1 .. SPDX-License-Identifier: GPL-2.0 1 .. SPDX-License-Identifier: GPL-2.0
2 2
3 Spectre Side Channels 3 Spectre Side Channels
4 ===================== 4 =====================
5 5
6 Spectre is a class of side channel attacks tha 6 Spectre is a class of side channel attacks that exploit branch prediction
7 and speculative execution on modern CPUs to re 7 and speculative execution on modern CPUs to read memory, possibly
8 bypassing access controls. Speculative executi 8 bypassing access controls. Speculative execution side channel exploits
9 do not modify memory but attempt to infer priv 9 do not modify memory but attempt to infer privileged data in the memory.
10 10
11 This document covers Spectre variant 1 and Spe 11 This document covers Spectre variant 1 and Spectre variant 2.
12 12
13 Affected processors 13 Affected processors
14 ------------------- 14 -------------------
15 15
16 Speculative execution side channel methods aff 16 Speculative execution side channel methods affect a wide range of modern
17 high performance processors, since most modern 17 high performance processors, since most modern high speed processors
18 use branch prediction and speculative executio 18 use branch prediction and speculative execution.
19 19
20 The following CPUs are vulnerable: 20 The following CPUs are vulnerable:
21 21
22 - Intel Core, Atom, Pentium, and Xeon proc 22 - Intel Core, Atom, Pentium, and Xeon processors
23 23
24 - AMD Phenom, EPYC, and Zen processors 24 - AMD Phenom, EPYC, and Zen processors
25 25
26 - IBM POWER and zSeries processors 26 - IBM POWER and zSeries processors
27 27
28 - Higher end ARM processors 28 - Higher end ARM processors
29 29
30 - Apple CPUs 30 - Apple CPUs
31 31
32 - Higher end MIPS CPUs 32 - Higher end MIPS CPUs
33 33
34 - Likely most other high performance CPUs. 34 - Likely most other high performance CPUs. Contact your CPU vendor for details.
35 35
36 Whether a processor is affected or not can be 36 Whether a processor is affected or not can be read out from the Spectre
37 vulnerability files in sysfs. See :ref:`spectr 37 vulnerability files in sysfs. See :ref:`spectre_sys_info`.
38 38
39 Related CVEs 39 Related CVEs
40 ------------ 40 ------------
41 41
42 The following CVE entries describe Spectre var 42 The following CVE entries describe Spectre variants:
43 43
44 ============= ======================= == 44 ============= ======================= ==========================
45 CVE-2017-5753 Bounds check bypass Sp 45 CVE-2017-5753 Bounds check bypass Spectre variant 1
46 CVE-2017-5715 Branch target injection Sp 46 CVE-2017-5715 Branch target injection Spectre variant 2
47 CVE-2019-1125 Spectre v1 swapgs Sp 47 CVE-2019-1125 Spectre v1 swapgs Spectre variant 1 (swapgs)
48 ============= ======================= == 48 ============= ======================= ==========================
49 49
50 Problem 50 Problem
51 ------- 51 -------
52 52
53 CPUs use speculative operations to improve per 53 CPUs use speculative operations to improve performance. That may leave
54 traces of memory accesses or computations in t 54 traces of memory accesses or computations in the processor's caches,
55 buffers, and branch predictors. Malicious soft 55 buffers, and branch predictors. Malicious software may be able to
56 influence the speculative execution paths, and 56 influence the speculative execution paths, and then use the side effects
57 of the speculative execution in the CPUs' cach 57 of the speculative execution in the CPUs' caches and buffers to infer
58 privileged data touched during the speculative 58 privileged data touched during the speculative execution.
59 59
60 Spectre variant 1 attacks take advantage of sp 60 Spectre variant 1 attacks take advantage of speculative execution of
61 conditional branches, while Spectre variant 2 61 conditional branches, while Spectre variant 2 attacks use speculative
62 execution of indirect branches to leak privile 62 execution of indirect branches to leak privileged memory.
63 See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref !! 63 See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[7] <spec_ref7>`
64 :ref:`[7] <spec_ref7>` :ref:`[10] <spec_ref10> !! 64 :ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.
65 65
66 Spectre variant 1 (Bounds Check Bypass) 66 Spectre variant 1 (Bounds Check Bypass)
67 --------------------------------------- 67 ---------------------------------------
68 68
69 The bounds check bypass attack :ref:`[2] <spec 69 The bounds check bypass attack :ref:`[2] <spec_ref2>` takes advantage
70 of speculative execution that bypasses conditi 70 of speculative execution that bypasses conditional branch instructions
71 used for memory access bounds check (e.g. chec 71 used for memory access bounds check (e.g. checking if the index of an
72 array results in memory access within a valid 72 array results in memory access within a valid range). This results in
73 memory accesses to invalid memory (with out-of 73 memory accesses to invalid memory (with out-of-bound index) that are
74 done speculatively before validation checks re 74 done speculatively before validation checks resolve. Such speculative
75 memory accesses can leave side effects, creati 75 memory accesses can leave side effects, creating side channels which
76 leak information to the attacker. 76 leak information to the attacker.
