1.. SPDX-License-Identifier: GPL-2.0
2
3Indirect Target Selection (ITS)
4===============================
5
6ITS is a vulnerability in some Intel CPUs that support Enhanced IBRS and were
7released before Alder Lake. ITS may allow an attacker to control the prediction
8of indirect branches and RETs located in the lower half of a cacheline.
9
10ITS is assigned CVE-2024-28956 with a CVSS score of 4.7 (Medium).
11
12Scope of Impact
13---------------
14- **eIBRS Guest/Host Isolation**: Indirect branches in KVM/kernel may still be
15  predicted with unintended target corresponding to a branch in the guest.
16
17- **Intra-Mode BTI**: In-kernel training such as through cBPF or other native
18  gadgets.
19
20- **Indirect Branch Prediction Barrier (IBPB)**: After an IBPB, indirect
21  branches may still be predicted with targets corresponding to direct branches
22  executed prior to the IBPB. This is fixed by the IPU 2025.1 microcode, which
23  should be available via distro updates. Alternatively microcode can be
24  obtained from Intel's github repository [#f1]_.
25
26Affected CPUs
27-------------
28Below is the list of ITS affected CPUs [#f2]_ [#f3]_:
29
30   ========================  ============  ====================  ===============
31   Common name               Family_Model  eIBRS                 Intra-mode BTI
32                                           Guest/Host Isolation
33   ========================  ============  ====================  ===============
34   SKYLAKE_X (step >= 6)     06_55H        Affected              Affected
35   ICELAKE_X                 06_6AH        Not affected          Affected
36   ICELAKE_D                 06_6CH        Not affected          Affected
37   ICELAKE_L                 06_7EH        Not affected          Affected
38   TIGERLAKE_L               06_8CH        Not affected          Affected
39   TIGERLAKE                 06_8DH        Not affected          Affected
40   KABYLAKE_L (step >= 12)   06_8EH        Affected              Affected
41   KABYLAKE (step >= 13)     06_9EH        Affected              Affected
42   COMETLAKE                 06_A5H        Affected              Affected
43   COMETLAKE_L               06_A6H        Affected              Affected
44   ROCKETLAKE                06_A7H        Not affected          Affected
45   ========================  ============  ====================  ===============
46
47- All affected CPUs enumerate Enhanced IBRS feature.
48- IBPB isolation is affected on all ITS affected CPUs, and need a microcode
49  update for mitigation.
50- None of the affected CPUs enumerate BHI_CTRL which was introduced in Golden
51  Cove (Alder Lake and Sapphire Rapids). This can help guests to determine the
52  host's affected status.
53- Intel Atom CPUs are not affected by ITS.
54
55Mitigation
56----------
57As only the indirect branches and RETs that have their last byte of instruction
58in the lower half of the cacheline are vulnerable to ITS, the basic idea behind
59the mitigation is to not allow indirect branches in the lower half.
60
61This is achieved by relying on existing retpoline support in the kernel, and in
62compilers. ITS-vulnerable retpoline sites are runtime patched to point to newly
63added ITS-safe thunks. These safe thunks consists of indirect branch in the
64second half of the cacheline. Not all retpoline sites are patched to thunks, if
65a retpoline site is evaluated to be ITS-safe, it is replaced with an inline
66indirect branch.
67
68Dynamic thunks
69~~~~~~~~~~~~~~
70From a dynamically allocated pool of safe-thunks, each vulnerable site is
71replaced with a new thunk, such that they get a unique address. This could
72improve the branch prediction accuracy. Also, it is a defense-in-depth measure
73against aliasing.
74
75Note, for simplicity, indirect branches in eBPF programs are always replaced
76with a jump to a static thunk in __x86_indirect_its_thunk_array. If required,
77in future this can be changed to use dynamic thunks.
78
79All vulnerable RETs are replaced with a static thunk, they do not use dynamic
80thunks. This is because RETs get their prediction from RSB mostly that does not
81depend on source address. RETs that underflow RSB may benefit from dynamic
82thunks. But, RETs significantly outnumber indirect branches, and any benefit
83from a unique source address could be outweighed by the increased icache
84footprint and iTLB pressure.
85
86Retpoline
87~~~~~~~~~
88Retpoline sequence also mitigates ITS-unsafe indirect branches. For this
89reason, when retpoline is enabled, ITS mitigation only relocates the RETs to
90safe thunks. Unless user requested the RSB-stuffing mitigation.
91
92RSB Stuffing
93~~~~~~~~~~~~
94RSB-stuffing via Call Depth Tracking is a mitigation for Retbleed RSB-underflow
95attacks. And it also mitigates RETs that are vulnerable to ITS.
96
97Mitigation in guests
98^^^^^^^^^^^^^^^^^^^^
99All guests deploy ITS mitigation by default, irrespective of eIBRS enumeration
100and Family/Model of the guest. This is because eIBRS feature could be hidden
101from a guest. One exception to this is when a guest enumerates BHI_DIS_S, which
102indicates that the guest is running on an unaffected host.
103
104To prevent guests from unnecessarily deploying the mitigation on unaffected
105platforms, Intel has defined ITS_NO bit(62) in MSR IA32_ARCH_CAPABILITIES. When
106a guest sees this bit set, it should not enumerate the ITS bug. Note, this bit
107is not set by any hardware, but is **intended for VMMs to synthesize** it for
108guests as per the host's affected status.
109
110Mitigation options
111^^^^^^^^^^^^^^^^^^
112The ITS mitigation can be controlled using the "indirect_target_selection"
113kernel parameter. The available options are:
114
115   ======== ===================================================================
116   on       (default)  Deploy the "Aligned branch/return thunks" mitigation.
117	    If spectre_v2 mitigation enables retpoline, aligned-thunks are only
118	    deployed for the affected RET instructions. Retpoline mitigates
119	    indirect branches.
120
121   off      Disable ITS mitigation.
122
123   vmexit   Equivalent to "=on" if the CPU is affected by guest/host isolation
124	    part of ITS. Otherwise, mitigation is not deployed. This option is
125	    useful when host userspace is not in the threat model, and only
126	    attacks from guest to host are considered.
127
128   stuff    Deploy RSB-fill mitigation when retpoline is also deployed.
129	    Otherwise, deploy the default mitigation. When retpoline mitigation
130	    is enabled, RSB-stuffing via Call-Depth-Tracking also mitigates
131	    ITS.
132
133   force    Force the ITS bug and deploy the default mitigation.
134   ======== ===================================================================
135
136Sysfs reporting
137---------------
138
139The sysfs file showing ITS mitigation status is:
140
141  /sys/devices/system/cpu/vulnerabilities/indirect_target_selection
142
143Note, microcode mitigation status is not reported in this file.
144
145The possible values in this file are:
146
147.. list-table::
148
149   * - Not affected
150     - The processor is not vulnerable.
151   * - Vulnerable
152     - System is vulnerable and no mitigation has been applied.
153   * - Vulnerable, KVM: Not affected
154     - System is vulnerable to intra-mode BTI, but not affected by eIBRS
155       guest/host isolation.
156   * - Mitigation: Aligned branch/return thunks
157     - The mitigation is enabled, affected indirect branches and RETs are
158       relocated to safe thunks.
159   * - Mitigation: Retpolines, Stuffing RSB
160     - The mitigation is enabled using retpoline and RSB stuffing.
161
162References
163----------
164.. [#f1] Microcode repository - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
165
166.. [#f2] Affected Processors list - https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
167
168.. [#f3] Affected Processors list (machine readable) - https://github.com/intel/Intel-affected-processor-list
169