_parse_cmdline()
2391 else if (!strcmp(str, "safe-ret")) in srso_parse_cmdline()
2395 else if (!strcmp(str, "ibpb-vmexit")) in srso_parse_cmdline()
2404 #define SRSO_NOTICE "WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html …
2436 pr_warn("IBPB-extending microcode not applied!\n"); in srso_select_mitigation()
2627 return ", STIBP: always-on"; in stibp_state()
2640 return ", IBPB: always-on"; in ibpb_state()
2653 return ", PBRSB-eIBRS: SW sequence"; in pbrsb_eibrs_state()
2655 return ", PBRSB-eIBRS: Vulnerable"; in pbrsb_eibrs_state()
2657 return ", PBRSB-eIBRS: Not affected"; in pbrsb_eibrs_state()
2694 return sysfs_emit(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n"); in retbleed_show_state()