x86: up-level speculative attack mitigations

These are now part of the common Kconfig and we build spec_ctrl.c for all. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2019-11-19 23:28:17 -08:00 · 2019-11-19 23:28:17 -08:00 · edc14e50ad
commit edc14e50ad
parent c71e66e2a5
5 changed files with 52 additions and 52 deletions
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@ -225,6 +225,56 @@ config X86_NO_SPECULATIVE_VULNERABILITIES
 	  or is a newer chip which is immune to the class of vulnerabilities
 	  which exploit speculative execution side channel attacks.

+config DISABLE_SSBD
+	bool "Disable Speculative Store Bypass"
+	depends on USERSPACE
+	default y if !X86_NO_SPECTRE_V4
+	help
+	  This option will disable Speculative Store Bypass in order to
+	  mitigate against certain kinds of side channel attacks.  Quoting
+	  the "Speculative Execution Side Channels" document, version 2.0:
+
+	      When SSBD is set, loads will not execute speculatively
+	      until the addresses of all older stores are known.  This
+	      ensure s that a load does not speculatively consume stale
+	      data values due to bypassing an older store on the same
+	      logical processor.
+
+	  If enabled, this applies to all threads in the system.
+
+	  Even if enabled, will have no effect on CPUs that do not
+	  require this feature.
+
+config ENABLE_EXTENDED_IBRS
+	bool "Enable Extended IBRS"
+	depends on USERSPACE
+	default y if !X86_NO_SPECTRE_V2
+	help
+	  This option will enable the Extended Indirect Branch Restricted
+	  Speculation 'always on' feature. This mitigates Indirect Branch
+	  Control vulnerabilities (aka Spectre V2).
+
+config X86_BOUNDS_CHECK_BYPASS_MITIGATION
+	bool
+	depends on USERSPACE
+	default y if !X86_NO_SPECTRE_V1
+	select BOUNDS_CHECK_BYPASS_MITIGATION
+	help
+	  Hidden config to select arch-independent option to enable
+	  Spectre V1 mitigations by default if the CPU is not known
+	  to be immune to it.
+
+config X86_KPTI
+	bool "Enable kernel page table isolation"
+	default y
+	depends on USERSPACE
+	depends on !X86_NO_MELTDOWN
+	help
+	  Implements kernel page table isolation to mitigate Meltdown exploits
+	  to read Kernel RAM. Incurs a significant performance cost for
+	  user thread interrupts and system calls, and significant footprint
+	  increase for additional page tables and trampoline stacks.
+
 source "arch/x86/core/Kconfig.ia32"
 source "arch/x86/core/Kconfig.intel64"

--- a/arch/x86/core/CMakeLists.txt
+++ b/arch/x86/core/CMakeLists.txt
@ -11,6 +11,7 @@ zephyr_library_sources(cpuhalt.c)
 zephyr_library_sources(memmap.c)
 zephyr_library_sources(prep_c.c)
 zephyr_library_sources(fatal.c)
+zephyr_library_sources(spec_ctrl.c)

 zephyr_library_sources_if_kconfig(pcie.c)
 zephyr_library_sources_if_kconfig(reboot_rst_cnt.c)
--- a/arch/x86/core/Kconfig.ia32
+++ b/arch/x86/core/Kconfig.ia32
@ -41,34 +41,7 @@ config GDT_DYNAMIC

 endmenu

-config DISABLE_SSBD
-	bool "Disable Speculative Store Bypass"
-	depends on USERSPACE
-	default y if !X86_NO_SPECTRE_V4
-	help
-	  This option will disable Speculative Store Bypass in order to
-	  mitigate against certain kinds of side channel attacks.  Quoting
-	  the "Speculative Execution Side Channels" document, version 2.0:
-
-	      When SSBD is set, loads will not execute speculatively
-	      until the addresses of all older stores are known.  This
-	      ensure s that a load does not speculatively consume stale
-	      data values due to bypassing an older store on the same
-	      logical processor.
-
-	  If enabled, this applies to all threads in the system.
-
-	  Even if enabled, will have no effect on CPUs that do not
-	  require this feature.
-
-config ENABLE_EXTENDED_IBRS
-	bool "Enable Extended IBRS"
-	depends on USERSPACE
-	default y if !X86_NO_SPECTRE_V2
-	help
-	  This option will enable the Extended Indirect Branch Restricted
-	  Speculation 'always on' feature. This mitigates Indirect Branch
-	  Control vulnerabilities (aka Spectre V2).
+menu "Processor Capabilities"

 config X86_RETPOLINE
 	bool "Build with retpolines enabled in x86 assembly code"
@ -80,18 +53,6 @@ config X86_RETPOLINE

 	  [1] https://support.google.com/faqs/answer/7625886

-config X86_BOUNDS_CHECK_BYPASS_MITIGATION
-	bool
-	depends on USERSPACE
-	default y if !X86_NO_SPECTRE_V1
-	select BOUNDS_CHECK_BYPASS_MITIGATION
-	help
-	  Hidden config to select arch-independent option to enable
-	  Spectre V1 mitigations by default if the CPU is not known
-	  to be immune to it.
-
-menu "Processor Capabilities"
-
 config X86_ENABLE_TSS
 	bool
 	help
@ -124,17 +85,6 @@ config X86_USERSPACE
 	  supporting user-level threads that are protected from each other and
 	  from crashing the kernel.

-config X86_KPTI
-	bool "Enable kernel page table isolation"
-	default y
-	depends on USERSPACE
-	depends on !X86_NO_MELTDOWN
-	help
-	  Implements kernel page table isolation to mitigate Meltdown exploits
-	  to read Kernel RAM. Incurs a significant performance cost for
-	  user thread interrupts and system calls, and significant footprint
-	  increase for additional page tables and trampoline stacks.
-
 menu "Architecture Floating Point Options"
 depends on CPU_HAS_FPU

--- a/arch/x86/core/ia32.cmake
+++ b/arch/x86/core/ia32.cmake
@ -17,7 +17,6 @@ zephyr_library_sources(
  ia32/irq_manage.c
  ia32/swap.S
  ia32/thread.c
-  ia32/spec_ctrl.c
  )

 zephyr_library_sources_ifdef(CONFIG_IRQ_OFFLOAD		ia32/irq_offload.c)
--- a/arch/x86/core/ia32/spec_ctrl.c
+++ b/arch/x86/core/ia32/spec_ctrl.c