git.baikalelectronics.ru Git - kernel.git/commit

author	Tony Luck <tony.luck@intel.com>
	Thu, 28 May 2020 20:13:54 +0000 (16:13 -0400)
committer	Thomas Gleixner <tglx@linutronix.de>
	Thu, 18 Jun 2020 13:47:02 +0000 (15:47 +0200)
commit	c966e9322d221388140dea04acb3c11663a76396
tree	bc0fbfea5d488be22125def0ebfbc5517ede15d6	tree \| snapshot
parent	317603610444870b4f8347645d60cac8085d2c55	commit \| diff

x86/speculation/swapgs: Check FSGSBASE in enabling SWAPGS mitigation

Before enabling FSGSBASE the kernel could safely assume that the content
of GS base was a user address. Thus any speculative access as the result
of a mispredicted branch controlling the execution of SWAPGS would be to
a user address. So systems with speculation-proof SMAP did not need to
add additional LFENCE instructions to mitigate.

With FSGSBASE enabled a hostile user can set GS base to a kernel address.
So they can make the kernel speculatively access data they wish to leak
via a side channel. This means that SMAP provides no protection.

Add FSGSBASE as an additional condition to enable the fence-based SWAPGS
mitigation.

Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20200528201402.1708239-9-sashal@kernel.org