x86/bugs: KVM: Add support for SRSO_MSR_FIX

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add support for

CPUID Fn8000_0021_EAX[31] (SRSO_MSR_FIX). If this bit is 1, it
indicates that software may use MSR BP_CFG[BpSpecReduce] to mitigate
SRSO.

Enable BpSpecReduce to mitigate SRSO across guest/host boundaries.

Switch back to enabling the bit when virtualization is enabled and to
clear the bit when virtualization is disabled because using a MSR slot
would clear the bit when the guest is exited and any training the guest
has done, would potentially influence the host kernel when execution
enters the kernel and hasn't VMRUN the guest yet.

More detail on the public thread in Link below.

Co-developed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20241202120416.6054-1-bp@kernel.org

Borislav Petkov 1 year ago 8442df2b d082ecbc

+46 -4

6 changed files

expand all

Documentation

admin-guide

hw-vuln

srso.rst

arch

x86

include

asm

cpufeatures.h

msr-index.h

kernel

cpu

bugs.c

kvm

svm

svm.c

lib

msr.c

+13

Documentation/admin-guide/hw-vuln/srso.rst

··· 104 104 105 105 (spec_rstack_overflow=ibpb-vmexit) 106 106 107 + * 'Mitigation: Reduced Speculation': 107 108 109 + This mitigation gets automatically enabled when the above one "IBPB on 110 + VMEXIT" has been selected and the CPU supports the BpSpecReduce bit. 111 + 112 + It gets automatically enabled on machines which have the 113 + SRSO_USER_KERNEL_NO=1 CPUID bit. In that case, the code logic is to switch 114 + to the above =ibpb-vmexit mitigation because the user/kernel boundary is 115 + not affected anymore and thus "safe RET" is not needed. 116 + 117 + After enabling the IBPB on VMEXIT mitigation option, the BpSpecReduce bit 118 + is detected (functionality present on all such machines) and that 119 + practically overrides IBPB on VMEXIT as it has a lot less performance 120 + impact and takes care of the guest->host attack vector too. 108 121 109 122 In order to exploit vulnerability, an attacker needs to: 110 123

arch/x86/include/asm/cpufeatures.h

··· 468 468 #define X86_FEATURE_IBPB_BRTYPE (20*32+28) /* MSR_PRED_CMD[IBPB] flushes all branch type predictions */ 469 469 #define X86_FEATURE_SRSO_NO (20*32+29) /* CPU is not affected by SRSO */ 470 470 #define X86_FEATURE_SRSO_USER_KERNEL_NO (20*32+30) /* CPU is not affected by SRSO across user/kernel boundaries */ 471 + #define X86_FEATURE_SRSO_BP_SPEC_REDUCE (20*32+31) /* 472 + * BP_CFG[BpSpecReduce] can be used to mitigate SRSO for VMs. 473 + * (SRSO_MSR_FIX in the official doc). 474 + */ 471 475 472 476 /* 473 477 * Extended auxiliary flags: Linux defined - for features scattered in various

arch/x86/include/asm/msr-index.h

··· 721 721 722 722 /* Zen4 */ 723 723 #define MSR_ZEN4_BP_CFG 0xc001102e 724 + #define MSR_ZEN4_BP_CFG_BP_SPEC_REDUCE_BIT 4 724 725 #define MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT 5 725 726 726 727 /* Fam 19h MSRs */

