• Konrad Rzeszutek Wilk's avatar
    x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation · 24f7fc83
    Konrad Rzeszutek Wilk authored
    Contemporary high performance processors use a common industry-wide
    optimization known as "Speculative Store Bypass" in which loads from
    addresses to which a recent store has occurred may (speculatively) see an
    older value. Intel refers to this feature as "Memory Disambiguation" which
    is part of their "Smart Memory Access" capability.
    
    Memory Disambiguation can expose a cache side-channel attack against such
    speculatively read values. An attacker can create exploit code that allows
    them to read memory outside of a sandbox environment (for example,
    malicious JavaScript in a web page), or to perform more complex attacks
    against code running within the same privilege level, e.g. via the stack.
    
    As a first step to mitigate against such attacks, provide two boot command
    line control knobs:
    
     nospec_store_bypass_disable
     spec_store_bypass_disable=[off,auto,on]
    
    By default affected x86 processors will power on with Speculative
    Store Bypass enabled. Hence the provided kernel parameters are written
    from the point of view of whether to enable a mitigation or not.
    The parameters are as follows:
    
     - auto - Kernel detects whether your CPU model contains an implementation
    	  of Speculative Store Bypass and picks the most appropriate
    	  mitigation.
    
     - on   - disable Speculative Store Bypass
     - off  - enable Speculative Store Bypass
    
    [ tglx: Reordered the checks so that the whole evaluation is not done
      	when the CPU does not support RDS ]
    Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
    Reviewed-by: default avatarIngo Molnar <mingo@kernel.org>
    24f7fc83
nospec-branch.h 9.57 KB