[5.4,37/37] x86/speculation: Add RSB VM Exit protections

From: Daniel Sneddon <daniel.sneddon@linux.intel.com>

From: Daniel Sneddon <daniel.sneddon@linux.intel.com>

commit 2b1299322016731d56807aa49254a5ea3080b6b3 upstream.

tl;dr: The Enhanced IBRS mitigation for Spectre v2 does not work as
documented for RET instructions after VM exits. Mitigate it with a new
one-entry RSB stuffing mechanism and a new LFENCE.

== Background ==

Indirect Branch Restricted Speculation (IBRS) was designed to help
mitigate Branch Target Injection and Speculative Store Bypass, i.e.
Spectre, attacks. IBRS prevents software run in less privileged modes
from affecting branch prediction in more privileged modes. IBRS requires
the MSR to be written on every privilege level change.

To overcome some of the performance issues of IBRS, Enhanced IBRS was
introduced.  eIBRS is an "always on" IBRS, in other words, just turn
it on once instead of writing the MSR on every privilege level change.
When eIBRS is enabled, more privileged modes should be protected from
less privileged modes, including protecting VMMs from guests.

== Problem ==

Here's a simplification of how guests are run on Linux' KVM:

void run_kvm_guest(void)
{
	// Prepare to run guest
	VMRESUME();
	// Clean up after guest runs
}

The execution flow for that would look something like this to the
processor:

1. Host-side: call run_kvm_guest()
2. Host-side: VMRESUME
3. Guest runs, does "CALL guest_function"
4. VM exit, host runs again
5. Host might make some "cleanup" function calls
6. Host-side: RET from run_kvm_guest()

Now, when back on the host, there are a couple of possible scenarios of
post-guest activity the host needs to do before executing host code:

* on pre-eIBRS hardware (legacy IBRS, or nothing at all), the RSB is not
touched and Linux has to do a 32-entry stuffing.

* on eIBRS hardware, VM exit with IBRS enabled, or restoring the host
IBRS=1 shortly after VM exit, has a documented side effect of flushing
the RSB except in this PBRSB situation where the software needs to stuff
the last RSB entry "by hand".

IOW, with eIBRS supported, host RET instructions should no longer be
influenced by guest behavior after the host retires a single CALL
instruction.

However, if the RET instructions are "unbalanced" with CALLs after a VM
exit as is the RET in #6, it might speculatively use the address for the
instruction after the CALL in #3 as an RSB prediction. This is a problem
since the (untrusted) guest controls this address.

Balanced CALL/RET instruction pairs such as in step #5 are not affected.

== Solution ==

The PBRSB issue affects a wide variety of Intel processors which
support eIBRS. But not all of them need mitigation. Today,
X86_FEATURE_RSB_VMEXIT triggers an RSB filling sequence that mitigates
PBRSB. Systems setting RSB_VMEXIT need no further mitigation - i.e.,
eIBRS systems which enable legacy IBRS explicitly.

However, such systems (X86_FEATURE_IBRS_ENHANCED) do not set RSB_VMEXIT
and most of them need a new mitigation.

Therefore, introduce a new feature flag X86_FEATURE_RSB_VMEXIT_LITE
which triggers a lighter-weight PBRSB mitigation versus RSB_VMEXIT.

The lighter-weight mitigation performs a CALL instruction which is
immediately followed by a speculative execution barrier (INT3). This
steers speculative execution to the barrier -- just like a retpoline
-- which ensures that speculation can never reach an unbalanced RET.
Then, ensure this CALL is retired before continuing execution with an
LFENCE.

In other words, the window of exposure is opened at VM exit where RET
behavior is troublesome. While the window is open, force RSB predictions
sampling for RET targets to a dead end at the INT3. Close the window
with the LFENCE.

There is a subset of eIBRS systems which are not vulnerable to PBRSB.
Add these systems to the cpu_vuln_whitelist[] as NO_EIBRS_PBRSB.
Future systems that aren't vulnerable will set ARCH_CAP_PBRSB_NO.

  [ bp: Massage, incorporate review comments from Andy Cooper. ]

Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Co-developed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
[cascardo: no intra-function validation]
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
---
 Documentation/admin-guide/hw-vuln/spectre.rst |  8 ++
 arch/x86/include/asm/cpufeatures.h            |  2 +
 arch/x86/include/asm/msr-index.h              |  4 +
 arch/x86/include/asm/nospec-branch.h          | 16 +++-
 arch/x86/kernel/cpu/bugs.c                    | 86 ++++++++++++++-----
 arch/x86/kernel/cpu/common.c                  | 12 ++-
 arch/x86/kvm/vmx/vmenter.S                    |  8 +-
 tools/arch/x86/include/asm/cpufeatures.h      |  1 +
 8 files changed, 108 insertions(+), 29 deletions(-)