77 77
78 There are some extensions of Spectre variant 1 78 There are some extensions of Spectre variant 1 attacks for reading data
79 over the network, see :ref:`[12] <spec_ref12>` 79 over the network, see :ref:`[12] <spec_ref12>`. However such attacks
80 are difficult, low bandwidth, fragile, and are 80 are difficult, low bandwidth, fragile, and are considered low risk.
81 81
82 Note that, despite "Bounds Check Bypass" name, 82 Note that, despite "Bounds Check Bypass" name, Spectre variant 1 is not
83 only about user-controlled array bounds checks 83 only about user-controlled array bounds checks. It can affect any
84 conditional checks. The kernel entry code int 84 conditional checks. The kernel entry code interrupt, exception, and NMI
85 handlers all have conditional swapgs checks. 85 handlers all have conditional swapgs checks. Those may be problematic
86 in the context of Spectre v1, as kernel code c 86 in the context of Spectre v1, as kernel code can speculatively run with
87 a user GS. 87 a user GS.
88 88
89 Spectre variant 2 (Branch Target Injection) 89 Spectre variant 2 (Branch Target Injection)
90 ------------------------------------------- 90 -------------------------------------------
91 91
92 The branch target injection attack takes advan 92 The branch target injection attack takes advantage of speculative
93 execution of indirect branches :ref:`[3] <spec 93 execution of indirect branches :ref:`[3] <spec_ref3>`. The indirect
94 branch predictors inside the processor used to 94 branch predictors inside the processor used to guess the target of
95 indirect branches can be influenced by an atta 95 indirect branches can be influenced by an attacker, causing gadget code
96 to be speculatively executed, thus exposing se 96 to be speculatively executed, thus exposing sensitive data touched by
97 the victim. The side effects left in the CPU's 97 the victim. The side effects left in the CPU's caches during speculative
98 execution can be measured to infer data values 98 execution can be measured to infer data values.
99 99
100 .. _poison_btb: 100 .. _poison_btb:
101 101
102 In Spectre variant 2 attacks, the attacker can 102 In Spectre variant 2 attacks, the attacker can steer speculative indirect
103 branches in the victim to gadget code by poiso 103 branches in the victim to gadget code by poisoning the branch target
104 buffer of a CPU used for predicting indirect b 104 buffer of a CPU used for predicting indirect branch addresses. Such
105 poisoning could be done by indirect branching 105 poisoning could be done by indirect branching into existing code,
106 with the address offset of the indirect branch 106 with the address offset of the indirect branch under the attacker's
107 control. Since the branch prediction on impact 107 control. Since the branch prediction on impacted hardware does not
108 fully disambiguate branch address and uses the 108 fully disambiguate branch address and uses the offset for prediction,
109 this could cause privileged code's indirect br 109 this could cause privileged code's indirect branch to jump to a gadget
110 code with the same offset. 110 code with the same offset.
111 111
112 The most useful gadgets take an attacker-contr 112 The most useful gadgets take an attacker-controlled input parameter (such
113 as a register value) so that the memory read c 113 as a register value) so that the memory read can be controlled. Gadgets
114 without input parameters might be possible, bu 114 without input parameters might be possible, but the attacker would have
115 very little control over what memory can be re 115 very little control over what memory can be read, reducing the risk of
116 the attack revealing useful data. 116 the attack revealing useful data.
117 117
118 One other variant 2 attack vector is for the a 118 One other variant 2 attack vector is for the attacker to poison the
119 return stack buffer (RSB) :ref:`[13] <spec_ref 119 return stack buffer (RSB) :ref:`[13] <spec_ref13>` to cause speculative
120 subroutine return instruction execution to go 120 subroutine return instruction execution to go to a gadget. An attacker's
121 imbalanced subroutine call instructions might 121 imbalanced subroutine call instructions might "poison" entries in the
122 return stack buffer which are later consumed b 122 return stack buffer which are later consumed by a victim's subroutine
123 return instructions. This attack can be mitig 123 return instructions. This attack can be mitigated by flushing the return
124 stack buffer on context switch, or virtual mac 124 stack buffer on context switch, or virtual machine (VM) exit.
125 125
126 On systems with simultaneous multi-threading ( 126 On systems with simultaneous multi-threading (SMT), attacks are possible
127 from the sibling thread, as level 1 cache and 127 from the sibling thread, as level 1 cache and branch target buffer
128 (BTB) may be shared between hardware threads i 128 (BTB) may be shared between hardware threads in a CPU core. A malicious
129 program running on the sibling thread may infl 129 program running on the sibling thread may influence its peer's BTB to
130 steer its indirect branch speculations to gadg 130 steer its indirect branch speculations to gadget code, and measure the
131 speculative execution's side effects left in l 131 speculative execution's side effects left in level 1 cache to infer the
132 victim's data. 132 victim's data.
