github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
9362cd2b47
linux/arch
History
Josh Poimboeuf 9362cd2b47 UPSTREAM: x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT 
commit 0de05d056a upstream.

The commit

   44a3918c82 ("x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting")

added a warning for the "eIBRS + unprivileged eBPF" combination, which
has been shown to be vulnerable against Spectre v2 BHB-based attacks.

However, there's no warning about the "eIBRS + LFENCE retpoline +
unprivileged eBPF" combo. The LFENCE adds more protection by shortening
the speculation window after a mispredicted branch. That makes an attack
significantly more difficult, even with unprivileged eBPF. So at least
for now the logic doesn't warn about that combination.

But if you then add SMT into the mix, the SMT attack angle weakens the
effectiveness of the LFENCE considerably.

So extend the "eIBRS + unprivileged eBPF" warning to also include the
"eIBRS + LFENCE + unprivileged eBPF + SMT" case.

  [ bp: Massage commit message. ]

Bug: 215557547
Suggested-by: Alyssa Milburn <alyssa.milburn@linux.intel.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1d99e035c6fc53fac367b0423056dc75237ed430
2022-03-14 14:44:48 +01:00
..
alpha Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
arc ARC: export clear_user_page() for modules 2021-09-22 12:28:04 +02:00
arm Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
arm64 ANDROID: fault: Add vendor hook for TLB conflict 2022-03-10 21:00:12 +00:00
c6x
csky This is the 5.10.75 stable release 2021-10-20 11:53:41 +02:00
h8300
hexagon
ia64 Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
m68k Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
microblaze UPSTREAM: mm: wire up syscall process_mrelease 2022-01-06 17:37:36 +00:00
mips Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
nds32
nios2 nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST 2021-11-02 19:48:23 +01:00
openrisc openrisc: fix SMP tlb flush NULL pointer dereference 2021-11-18 14:04:25 +01:00
parisc Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
powerpc Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
riscv This is the 5.10.77 stable release 2021-11-02 20:03:12 +01:00
s390 Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
sh Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
sparc Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
um This is the 5.10.69 stable release 2021-09-30 18:36:17 +02:00
x86 UPSTREAM: x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT 2022-03-14 14:44:48 +01:00
xtensa Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
.gitignore
Kconfig This is the 5.10.80 stable release 2021-11-19 11:50:41 +01:00