- 12 Jan, 2018 40 commits
-
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 In order to reduce the impact of using MFENCE, make the execution of the LFENCE instruction serialized. This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families that support LFENCE do not have this MSR. For these families, the LFENCE instruction is already serialized. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit c8bd06975d1b15b5f81f684d9d3f926b60cd77a9) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 Clear registers on VM exit to prevent speculative use of them. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit fa3bf5051d2cb8df4c2ff38750c895ea497cc1d4) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 Add code to overwrite the local CPU RSB entries from the previous less privileged mode. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 3dc0cf238b89fb023fd5ee6cdf2dbff5ffd4046c) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 Provide the guest with the speculative control CPUID related values. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit cbfe052b7e811a2854162b210f242d3e815cbc17) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 Set IBPB (Indirect Branch Prediction Barrier) when the current CPU is going to run a VCPU different from what was previously run. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit bb6edde44a0529ec52618c97a281719d968aaeab) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 Set/restore the guests IBRS value on VM entry. On VM exit back to the kernel save the guest IBRS value and then set IBRS to 1. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit ae47b6df435ae255747a9aa1a5520bd9ef01005f) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 Allow guest access to the speculative control MSRs without being intercepted. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 68c2587c0680813d57af0a4073fa22a95a15e980) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 Add an IBPB feature check to the speculative control update check after a microcode reload. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 073bee2caa42ddde1134cb87c955b4cad7b7d38b) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tom Lendacky authored
CVE-2017-5753 CVE-2017-5715 Add speculative control support for AMD processors. For AMD, speculative control is indicated as follows: CPUID EAX=0x00000007, ECX=0x00 return EDX[26] indicates support for both IBRS and IBPB. CPUID EAX=0x80000008, ECX=0x00 return EBX[12] indicates support for just IBPB. On AMD family 0x10, 0x12 and 0x16 processors where either of the above features are not supported, IBPB can be achieved by disabling indirect branch predictor support in MSR 0xc0011021[14] at boot. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 38994a3e1a9288622cb170bc89d037ca8f2b0fb6) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Borislav Petkov authored
CVE-2017-5753 CVE-2017-5715 The kernel accesses IC_CFG MSR (0xc0011021) on AMD because it checks whether the way access filter is enabled on some F15h models, and, if so, disables it. kvm doesn't handle that MSR access and complains about it, which can get really noisy in dmesg when one starts kvm guests all the time for testing. And it is useless anyway - guest kernel shouldn't be doing such changes anyway so tell it that that filter is disabled. Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/1448273546-2567-4-git-send-email-bp@alien8.deSigned-off-by: Ingo Molnar <mingo@kernel.org> (cherry picked from commit ae8b7875) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 48ec0cfa6dac428470e30855e2d9751e00e2ba6c) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 To prevent the unused registers %r8-%r15, from being used speculatively, we clear them upon syscall entrance for code hygiene in 32 bit compatible mode. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 85910f3f9cd728acce9ef34a6df4f8bf8714d006) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 To prevent the unused registers %r12-%r15, %rbp and %rbx from being used speculatively, we clear them upon syscall entrance for code hygiene. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 20018a1207a68ee311e9e080f8589e23a0e14852) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 33e16ee8bd43aa4f065e17abbe9ed66457327b84) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 There are 2 ways to control IBPB and IBRS 1. At boot time noibrs kernel boot parameter will disable IBRS usage noibpb kernel boot parameter will disable IBPB usage Otherwise if the above parameters are not specified, the system will enable ibrs and ibpb usage if the cpu supports it. 2. At run time echo 0 > /proc/sys/kernel/ibrs_enabled will turn off IBRS echo 1 > /proc/sys/kernel/ibrs_enabled will turn on IBRS in kernel echo 2 > /proc/sys/kernel/ibrs_enabled will turn on IBRS in both userspace and kernel Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 50169d8fada2532084c9f8ccde51c6c9211603d5) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Add code to pad the local CPU's RSB entries to protect from previous less privilege mode. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 65ced0bf5b4bb86d1fa08200b57a5f55617ad7ad) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Restore guest IBRS on VM entry and set it to 1 on VM exit back to kernel. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 08aeb17b6385ac5b82d73753ac43cc8c7cff5d5c) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Set IBPB (Indirect branch prediction barrier) when switching VM. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 472524f41206beb0a29c08f10689648a3dcd7707) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Wei Wang authored