133 133
134 Yet another variant 2 attack vector is for the <<
135 Branch History Buffer (BHB) to speculatively s <<
136 to a specific Branch Target Buffer (BTB) entry <<
137 associated with the source address of the indi <<
138 the BHB might be shared across privilege level <<
139 Enhanced IBRS. <<
140 <<
141 Previously the only known real-world BHB attac <<
142 eBPF. Further research has found attacks that <<
143 For a full mitigation against BHB attacks it i <<
144 use the BHB clearing sequence. <<
145 <<
146 Attack scenarios 134 Attack scenarios
147 ---------------- 135 ----------------
148 136
149 The following list of attack scenarios have be 137 The following list of attack scenarios have been anticipated, but may
150 not cover all possible attack vectors. 138 not cover all possible attack vectors.
151 139
152 1. A user process attacking the kernel 140 1. A user process attacking the kernel
153 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 141 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
154 142
155 Spectre variant 1 143 Spectre variant 1
156 ~~~~~~~~~~~~~~~~~ 144 ~~~~~~~~~~~~~~~~~
157 145
158 The attacker passes a parameter to the kern 146 The attacker passes a parameter to the kernel via a register or
159 via a known address in memory during a sysc 147 via a known address in memory during a syscall. Such parameter may
160 be used later by the kernel as an index to 148 be used later by the kernel as an index to an array or to derive
161 a pointer for a Spectre variant 1 attack. 149 a pointer for a Spectre variant 1 attack. The index or pointer
162 is invalid, but bound checks are bypassed i 150 is invalid, but bound checks are bypassed in the code branch taken
163 for speculative execution. This could cause 151 for speculative execution. This could cause privileged memory to be
164 accessed and leaked. 152 accessed and leaked.
165 153
166 For kernel code that has been identified wh 154 For kernel code that has been identified where data pointers could
167 potentially be influenced for Spectre attac 155 potentially be influenced for Spectre attacks, new "nospec" accessor
168 macros are used to prevent speculative load 156 macros are used to prevent speculative loading of data.
169 157
170 Spectre variant 1 (swapgs) 158 Spectre variant 1 (swapgs)
171 ~~~~~~~~~~~~~~~~~~~~~~~~~~ 159 ~~~~~~~~~~~~~~~~~~~~~~~~~~
172 160
173 An attacker can train the branch predictor 161 An attacker can train the branch predictor to speculatively skip the
174 swapgs path for an interrupt or exception. 162 swapgs path for an interrupt or exception. If they initialize
175 the GS register to a user-space value, if t 163 the GS register to a user-space value, if the swapgs is speculatively
176 skipped, subsequent GS-related percpu acces 164 skipped, subsequent GS-related percpu accesses in the speculation
177 window will be done with the attacker-contr 165 window will be done with the attacker-controlled GS value. This
178 could cause privileged memory to be accesse 166 could cause privileged memory to be accessed and leaked.
179 167
180 For example: 168 For example:
181 169
182 :: 170 ::
183 171
184 if (coming from user space) 172 if (coming from user space)
185 swapgs 173 swapgs
186 mov %gs:<percpu_offset>, %reg 174 mov %gs:<percpu_offset>, %reg
187 mov (%reg), %reg1 175 mov (%reg), %reg1
188 176
189 When coming from user space, the CPU can sp 177 When coming from user space, the CPU can speculatively skip the
190 swapgs, and then do a speculative percpu lo 178 swapgs, and then do a speculative percpu load using the user GS
191 value. So the user can speculatively force 179 value. So the user can speculatively force a read of any kernel
192 value. If a gadget exists which uses the p 180 value. If a gadget exists which uses the percpu value as an address
193 in another load/store, then the contents of 181 in another load/store, then the contents of the kernel value may
194 become visible via an L1 side channel attac 182 become visible via an L1 side channel attack.
195 183
196 A similar attack exists when coming from ke 184 A similar attack exists when coming from kernel space. The CPU can
197 speculatively do the swapgs, causing the us 185 speculatively do the swapgs, causing the user GS to get used for the
198 rest of the speculative window. 186 rest of the speculative window.
199 187
200 Spectre variant 2 188 Spectre variant 2
201 ~~~~~~~~~~~~~~~~~ 189 ~~~~~~~~~~~~~~~~~
202 190
203 A spectre variant 2 attacker can :ref:`pois 191 A spectre variant 2 attacker can :ref:`poison <poison_btb>` the branch
204 target buffer (BTB) before issuing syscall 192 target buffer (BTB) before issuing syscall to launch an attack.
