zephyr/arch/x86/core/spec_ctrl.c

/*
 * Copyright (c) 2018 Intel Corporation
 *
 * SPDX-License-Identifier: Apache-2.0
 */

#include <zephyr/init.h>
#include <zephyr/kernel.h>
#include <kernel_arch_data.h>
#include <kernel_arch_func.h>
#include <zephyr/arch/x86/msr.h>
#include <zephyr/arch/x86/cpuid.h>

/*
 * See:
 * https://software.intel.com/security-software-guidance/api-app/sites/default/files/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
 */

#if defined(CONFIG_X86_DISABLE_SSBD) || defined(CONFIG_X86_ENABLE_EXTENDED_IBRS)
int spec_ctrl_init(void)
{

	uint32_t enable_bits = 0U;
	uint32_t cpuid7 = z_x86_cpuid_extended_features();

#ifdef CONFIG_X86_DISABLE_SSBD
	if ((cpuid7 & CPUID_SPEC_CTRL_SSBD) != 0U) {
		enable_bits |= X86_SPEC_CTRL_MSR_SSBD;
	}
#endif
#ifdef CONFIG_X86_ENABLE_EXTENDED_IBRS
	if ((cpuid7 & CPUID_SPEC_CTRL_IBRS) != 0U) {
		enable_bits |= X86_SPEC_CTRL_MSR_IBRS;
	}
#endif
	if (enable_bits != 0U) {
		uint64_t cur = z_x86_msr_read(X86_SPEC_CTRL_MSR);

		z_x86_msr_write(X86_SPEC_CTRL_MSR,
			       cur | enable_bits);
	}

	return 0;
}

#endif /* CONFIG_X86_DISABLE_SSBD || CONFIG_X86_ENABLE_EXTENDED_IBRS */
arch: x86: Allow disabling speculative store bypass In order to mitigate against Spectre V4, add an option that will, at boot time, verify if the CPU supports the SPEC_CTRL MSR; if so, it'll attempt to disable the feature. More information can be found in chapter 4 (Speculative Store Bypass Mitigation) of the "Speculative Execution Side Channel Mitigations" document, version 2, published by Intel: https://goo.gl/nocTcj Signed-off-by: Leandro Pereira <leandro.pereira@intel.com> 2018-05-21 17:47:47 -07:00			`/*`
			`* Copyright (c) 2018 Intel Corporation`
			`*`
			`* SPDX-License-Identifier: Apache-2.0`
			`*/`

arch: migrate includes to <zephyr/...> In order to bring consistency in-tree, migrate all arch code to the new prefix <zephyr/...>. Note that the conversion has been scripted, refer to zephyrproject-rtos#45388 for more details. Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no> 2022-05-06 10:49:15 +02:00			`#include <zephyr/init.h>`
arch: x86: core: include kernel.h first There seems to be an unresolved dependency chain in some x86 arch headers, this file needs kernel.h to be included before arch_data/func. This patch is a workaround, but problem should be fixed properly at some point. Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no> 2022-10-05 16:09:51 +02:00			`#include <zephyr/kernel.h>`
arch: x86: Allow disabling speculative store bypass In order to mitigate against Spectre V4, add an option that will, at boot time, verify if the CPU supports the SPEC_CTRL MSR; if so, it'll attempt to disable the feature. More information can be found in chapter 4 (Speculative Store Bypass Mitigation) of the "Speculative Execution Side Channel Mitigations" document, version 2, published by Intel: https://goo.gl/nocTcj Signed-off-by: Leandro Pereira <leandro.pereira@intel.com> 2018-05-21 17:47:47 -07:00			`#include <kernel_arch_data.h>`
			`#include <kernel_arch_func.h>`
arch: migrate includes to <zephyr/...> In order to bring consistency in-tree, migrate all arch code to the new prefix <zephyr/...>. Note that the conversion has been scripted, refer to zephyrproject-rtos#45388 for more details. Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no> 2022-05-06 10:49:15 +02:00			`#include <zephyr/arch/x86/msr.h>`
			`#include <zephyr/arch/x86/cpuid.h>`
arch: x86: Allow disabling speculative store bypass In order to mitigate against Spectre V4, add an option that will, at boot time, verify if the CPU supports the SPEC_CTRL MSR; if so, it'll attempt to disable the feature. More information can be found in chapter 4 (Speculative Store Bypass Mitigation) of the "Speculative Execution Side Channel Mitigations" document, version 2, published by Intel: https://goo.gl/nocTcj Signed-off-by: Leandro Pereira <leandro.pereira@intel.com> 2018-05-21 17:47:47 -07:00
x86: enable Extended IBRS This is a CPU mitigation feature for Spectre V2 attacks Signed-off-by: Andrew Boie <andrew.p.boie@intel.com> 2019-02-28 15:51:56 -08:00			`/*`
			`* See:`
			`* https://software.intel.com/security-software-guidance/api-app/sites/default/files/336996-Speculative-Execution-Side-Channel-Mitigations.pdf`
			`*/`

