diff options
Diffstat (limited to 'system/xen/xsa/xsa305-4.12-2.patch')
-rw-r--r-- | system/xen/xsa/xsa305-4.12-2.patch | 192 |
1 files changed, 192 insertions, 0 deletions
diff --git a/system/xen/xsa/xsa305-4.12-2.patch b/system/xen/xsa/xsa305-4.12-2.patch new file mode 100644 index 0000000000..07fba86287 --- /dev/null +++ b/system/xen/xsa/xsa305-4.12-2.patch @@ -0,0 +1,192 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/spec-ctrl: Mitigate the TSX Asynchronous Abort sidechannel + +See patch documentation and comments. + +This is part of XSA-305 / CVE-2019-11135 + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc +index b7e1bf8e8b..74e1e35b88 100644 +--- a/docs/misc/xen-command-line.pandoc ++++ b/docs/misc/xen-command-line.pandoc +@@ -1920,7 +1920,7 @@ extreme care.** + An overall boolean value, `spec-ctrl=no`, can be specified to turn off all + mitigations, including pieces of infrastructure used to virtualise certain + mitigation features for guests. This also includes settings which `xpti`, +-`smt`, `pv-l1tf` control, unless the respective option(s) have been ++`smt`, `pv-l1tf`, `tsx` control, unless the respective option(s) have been + specified earlier on the command line. + + Alternatively, a slightly more restricted `spec-ctrl=no-xen` can be used to +@@ -2037,7 +2037,7 @@ Xen version. + = <bool> + + Applicability: x86 +- Default: true ++ Default: false on parts vulnerable to TAA, true otherwise + + Controls for the use of Transactional Synchronization eXtensions. + +@@ -2047,6 +2047,19 @@ a control has been introduced which allows TSX to be turned off. + On systems with the ability to turn TSX off, this boolean offers system wide + control of whether TSX is enabled or disabled. + ++On parts vulnerable to CVE-2019-11135 / TSX Asynchronous Abort, the following ++logic applies: ++ ++ * An explicit `tsx=` choice is honoured, even if it is `true` and would ++ result in a vulnerable system. ++ ++ * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be ++ mitigated by disabling TSX, as this is the lowest overhead option. ++ ++ * If the use of TSX is important, the more expensive TAA mitigations can be ++ opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain ++ active by default. ++ + ### ucode (x86) + > `= [<integer> | scan]` + +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index b37d40e643..800139d79c 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -96,6 +96,9 @@ static int __init parse_spec_ctrl(const char *s) + if ( opt_pv_l1tf_domu < 0 ) + opt_pv_l1tf_domu = 0; + ++ if ( opt_tsx == -1 ) ++ opt_tsx = -3; ++ + disable_common: + opt_rsb_pv = false; + opt_rsb_hvm = false; +@@ -306,7 +309,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + printk("Speculative mitigation facilities:\n"); + + /* Hardware features which pertain to speculative mitigations. */ +- printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", ++ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", +@@ -318,7 +321,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", + (caps & ARCH_CAPS_SKIP_L1DFL) ? " SKIP_L1DFL": "", + (caps & ARCH_CAPS_SSB_NO) ? " SSB_NO" : "", +- (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : ""); ++ (caps & ARCH_CAPS_MDS_NO) ? " MDS_NO" : "", ++ (caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL" : "", ++ (caps & ARCH_CAPS_TAA_NO) ? " TAA_NO" : ""); + + /* Compiled-in support which pertains to mitigations. */ + if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) || IS_ENABLED(CONFIG_SHADOW_PAGING) ) +@@ -332,7 +337,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + "\n"); + + /* Settings for Xen's protection, irrespective of guests. */ +- printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s, Other:%s%s%s\n", ++ printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s\n", + thunk == THUNK_NONE ? "N/A" : + thunk == THUNK_RETPOLINE ? "RETPOLINE" : + thunk == THUNK_LFENCE ? "LFENCE" : +@@ -341,6 +346,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", + !