205 After entering the kernel, the kernel could 193 After entering the kernel, the kernel could use the poisoned branch
206 target buffer on indirect jump and jump to 194 target buffer on indirect jump and jump to gadget code in speculative
207 execution. 195 execution.
208 196
209 If an attacker tries to control the memory 197 If an attacker tries to control the memory addresses leaked during
210 speculative execution, he would also need t 198 speculative execution, he would also need to pass a parameter to the
211 gadget, either through a register or a know 199 gadget, either through a register or a known address in memory. After
212 the gadget has executed, he can measure the 200 the gadget has executed, he can measure the side effect.
213 201
214 The kernel can protect itself against consu 202 The kernel can protect itself against consuming poisoned branch
215 target buffer entries by using return tramp 203 target buffer entries by using return trampolines (also known as
216 "retpoline") :ref:`[3] <spec_ref3>` :ref:`[ 204 "retpoline") :ref:`[3] <spec_ref3>` :ref:`[9] <spec_ref9>` for all
217 indirect branches. Return trampolines trap 205 indirect branches. Return trampolines trap speculative execution paths
218 to prevent jumping to gadget code during sp 206 to prevent jumping to gadget code during speculative execution.
219 x86 CPUs with Enhanced Indirect Branch Rest 207 x86 CPUs with Enhanced Indirect Branch Restricted Speculation
220 (Enhanced IBRS) available in hardware shoul 208 (Enhanced IBRS) available in hardware should use the feature to
221 mitigate Spectre variant 2 instead of retpo 209 mitigate Spectre variant 2 instead of retpoline. Enhanced IBRS is
222 more efficient than retpoline. 210 more efficient than retpoline.
223 211
224 There may be gadget code in firmware which 212 There may be gadget code in firmware which could be exploited with
225 Spectre variant 2 attack by a rogue user pr 213 Spectre variant 2 attack by a rogue user process. To mitigate such
226 attacks on x86, Indirect Branch Restricted 214 attacks on x86, Indirect Branch Restricted Speculation (IBRS) feature
227 is turned on before the kernel invokes any 215 is turned on before the kernel invokes any firmware code.
228 216
229 2. A user process attacking another user proce 217 2. A user process attacking another user process
230 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 218 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
231 219
232 A malicious user process can try to attack 220 A malicious user process can try to attack another user process,
233 either via a context switch on the same har 221 either via a context switch on the same hardware thread, or from the
234 sibling hyperthread sharing a physical proc 222 sibling hyperthread sharing a physical processor core on simultaneous
235 multi-threading (SMT) system. 223 multi-threading (SMT) system.
236 224
237 Spectre variant 1 attacks generally require 225 Spectre variant 1 attacks generally require passing parameters
238 between the processes, which needs a data p 226 between the processes, which needs a data passing relationship, such
239 as remote procedure calls (RPC). Those par 227 as remote procedure calls (RPC). Those parameters are used in gadget
240 code to derive invalid data pointers access 228 code to derive invalid data pointers accessing privileged memory in
241 the attacked process. 229 the attacked process.
242 230
243 Spectre variant 2 attacks can be launched f 231 Spectre variant 2 attacks can be launched from a rogue process by
244 :ref:`poisoning <poison_btb>` the branch ta 232 :ref:`poisoning <poison_btb>` the branch target buffer. This can
245 influence the indirect branch targets for a 233 influence the indirect branch targets for a victim process that either
246 runs later on the same hardware thread, or 234 runs later on the same hardware thread, or running concurrently on
247 a sibling hardware thread sharing the same 235 a sibling hardware thread sharing the same physical core.
248 236
249 A user process can protect itself against S 237 A user process can protect itself against Spectre variant 2 attacks
250 by using the prctl() syscall to disable ind 238 by using the prctl() syscall to disable indirect branch speculation
251 for itself. An administrator can also cord 239 for itself. An administrator can also cordon off an unsafe process
252 from polluting the branch target buffer by 240 from polluting the branch target buffer by disabling the process's
253 indirect branch speculation. This comes wit 241 indirect branch speculation. This comes with a performance cost
254 from not using indirect branch speculation 242 from not using indirect branch speculation and clearing the branch
255 target buffer. When SMT is enabled on x86, 243 target buffer. When SMT is enabled on x86, for a process that has
256 indirect branch speculation disabled, Singl 244 indirect branch speculation disabled, Single Threaded Indirect Branch
257 Predictors (STIBP) :ref:`[4] <spec_ref4>` a 245 Predictors (STIBP) :ref:`[4] <spec_ref4>` are turned on to prevent the
258 sibling thread from controlling branch targ 246 sibling thread from controlling branch target buffer. In addition,
259 the Indirect Branch Prediction Barrier (IBP 247 the Indirect Branch Prediction Barrier (IBPB) is issued to clear the
260 branch target buffer when context switching 248 branch target buffer when context switching to and from such process.