x86: prefix x86 SSBD and IBRS related kconfigs with X86 There are two kconfigs that are security related and are x86 specific. Prefix them with X86 to put them under the x86 namespace. Signed-off-by: Daniel Leung <daniel.leung@intel.com> 2024-03-01 10:43:41 -08:00			`#if defined(CONFIG_X86_DISABLE_SSBD) \|\| defined(CONFIG_X86_ENABLE_EXTENDED_IBRS)`
x86: init spec_ctrl in prep_c, do not use SYS_INIT Do not use SYS_INIT, call init script directly. Signed-off-by: Anas Nashif <anas.nashif@intel.com> 2024-07-08 17:11:10 -04:00			`int spec_ctrl_init(void)`
arch: x86: Allow disabling speculative store bypass In order to mitigate against Spectre V4, add an option that will, at boot time, verify if the CPU supports the SPEC_CTRL MSR; if so, it'll attempt to disable the feature. More information can be found in chapter 4 (Speculative Store Bypass Mitigation) of the "Speculative Execution Side Channel Mitigations" document, version 2, published by Intel: https://goo.gl/nocTcj Signed-off-by: Leandro Pereira <leandro.pereira@intel.com> 2018-05-21 17:47:47 -07:00			`{`
x86: enable Extended IBRS This is a CPU mitigation feature for Spectre V2 attacks Signed-off-by: Andrew Boie <andrew.p.boie@intel.com> 2019-02-28 15:51:56 -08:00
zephyr: replace zephyr integer types with C99 types git grep -l 'u\(8\\|16\\|32\\|64\)_t' \| \ xargs sed -i "s/u\(8\\|16\\|32\\|64\)_t/uint\1_t/g" git grep -l 's\(8\\|16\\|32\\|64\)_t' \| \ xargs sed -i "s/s\(8\\|16\\|32\\|64\)_t/int\1_t/g" Signed-off-by: Kumar Gala <kumar.gala@linaro.org> 2020-05-27 11:26:57 -05:00			`uint32_t enable_bits = 0U;`
arch/x86: Have a dedicated place for CPUID related functions This will centralize CPUID related accessors. There was no need for it so far, but this is going to change. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> 2022-02-04 09:55:47 +01:00			`uint32_t cpuid7 = z_x86_cpuid_extended_features();`
x86: enable Extended IBRS This is a CPU mitigation feature for Spectre V2 attacks Signed-off-by: Andrew Boie <andrew.p.boie@intel.com> 2019-02-28 15:51:56 -08:00
x86: prefix x86 SSBD and IBRS related kconfigs with X86 There are two kconfigs that are security related and are x86 specific. Prefix them with X86 to put them under the x86 namespace. Signed-off-by: Daniel Leung <daniel.leung@intel.com> 2024-03-01 10:43:41 -08:00			`#ifdef CONFIG_X86_DISABLE_SSBD`
all: Add 'U' suffix when using unsigned variables Add a 'U' suffix to values when computing and comparing against unsigned variables. Signed-off-by: Patrik Flykt <patrik.flykt@intel.com> 2019-03-26 19:57:45 -06:00			`if ((cpuid7 & CPUID_SPEC_CTRL_SSBD) != 0U) {`
arch/x86: clean up model-specific register definitions in msr.h Eliminate definitions for MSRs that we don't use. Centralize the definitions for the MSRs that we do use, including their fields. Signed-off-by: Charles E. Youse <charles.youse@intel.com> 2019-06-27 10:41:58 -07:00			`enable_bits \|= X86_SPEC_CTRL_MSR_SSBD;`
x86: enable Extended IBRS This is a CPU mitigation feature for Spectre V2 attacks Signed-off-by: Andrew Boie <andrew.p.boie@intel.com> 2019-02-28 15:51:56 -08:00			`}`
			`#endif`
x86: prefix x86 SSBD and IBRS related kconfigs with X86 There are two kconfigs that are security related and are x86 specific. Prefix them with X86 to put them under the x86 namespace. Signed-off-by: Daniel Leung <daniel.leung@intel.com> 2024-03-01 10:43:41 -08:00			`#ifdef CONFIG_X86_ENABLE_EXTENDED_IBRS`