+20 -4

arch/x86/kernel/cpu/bugs.c

··· 2522 2522 SRSO_MITIGATION_SAFE_RET, 2523 2523 SRSO_MITIGATION_IBPB, 2524 2524 SRSO_MITIGATION_IBPB_ON_VMEXIT, 2525 + SRSO_MITIGATION_BP_SPEC_REDUCE, 2525 2526 }; 2526 2527 2527 2528 enum srso_mitigation_cmd { ··· 2540 2539 [SRSO_MITIGATION_MICROCODE] = "Vulnerable: Microcode, no safe RET", 2541 2540 [SRSO_MITIGATION_SAFE_RET] = "Mitigation: Safe RET", 2542 2541 [SRSO_MITIGATION_IBPB] = "Mitigation: IBPB", 2543 - [SRSO_MITIGATION_IBPB_ON_VMEXIT] = "Mitigation: IBPB on VMEXIT only" 2542 + [SRSO_MITIGATION_IBPB_ON_VMEXIT] = "Mitigation: IBPB on VMEXIT only", 2543 + [SRSO_MITIGATION_BP_SPEC_REDUCE] = "Mitigation: Reduced Speculation" 2544 2544 }; 2545 2545 2546 2546 static enum srso_mitigation srso_mitigation __ro_after_init = SRSO_MITIGATION_NONE; ··· 2580 2578 srso_cmd == SRSO_CMD_OFF) { 2581 2579 if (boot_cpu_has(X86_FEATURE_SBPB)) 2582 2580 x86_pred_cmd = PRED_CMD_SBPB; 2583 - return; 2581 + goto out; 2584 2582 } 2585 2583 2586 2584 if (has_microcode) { ··· 2592 2590 */ 2593 2591 if (boot_cpu_data.x86 < 0x19 && !cpu_smt_possible()) { 2594 2592 setup_force_cpu_cap(X86_FEATURE_SRSO_NO); 2595 - return; 2593 + goto out; 2596 2594 } 2597 2595 2598 2596 if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB) { ··· 2672 2670 2673 2671 ibpb_on_vmexit: 2674 2672 case SRSO_CMD_IBPB_ON_VMEXIT: 2673 + if (boot_cpu_has(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) { 2674 + pr_notice("Reducing speculation to address VM/HV SRSO attack vector.\n"); 2675 + srso_mitigation = SRSO_MITIGATION_BP_SPEC_REDUCE; 2676 + break; 2677 + } 2678 + 2675 2679 if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { 2676 2680 if (has_microcode) { 2677 2681 setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); ··· 2699 2691 } 2700 2692 2701 2693 out: 2702 - pr_info("%s\n", srso_strings[srso_mitigation]); 2694 + /* 2695 + * Clear the feature flag if this mitigation is not selected as that 2696 + * feature flag controls the BpSpecReduce MSR bit toggling in KVM. 2697 + */ 2698 + if (srso_mitigation != SRSO_MITIGATION_BP_SPEC_REDUCE) 2699 + setup_clear_cpu_cap(X86_FEATURE_SRSO_BP_SPEC_REDUCE); 2700 + 2701 + if (srso_mitigation != SRSO_MITIGATION_NONE) 2702 + pr_info("%s\n", srso_strings[srso_mitigation]); 2703 2703 } 2704 2704 2705 2705 #undef pr_fmt

arch/x86/kvm/svm/svm.c

··· 607 607 kvm_cpu_svm_disable(); 608 608 609 609 amd_pmu_disable_virt(); 610 + 611 + if (cpu_feature_enabled(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) 612 + msr_clear_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_BP_SPEC_REDUCE_BIT); 610 613 } 611 614 612 615 static int svm_enable_virtualization_cpu(void) ··· 686 683 687 684 rdmsr(MSR_TSC_AUX, sev_es_host_save_area(sd)->tsc_aux, msr_hi); 688 685 } 686 + 687 + if (cpu_feature_enabled(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) 688 + msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_BP_SPEC_REDUCE_BIT); 689 689 690 690 return 0; 691 691 }

arch/x86/lib/msr.c

··· 103 103 { 104 104 return __flip_bit(msr, bit, true); 105 105 } 106 + EXPORT_SYMBOL_GPL(msr_set_bit); 106 107 107 108 /** 108 109 * msr_clear_bit - Clear @bit in a MSR @msr. ··· 119 118 { 120 119 return __flip_bit(msr, bit, false); 121 120 } 121 + EXPORT_SYMBOL_GPL(msr_clear_bit); 122 122 123 123 #ifdef CONFIG_TRACEPOINTS 124 124 void do_trace_write_msr(unsigned int msr, u64 val, int failed)