261 249
262 On x86, the return stack buffer is stuffed 250 On x86, the return stack buffer is stuffed on context switch.
263 This prevents the branch target buffer from 251 This prevents the branch target buffer from being used for branch
264 prediction when the return stack buffer und 252 prediction when the return stack buffer underflows while switching to
265 a deeper call stack. Any poisoned entries i 253 a deeper call stack. Any poisoned entries in the return stack buffer
266 left by the previous process will also be c 254 left by the previous process will also be cleared.
267 255
268 User programs should use address space rand 256 User programs should use address space randomization to make attacks
269 more difficult (Set /proc/sys/kernel/random 257 more difficult (Set /proc/sys/kernel/randomize_va_space = 1 or 2).
270 258
271 3. A virtualized guest attacking the host 259 3. A virtualized guest attacking the host
272 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 260 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
273 261
274 The attack mechanism is similar to how user 262 The attack mechanism is similar to how user processes attack the
275 kernel. The kernel is entered via hyper-ca 263 kernel. The kernel is entered via hyper-calls or other virtualization
276 exit paths. 264 exit paths.
277 265
278 For Spectre variant 1 attacks, rogue guests 266 For Spectre variant 1 attacks, rogue guests can pass parameters
279 (e.g. in registers) via hyper-calls to deri 267 (e.g. in registers) via hyper-calls to derive invalid pointers to
280 speculate into privileged memory after ente 268 speculate into privileged memory after entering the kernel. For places
281 where such kernel code has been identified, 269 where such kernel code has been identified, nospec accessor macros
282 are used to stop speculative memory access. 270 are used to stop speculative memory access.
283 271
284 For Spectre variant 2 attacks, rogue guests 272 For Spectre variant 2 attacks, rogue guests can :ref:`poison
285 <poison_btb>` the branch target buffer or r 273 <poison_btb>` the branch target buffer or return stack buffer, causing
286 the kernel to jump to gadget code in the sp 274 the kernel to jump to gadget code in the speculative execution paths.
287 275
288 To mitigate variant 2, the host kernel can 276 To mitigate variant 2, the host kernel can use return trampolines
289 for indirect branches to bypass the poisone 277 for indirect branches to bypass the poisoned branch target buffer,
290 and flushing the return stack buffer on VM 278 and flushing the return stack buffer on VM exit. This prevents rogue
291 guests from affecting indirect branching in 279 guests from affecting indirect branching in the host kernel.
292 280
293 To protect host processes from rogue guests 281 To protect host processes from rogue guests, host processes can have
294 indirect branch speculation disabled via pr 282 indirect branch speculation disabled via prctl(). The branch target
295 buffer is cleared before context switching 283 buffer is cleared before context switching to such processes.
296 284
297 4. A virtualized guest attacking other guest 285 4. A virtualized guest attacking other guest
298 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 286 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
299 287
300 A rogue guest may attack another guest to g 288 A rogue guest may attack another guest to get data accessible by the
301 other guest. 289 other guest.
302 290
303 Spectre variant 1 attacks are possible if p 291 Spectre variant 1 attacks are possible if parameters can be passed
304 between guests. This may be done via mecha 292 between guests. This may be done via mechanisms such as shared memory
305 or message passing. Such parameters could 293 or message passing. Such parameters could be used to derive data
306 pointers to privileged data in guest. The 294 pointers to privileged data in guest. The privileged data could be
307 accessed by gadget code in the victim's spe 295 accessed by gadget code in the victim's speculation paths.
308 296
309 Spectre variant 2 attacks can be launched f 297 Spectre variant 2 attacks can be launched from a rogue guest by
310 :ref:`poisoning <poison_btb>` the branch ta 298 :ref:`poisoning <poison_btb>` the branch target buffer or the return
311 stack buffer. Such poisoned entries could b 299 stack buffer. Such poisoned entries could be used to influence
312 speculation execution paths in the victim g 300 speculation execution paths in the victim guest.
313 301
314 Linux kernel mitigates attacks to other gue 302 Linux kernel mitigates attacks to other guests running in the same
315 CPU hardware thread by flushing the return 303 CPU hardware thread by flushing the return stack buffer on VM exit,
316 and clearing the branch target buffer befor 304 and clearing the branch target buffer before switching to a new guest.
317 305
318 If SMT is used, Spectre variant 2 attacks f 306 If SMT is used, Spectre variant 2 attacks from an untrusted guest
319 in the sibling hyperthread can be mitigated 307 in the sibling hyperthread can be mitigated by the administrator,
320 by turning off the unsafe guest's indirect 308 by turning off the unsafe guest's indirect branch speculation via
321 prctl(). A guest can also protect itself b 309 prctl(). A guest can also protect itself by turning on microcode
322 based mitigations (such as IBPB or STIBP on 310 based mitigations (such as IBPB or STIBP on x86) within the guest.