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", ++ !(caps & ARCH_CAPS_TSX_CTRL) ? "" : ++ (opt_tsx & 1) ? " TSX+" : " TSX-", + opt_ibpb ? " IBPB" : "", + opt_l1d_flush ? " L1D_FLUSH" : "", + opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : ""); +@@ -862,6 +869,7 @@ void __init init_speculation_mitigations(void) + { + enum ind_thunk thunk = THUNK_DEFAULT; + bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; ++ bool cpu_has_bug_taa; + uint64_t caps = 0; + + if ( boot_cpu_has(X86_FEATURE_ARCH_CAPS) ) +@@ -1086,6 +1094,53 @@ void __init init_speculation_mitigations(void) + "enabled. Mitigations will not be fully effective. Please\n" + "choose an explicit smt=<bool> setting. See XSA-297.\n"); + ++ /* ++ * Vulnerability to TAA is a little complicated to quantify. ++ * ++ * In the pipeline, it is just another way to get speculative access to ++ * stale load port, store buffer or fill buffer data, and therefore can be ++ * considered a superset of MDS (on TSX-capable parts). On parts which ++ * predate MDS_NO, the existing VERW flushing will mitigate this ++ * sidechannel as well. ++ * ++ * On parts which contain MDS_NO, the lack of VERW flushing means that an ++ * attacker can still use TSX to target microarchitectural buffers to leak ++ * secrets. Therefore, we consider TAA to be the set of TSX-capable parts ++ * which have MDS_NO but lack TAA_NO. ++ * ++ * Note: cpu_has_rtm (== hle) could already be hidden by `tsx=0` on the ++ * cmdline. MSR_TSX_CTRL will only appear on TSX-capable parts, so ++ * we check both to spot TSX in a microcode/cmdline independent way. ++ */ ++ cpu_has_bug_taa = ++ (cpu_has_rtm || (caps & ARCH_CAPS_TSX_CTRL)) && ++ (caps & (ARCH_CAPS_MDS_NO | ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO; ++ ++ /* ++ * On TAA-affected hardware, disabling TSX is the preferred mitigation, vs ++ * the MDS mitigation of disabling HT and using VERW flushing. ++ * ++ * On CPUs which advertise MDS_NO, VERW has no flushing side effect until ++ * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being ++ * advertised, and there isn't a MD_CLEAR_2 flag to use... ++ * ++ * If we're on affected hardware, able to do something about it (which ++ * implies that VERW now works), no explicit TSX choice and traditional ++ * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might ++ * plausibly value TSX higher than Hyperthreading...), disable TSX to ++ * mitigate TAA. ++ */ ++ if ( opt_tsx == -1 && cpu_has_bug_taa && (caps & ARCH_CAPS_TSX_CTRL) && ++ ((hw_smt_enabled && opt_smt) || ++ !boot_cpu_has(X86_FEATURE_SC_VERW_IDLE)) ) ++ { ++ setup_clear_cpu_cap(X86_FEATURE_HLE); ++ setup_clear_cpu_cap(X86_FEATURE_RTM); ++ ++ opt_tsx = 0; ++ tsx_init(); ++ } ++ + print_details(thunk, caps); + + /* +diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c +index a8ec2ccc69..2d202a0d4e 100644 +--- a/xen/arch/x86/tsx.c ++++ b/xen/arch/x86/tsx.c +@@ -5,7 +5,8 @@ + * Valid values: + * 1 => Explicit tsx=1 + * 0 => Explicit tsx=0 +- * -1 => Default, implicit tsx=1 ++ * -1 => Default, implicit tsx=1, may change to 0 to mitigate TAA ++ * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) + * + * This is arranged such that the bottom bit encodes whether TSX is actually + * disabled, while identifying various explicit (>=0) and implicit (<0) +diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h +index d5f3899f73..3971b992d3 100644 +--- a/xen/include/asm-x86/msr-index.h ++++ b/xen/include/asm-x86/msr-index.h +@@ -54,6 +54,7 @@ + #define ARCH_CAPS_MDS_NO (_AC(1, ULL) << 5) + #define ARCH_CAPS_IF_PSCHANGE_MC_NO (_AC(1, ULL) << 6) + #define ARCH_CAPS_TSX_CTRL (_AC(1, ULL) << 7) ++#define ARCH_CAPS_TAA_NO (_AC(1, ULL) << 8) + + #define MSR_FLUSH_CMD 0x0000010b + #define FLUSH_CMD_L1D (_AC(1, ULL) << 0) |