x86/speculation: Allow enabling STIBP with legacy IBRS
stable inclusion from stable-v5.10.173 commit abfed855f05863d292de2d0ebab4656791bab9c8 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6V7TU CVE: CVE-2023-1998 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=abfed855f05863d292de2d0ebab4656791bab9c8 -------------------------------- commit 6921ed90 upstream. When plain IBRS is enabled (not enhanced IBRS), the logic in spectre_v2_user_select_mitigation() determines that STIBP is not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit is cleared on returning to userspace for performance reasons which leaves userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. Exclude IBRS from the spectre_v2_in_ibrs_mode() check to allow for enabling STIBP (through seccomp/prctl() by default or always-on, if selected by spectre_v2_user kernel cmdline parameter). [ bp: Massage. ] Fixes: 7c693f54 ("x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS") Reported-by: NJosé Oliveira <joseloliveira11@gmail.com> Reported-by: NRodrigo Branco <rodrigo@kernelhacking.com> Signed-off-by: NKP Singh <kpsingh@kernel.org> Signed-off-by: NBorislav Petkov (AMD) <bp@alien8.de> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20230220120127.1975241-1-kpsingh@kernel.org Link: https://lore.kernel.org/r/20230221184908.2349578-1-kpsingh@kernel.orgSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NWei Li <liwei391@huawei.com>
Showing
想要评论请 注册 或 登录