323 311
324 .. _spectre_sys_info: 312 .. _spectre_sys_info:
325 313
326 Spectre system information 314 Spectre system information
327 -------------------------- 315 --------------------------
328 316
329 The Linux kernel provides a sysfs interface to 317 The Linux kernel provides a sysfs interface to enumerate the current
330 mitigation status of the system for Spectre: w 318 mitigation status of the system for Spectre: whether the system is
331 vulnerable, and which mitigations are active. 319 vulnerable, and which mitigations are active.
332 320
333 The sysfs file showing Spectre variant 1 mitig 321 The sysfs file showing Spectre variant 1 mitigation status is:
334 322
335 /sys/devices/system/cpu/vulnerabilities/spe 323 /sys/devices/system/cpu/vulnerabilities/spectre_v1
336 324
337 The possible values in this file are: 325 The possible values in this file are:
338 326
339 .. list-table:: 327 .. list-table::
340 328
341 * - 'Not affected' 329 * - 'Not affected'
342 - The processor is not vulnerable. 330 - The processor is not vulnerable.
343 * - 'Vulnerable: __user pointer sanitizat 331 * - 'Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers'
344 - The swapgs protections are disabled; 332 - The swapgs protections are disabled; otherwise it has
345 protection in the kernel on a case by 333 protection in the kernel on a case by case base with explicit
346 pointer sanitation and usercopy LFENC 334 pointer sanitation and usercopy LFENCE barriers.
347 * - 'Mitigation: usercopy/swapgs barriers 335 * - 'Mitigation: usercopy/swapgs barriers and __user pointer sanitization'
348 - Protection in the kernel on a case by 336 - Protection in the kernel on a case by case base with explicit
349 pointer sanitation, usercopy LFENCE b 337 pointer sanitation, usercopy LFENCE barriers, and swapgs LFENCE
350 barriers. 338 barriers.
351 339
352 However, the protections are put in place on a 340 However, the protections are put in place on a case by case basis,
353 and there is no guarantee that all possible at 341 and there is no guarantee that all possible attack vectors for Spectre
354 variant 1 are covered. 342 variant 1 are covered.
355 343
356 The spectre_v2 kernel file reports if the kern 344 The spectre_v2 kernel file reports if the kernel has been compiled with
357 retpoline mitigation or if the CPU has hardwar 345 retpoline mitigation or if the CPU has hardware mitigation, and if the
358 CPU has support for additional process-specifi 346 CPU has support for additional process-specific mitigation.
359 347
360 This file also reports CPU features enabled by 348 This file also reports CPU features enabled by microcode to mitigate
361 attack between user processes: 349 attack between user processes:
362 350
363 1. Indirect Branch Prediction Barrier (IBPB) t 351 1. Indirect Branch Prediction Barrier (IBPB) to add additional
364 isolation between processes of different us 352 isolation between processes of different users.
365 2. Single Thread Indirect Branch Predictors (S 353 2. Single Thread Indirect Branch Predictors (STIBP) to add additional
366 isolation between CPU threads running on th 354 isolation between CPU threads running on the same core.
367 355
368 These CPU features may impact performance when 356 These CPU features may impact performance when used and can be enabled
369 per process on a case-by-case base. 357 per process on a case-by-case base.
370 358
371 The sysfs file showing Spectre variant 2 mitig 359 The sysfs file showing Spectre variant 2 mitigation status is:
372 360
373 /sys/devices/system/cpu/vulnerabilities/spe 361 /sys/devices/system/cpu/vulnerabilities/spectre_v2
374 362
375 The possible values in this file are: 363 The possible values in this file are:
376 364
377 - Kernel status: 365 - Kernel status:
378 366
379 ======================================== == !! 367 ==================================== =================================
380 'Not affected' Th !! 368 'Not affected' The processor is not vulnerable
381 'Mitigation: None' Vu !! 369 'Vulnerable' Vulnerable, no mitigation
382 'Mitigation: Retpolines' Us !! 370 'Mitigation: Full generic retpoline' Software-focused mitigation
383 'Mitigation: LFENCE' Us !! 371 'Mitigation: Full AMD retpoline' AMD-specific software mitigation
384 'Mitigation: Enhanced IBRS' Ha !! 372 'Mitigation: Enhanced IBRS' Hardware-focused mitigation
385 'Mitigation: Enhanced IBRS + Retpolines' Ha !! 373 ==================================== =================================
386 'Mitigation: Enhanced IBRS + LFENCE' Ha <<
387 ======================================== == <<
388 374
389 - Firmware status: Show if Indirect Branch R 375 - Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is
390 used to protect against Spectre variant 2 376 used to protect against Spectre variant 2 attacks when calling firmware (x86 only).