all: Add 'U' suffix when using unsigned variables Add a 'U' suffix to values when computing and comparing against unsigned variables. Signed-off-by: Patrik Flykt <patrik.flykt@intel.com> 2019-03-26 19:57:45 -06:00			`if ((cpuid7 & CPUID_SPEC_CTRL_IBRS) != 0U) {`
arch/x86: clean up model-specific register definitions in msr.h Eliminate definitions for MSRs that we don't use. Centralize the definitions for the MSRs that we do use, including their fields. Signed-off-by: Charles E. Youse <charles.youse@intel.com> 2019-06-27 10:41:58 -07:00			`enable_bits \|= X86_SPEC_CTRL_MSR_IBRS;`
x86: enable Extended IBRS This is a CPU mitigation feature for Spectre V2 attacks Signed-off-by: Andrew Boie <andrew.p.boie@intel.com> 2019-02-28 15:51:56 -08:00			`}`
			`#endif`
all: Add 'U' suffix when using unsigned variables Add a 'U' suffix to values when computing and comparing against unsigned variables. Signed-off-by: Patrik Flykt <patrik.flykt@intel.com> 2019-03-26 19:57:45 -06:00			`if (enable_bits != 0U) {`
zephyr: replace zephyr integer types with C99 types git grep -l 'u\(8\\|16\\|32\\|64\)_t' \| \ xargs sed -i "s/u\(8\\|16\\|32\\|64\)_t/uint\1_t/g" git grep -l 's\(8\\|16\\|32\\|64\)_t' \| \ xargs sed -i "s/s\(8\\|16\\|32\\|64\)_t/int\1_t/g" Signed-off-by: Kumar Gala <kumar.gala@linaro.org> 2020-05-27 11:26:57 -05:00			`uint64_t cur = z_x86_msr_read(X86_SPEC_CTRL_MSR);`
arch: x86: Allow disabling speculative store bypass In order to mitigate against Spectre V4, add an option that will, at boot time, verify if the CPU supports the SPEC_CTRL MSR; if so, it'll attempt to disable the feature. More information can be found in chapter 4 (Speculative Store Bypass Mitigation) of the "Speculative Execution Side Channel Mitigations" document, version 2, published by Intel: https://goo.gl/nocTcj Signed-off-by: Leandro Pereira <leandro.pereira@intel.com> 2018-05-21 17:47:47 -07:00
arch/x86: move MSR definitions to include/arch/x86/msr.h Light reorganization. All MSR definitions and manipulation functions are consolidated into one header. The names are changed to use an X86_* prefix instead of IA32_* which is misleading/incorrect. Signed-off-by: Charles E. Youse <charles.youse@intel.com> 2019-06-04 12:42:01 -07:00			`z_x86_msr_write(X86_SPEC_CTRL_MSR,`
x86: enable Extended IBRS This is a CPU mitigation feature for Spectre V2 attacks Signed-off-by: Andrew Boie <andrew.p.boie@intel.com> 2019-02-28 15:51:56 -08:00			`cur \| enable_bits);`
arch: x86: Allow disabling speculative store bypass In order to mitigate against Spectre V4, add an option that will, at boot time, verify if the CPU supports the SPEC_CTRL MSR; if so, it'll attempt to disable the feature. More information can be found in chapter 4 (Speculative Store Bypass Mitigation) of the "Speculative Execution Side Channel Mitigations" document, version 2, published by Intel: https://goo.gl/nocTcj Signed-off-by: Leandro Pereira <leandro.pereira@intel.com> 2018-05-21 17:47:47 -07:00			`}`

			`return 0;`
			`}`

x86: prefix x86 SSBD and IBRS related kconfigs with X86 There are two kconfigs that are security related and are x86 specific. Prefix them with X86 to put them under the x86 namespace. Signed-off-by: Daniel Leung <daniel.leung@intel.com> 2024-03-01 10:43:41 -08:00			`#endif /* CONFIG_X86_DISABLE_SSBD \|\| CONFIG_X86_ENABLE_EXTENDED_IBRS */`