x86: mitigate swapgs Spectre V1 attacks

See CVE-2019-1125. We mitigate this by adding an 'lfence'
upon interrupt/exception entry after the decision has been
made whether it's necessary to invoke 'swapgs' or not.

Only applies to x86_64, 32-bit doesn't use swapgs.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit is contained in:
Andrew Boie 2020-01-03 18:13:33 -08:00 committed by Anas Nashif
commit 4fcf28ef25
2 changed files with 17 additions and 4 deletions

View file

@ -188,8 +188,9 @@ config X86_NO_SPECTRE_V1
bool
help
This hidden option should be set on a per-SOC basis to indicate that
a particular SOC is not vulnerable to the Spectre V1, V1.1, and V1.2
CPU vulnerabilities as described in CVE-2017-5753 and CVE-2018-3693.
a particular SOC is not vulnerable to the Spectre V1, V1.1, V1.2, and
swapgs CPU vulnerabilities as described in CVE-2017-5753,
CVE-2018-3693, and CVE-2019-1125.
config X86_NO_SPECTRE_V2
bool

View file

@ -310,8 +310,12 @@ __resume:
jz 1f
swapgs
#endif /* CONFIG_USERSPACE */
1: iretq
1:
#ifdef CONFIG_X86_BOUNDS_CHECK_BYPASS_MITIGATION
/* swapgs variant of Spectre V1. Disable speculation past this point */
lfence
#endif /* CONFIG_X86_BOUNDS_CHECK_BYPASS_MITIGATION */
iretq
@ -329,6 +333,10 @@ except: /*
jz 1f
swapgs
1:
#ifdef CONFIG_X86_BOUNDS_CHECK_BYPASS_MITIGATION
/* swapgs variant of Spectre V1. Disable speculation past this point */
lfence
#endif /* CONFIG_X86_BOUNDS_CHECK_BYPASS_MITIGATION */
#endif /* CONFIG_USERSPACE */
pushq %r15
subq $X86_FXSAVE_SIZE, %rsp
@ -427,6 +435,10 @@ irq:
jz 1f
swapgs
1:
#ifdef CONFIG_X86_BOUNDS_CHECK_BYPASS_MITIGATION
/* swapgs variant of Spectre V1. Disable speculation past this point */
lfence
#endif /* CONFIG_X86_BOUNDS_CHECK_BYPASS_MITIGATION */
#endif /* CONFIG_USERSPACE */
pushq %rsi
movq %gs:__x86_tss64_t_cpu_OFFSET, %rsi