391 377
392 ========== ================================= 378 ========== =============================================================
393 'IBRS_FW' Protection against user program a 379 'IBRS_FW' Protection against user program attacks when calling firmware
394 ========== ================================= 380 ========== =============================================================
395 381
396 - Indirect branch prediction barrier (IBPB) 382 - Indirect branch prediction barrier (IBPB) status for protection between
397 processes of different users. This feature 383 processes of different users. This feature can be controlled through
398 prctl() per process, or through kernel com 384 prctl() per process, or through kernel command line options. This is
399 an x86 only feature. For more details see 385 an x86 only feature. For more details see below.
400 386
401 =================== ====================== 387 =================== ========================================================
402 'IBPB: disabled' IBPB unused 388 'IBPB: disabled' IBPB unused
403 'IBPB: always-on' Use IBPB on all tasks 389 'IBPB: always-on' Use IBPB on all tasks
404 'IBPB: conditional' Use IBPB on SECCOMP or 390 'IBPB: conditional' Use IBPB on SECCOMP or indirect branch restricted tasks
405 =================== ====================== 391 =================== ========================================================
406 392
407 - Single threaded indirect branch prediction 393 - Single threaded indirect branch prediction (STIBP) status for protection
408 between different hyper threads. This feat 394 between different hyper threads. This feature can be controlled through
409 prctl per process, or through kernel comma 395 prctl per process, or through kernel command line options. This is x86
410 only feature. For more details see below. 396 only feature. For more details see below.
411 397
412 ==================== ====================== 398 ==================== ========================================================
413 'STIBP: disabled' STIBP unused 399 'STIBP: disabled' STIBP unused
414 'STIBP: forced' Use STIBP on all tasks 400 'STIBP: forced' Use STIBP on all tasks
415 'STIBP: conditional' Use STIBP on SECCOMP o 401 'STIBP: conditional' Use STIBP on SECCOMP or indirect branch restricted tasks
416 ==================== ====================== 402 ==================== ========================================================
417 403
418 - Return stack buffer (RSB) protection statu 404 - Return stack buffer (RSB) protection status:
419 405
420 ============= ============================ 406 ============= ===========================================
421 'RSB filling' Protection of RSB on context 407 'RSB filling' Protection of RSB on context switch enabled
422 ============= ============================ 408 ============= ===========================================
423 409
424 - EIBRS Post-barrier Return Stack Buffer (PB <<
425 <<
426 =========================== =============== <<
427 'PBRSB-eIBRS: SW sequence' CPU is affected <<
428 'PBRSB-eIBRS: Vulnerable' CPU is vulnerab <<
429 'PBRSB-eIBRS: Not affected' CPU is not affe <<
430 =========================== =============== <<
431 <<
432 - Branch History Injection (BHI) protection <<
433 <<
434 .. list-table:: <<
435 <<
436 * - BHI: Not affected <<
437 - System is not affected <<
438 * - BHI: Retpoline <<
439 - System is protected by retpoline <<
440 * - BHI: BHI_DIS_S <<
441 - System is protected by BHI_DIS_S <<
442 * - BHI: SW loop, KVM SW loop <<
443 - System is protected by software clearing <<
444 * - BHI: Vulnerable <<
445 - System is vulnerable to BHI <<
446 * - BHI: Vulnerable, KVM: SW loop <<
447 - System is vulnerable; KVM is protected by <<
448 <<
449 Full mitigation might require a microcode upda 410 Full mitigation might require a microcode update from the CPU
450 vendor. When the necessary microcode is not av 411 vendor. When the necessary microcode is not available, the kernel will
451 report vulnerability. 412 report vulnerability.
452 413
453 Turning on mitigation for Spectre variant 1 an 414 Turning on mitigation for Spectre variant 1 and Spectre variant 2
454 ---------------------------------------------- 415 -----------------------------------------------------------------
455 416
456 1. Kernel mitigation 417 1. Kernel mitigation
457 ^^^^^^^^^^^^^^^^^^^^ 418 ^^^^^^^^^^^^^^^^^^^^
458 419
459 Spectre variant 1 420 Spectre variant 1
460 ~~~~~~~~~~~~~~~~~ 421 ~~~~~~~~~~~~~~~~~
461 422
462 For the Spectre variant 1, vulnerable kerne 423 For the Spectre variant 1, vulnerable kernel code (as determined
463 by code audit or scanning tools) is annotat 424 by code audit or scanning tools) is annotated on a case by case
464 basis to use nospec accessor macros for bou 425 basis to use nospec accessor macros for bounds clipping :ref:`[2]
465 <spec_ref2>` to avoid any usable disclosure 426 <spec_ref2>` to avoid any usable disclosure gadgets. However, it may
466 not cover all attack vectors for Spectre va 427 not cover all attack vectors for Spectre variant 1.