Message ID	20221003131038.12645-38-cascardo@canonical.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 660FAC433FE for <kvm@archiver.kernel.org>; Mon, 3 Oct 2022 13:13:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230320AbiJCNN5 (ORCPT <rfc822;kvm@archiver.kernel.org>); Mon, 3 Oct 2022 09:13:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60498 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230270AbiJCNNe (ORCPT <rfc822;kvm@vger.kernel.org>); Mon, 3 Oct 2022 09:13:34 -0400 Received: from smtp-relay-canonical-1.canonical.com (smtp-relay-canonical-1.canonical.com [185.125.188.121]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0FEC250539; Mon, 3 Oct 2022 06:13:08 -0700 (PDT) Received: from quatroqueijos.. (unknown [179.93.174.77]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 5B3C342FBA; Mon, 3 Oct 2022 13:13:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1664802785; bh=i/EGAXmDNTt07meQjqND+bk8MiJxTBH5yjHX6Z9kHtg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TQI64n0iiZMUXd4Grq6WxZ3RE6qFXAxsPCdtHBAfFTT1xrygTOvC9xeUGAigPfMxg HPaXcalT1V5UBnVLPWcUjGiiF7olPN+v9n8+yLAnRDiffRr3VmGtWjcH2blXwNCpZp lfO2cqxgvZ55WlB2chZrLSANxH2fE4DgFWx/N7iZbVOEE2cZjgmq2CBscKNWTW5lC+ e1UNxbAeeYzEQTkApmqqNtGDqo8zsvBHVriB1+2TZH3GuuUCW7tli4vjQI9q+zRTw6 G873Cd32rle+vxBcDXSmZVL3y/EFLLbQ4ySyPywKJh1iAV55ivnnXFcsV5mwp0oCuj G89JL7g6hZCuA== From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> To: stable@vger.kernel.org Cc: x86@kernel.org, kvm@vger.kernel.org, bp@alien8.de, pbonzini@redhat.com, peterz@infradead.org, jpoimboe@kernel.org Subject: [PATCH 5.4 37/37] x86/speculation: Add RSB VM Exit protections Date: Mon, 3 Oct 2022 10:10:38 -0300 Message-Id: <20221003131038.12645-38-cascardo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221003131038.12645-1-cascardo@canonical.com> References: <20221003131038.12645-1-cascardo@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: <kvm.vger.kernel.org> X-Mailing-List: kvm@vger.kernel.org
Series	IBRS support // Retbleed mitigations \| expand [5.4,00/37] IBRS support // Retbleed mitigations [5.4,01/37] Revert "x86/speculation: Add RSB VM Exit protections" [5.4,02/37] Revert "x86/cpu: Add a steppings field to struct x86_cpu_id" [5.4,03/37] x86/devicetable: Move x86 specific macro out of generic code [5.4,04/37] x86/cpu: Add consistent CPU match macros [5.4,05/37] x86/cpu: Add a steppings field to struct x86_cpu_id [5.4,06/37] x86/kvm/vmx: Make noinstr clean [5.4,07/37] x86/cpufeatures: Move RETPOLINE flags to word 11 [5.4,08/37] x86/bugs: Report AMD retbleed vulnerability [5.4,09/37] x86/bugs: Add AMD retbleed= boot parameter [5.4,10/37] x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value [5.4,11/37] x86/entry: Remove skip_r11rcx [5.4,12/37] x86/entry: Add kernel IBRS implementation [5.4,13/37] x86/bugs: Optimize SPEC_CTRL MSR writes [5.4,14/37] x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS [5.4,15/37] x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() [5.4,16/37] x86/bugs: Report Intel retbleed vulnerability [5.4,17/37] intel_idle: Disable IBRS during long idle [5.4,18/37] x86/speculation: Change FILL_RETURN_BUFFER to work with objtool [5.4,19/37] x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n [5.4,20/37] x86/speculation: Fix firmware entry SPEC_CTRL handling [5.4,21/37] x86/speculation: Fix SPEC_CTRL write on SMT state change [5.4,22/37] x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit [5.4,23/37] x86/speculation: Remove x86_spec_ctrl_mask [5.4,24/37] KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S [5.4,25/37] KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw [5.4,26/37] KVM: VMX: Flatten __vmx_vcpu_run() [5.4,27/37] KVM: VMX: Convert launched argument to flags [5.4,28/37] KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS [5.4,29/37] KVM: VMX: Fix IBRS handling after vmexit [5.4,30/37] x86/speculation: Fill RSB on vmexit for IBRS [5.4,31/37] x86/common: Stamp out the stepping madness [5.4,32/37] x86/cpu/amd: Enumerate BTC_NO [5.4,33/37] x86/bugs: Add Cannon lake to RETBleed affected CPU list [5.4,34/37] x86/speculation: Disable RRSBA behavior [5.4,35/37] x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current [5.4,36/37] x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts [5.4,37/37] x86/speculation: Add RSB VM Exit protections

[5.4,37/37] x86/speculation: Add RSB VM Exit protections

Commit Message

Patch