CVE-2017-5753 CVE-2017-5715 Add field to access guest MSR_IA332_SPEC_CTRL and MSR_IA32_PRED_CMD state. Signed-off-by: Wei Wang <wei.w.wang@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit f93ba2a9b5ab2c275e9adc10876cc0425a33eec0) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Stuff RSB to prevent RSB underflow on non-SMEP platform. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 183ab2f8dfb26ad2c83602af3ee9a5f11d65128b) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 To reduce overhead of setting IBPB, we only do that when the new thread cannot ptrace the current one. If the new thread has ptrace capability on current thread, it is safe. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 294ed6288a44f78781cf33cc9de32c50630c1646) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Set IBPB on context switch with changing of page table. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 172351a2ae2c03d501e1d5933b8f50f6cd459186) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Clear IBRS when cpu is offlined and set it when brining it back online. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit ca09185cd600fc8e43a9bb5ddec61103039930b3) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Clear IBRS on idle entry and set it on idle exit into kernel on mwait. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit c2a2a232b0553e32a7bfe198a40f377bd1ba016d) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Set IBRS upon kernel entrance via syscall and interrupts. Clear it upon exit. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit bb6c1a01e82fb0eb14d1229fd71a99ed285d330d) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Setup macros to control IBRS and IBPB Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 582c3ac1ea2fd287fca743f4e498e844a0e2b606) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 Report presence of IBPB and IBRS. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit e6941d30960ab43adfa0bbb446e73036bfb52842) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Tim Chen authored
CVE-2017-5753 CVE-2017-5715 cpuid ax=0x7, return rdx bit 26 to indicate presence of this feature IA32_SPEC_CTRL (0x48) and IA32_PRED_CMD (0x49) IA32_SPEC_CTRL, bit0 – Indirect Branch Restricted Speculation (IBRS) IA32_PRED_CMD, bit0 – Indirect Branch Prediction Barrier (IBPB) Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 40b5e1635733891442f6dab9181ffeb3dd26a8d7) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 Real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit b1ff40b60f2b6c5e731b338d429fb06ef7087ace) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 Real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit f84272a4586cddd342fa5570d4aafc223345a844) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 Real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 8a0f2aeaa333f5c4e41b5d366745015fa855232f) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 Real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 2b6906d0cf28910144b1e1816861097b2ae3d4a1) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 Real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit bf5352bb462ac0acf4ebca109e964666f845bd54) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 Real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 7ef8b5b36b47e74d35506760175eaf1f4235068b) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 Real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit a2ef3475fff03ae6fcdf07163d3a762e9811e3be) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 Real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 19299d3cee99e47bec3ace5d654eeb8fa6365bfd) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 real commit text tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 5d9ab7231ea9f5a1b0c3cb612e20b0b486a5bdca) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 When constant blinding is enabled (bpf_jit_harden = 1), this adds a generic memory barrier (lfence for intel, mfence for AMD) before emitting x86 jitted code for the BPF_ALU(64)_OR_X and BPF_ALU_LHS_X (for BPF_REG_AX register) eBPF instructions. This is needed in order to prevent speculative execution on out of bounds BPF_MAP array indexes when JIT is enabled. This way an arbitary kernel memory is not exposed through side-channel attacks. For more details, please see this Google Project Zero report: tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 33f5e63378ad75331315216b459362b0a5350662) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 This adds a generic memory barrier before LD_IMM_DW and LDX_MEM_B/H/W/DW eBPF instructions during eBPF program execution in order to prevent speculative execution on out of bound BFP_MAP array indexes. This way an arbitary kernel memory is not exposed through side channel attacks. For more details, please see this Google Project Zero report: tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 69cfcc33d4ec282f14e47f1705bf45117e557b69) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 In constrast to existing mb() and rmb() barriers, gmb() barrier is arch-independent and can be used to implement any type of memory barrier. In x86 case, it is either lfence or mfence, based on processor type. ARM and others can define it according to their needs. Suggested-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 15cdd6b1b8bdf69f6318b64650b342c38cc58451) Signed-off-by: Andy Whitcroft <apw@canonical.com>
-