467 428
468 Copy-from-user code has an LFENCE barrier t 429 Copy-from-user code has an LFENCE barrier to prevent the access_ok()
469 check from being mis-speculated. The barri 430 check from being mis-speculated. The barrier is done by the
470 barrier_nospec() macro. 431 barrier_nospec() macro.
471 432
472 For the swapgs variant of Spectre variant 1 433 For the swapgs variant of Spectre variant 1, LFENCE barriers are
473 added to interrupt, exception and NMI entry 434 added to interrupt, exception and NMI entry where needed. These
474 barriers are done by the FENCE_SWAPGS_KERNE 435 barriers are done by the FENCE_SWAPGS_KERNEL_ENTRY and
475 FENCE_SWAPGS_USER_ENTRY macros. 436 FENCE_SWAPGS_USER_ENTRY macros.
476 437
477 Spectre variant 2 438 Spectre variant 2
478 ~~~~~~~~~~~~~~~~~ 439 ~~~~~~~~~~~~~~~~~
479 440
480 For Spectre variant 2 mitigation, the compi 441 For Spectre variant 2 mitigation, the compiler turns indirect calls or
481 jumps in the kernel into equivalent return 442 jumps in the kernel into equivalent return trampolines (retpolines)
482 :ref:`[3] <spec_ref3>` :ref:`[9] <spec_ref9 443 :ref:`[3] <spec_ref3>` :ref:`[9] <spec_ref9>` to go to the target
483 addresses. Speculative execution paths und 444 addresses. Speculative execution paths under retpolines are trapped
484 in an infinite loop to prevent any speculat 445 in an infinite loop to prevent any speculative execution jumping to
485 a gadget. 446 a gadget.
486 447
487 To turn on retpoline mitigation on a vulner 448 To turn on retpoline mitigation on a vulnerable CPU, the kernel
488 needs to be compiled with a gcc compiler th 449 needs to be compiled with a gcc compiler that supports the
489 -mindirect-branch=thunk-extern -mindirect-b 450 -mindirect-branch=thunk-extern -mindirect-branch-register options.
490 If the kernel is compiled with a Clang comp 451 If the kernel is compiled with a Clang compiler, the compiler needs
491 to support -mretpoline-external-thunk optio 452 to support -mretpoline-external-thunk option. The kernel config
492 CONFIG_MITIGATION_RETPOLINE needs to be tur !! 453 CONFIG_RETPOLINE needs to be turned on, and the CPU needs to run with
493 to run with the latest updated microcode. !! 454 the latest updated microcode.
494 455
495 On Intel Skylake-era systems the mitigation 456 On Intel Skylake-era systems the mitigation covers most, but not all,
496 cases. See :ref:`[3] <spec_ref3>` for more 457 cases. See :ref:`[3] <spec_ref3>` for more details.
497 458
498 On CPUs with hardware mitigation for Spectr !! 459 On CPUs with hardware mitigation for Spectre variant 2 (e.g. Enhanced
499 or enhanced IBRS on x86), retpoline is auto !! 460 IBRS on x86), retpoline is automatically disabled at run time.
500 <<
501 Systems which support enhanced IBRS (eIBRS) <<
502 boot, by setting the IBRS bit, and they're <<
503 some Spectre v2 variant attacks. The BHB ca <<
504 indirect branch predictor entry, and althou <<
505 isolated between modes when eIBRS is enable <<
506 between modes. Systems which support BHI_DI <<
507 BHI attacks. <<
508 <<
509 On Intel's enhanced IBRS systems, this incl <<
510 injections on SMT systems (STIBP). In other <<
511 STIBP, too. <<
512 <<
513 AMD Automatic IBRS does not protect userspa <<
514 the IBRS bit on exit to userspace, therefor <<
515 461
516 The retpoline mitigation is turned on by de 462 The retpoline mitigation is turned on by default on vulnerable
517 CPUs. It can be forced on or off by the adm 463 CPUs. It can be forced on or off by the administrator
518 via the kernel command line and sysfs contr 464 via the kernel command line and sysfs control files. See
519 :ref:`spectre_mitigation_control_command_li 465 :ref:`spectre_mitigation_control_command_line`.
520 466
521 On x86, indirect branch restricted speculat 467 On x86, indirect branch restricted speculation is turned on by default
522 before invoking any firmware code to preven 468 before invoking any firmware code to prevent Spectre variant 2 exploits
523 using the firmware. 469 using the firmware.
524 470
525 Using kernel address space randomization (C !! 471 Using kernel address space randomization (CONFIG_RANDOMIZE_SLAB=y
526 and CONFIG_SLAB_FREELIST_RANDOM=y in the ke 472 and CONFIG_SLAB_FREELIST_RANDOM=y in the kernel configuration) makes
527 attacks on the kernel generally more diffic 473 attacks on the kernel generally more difficult.
528 474
529 2. User program mitigation 475 2. User program mitigation
530 ^^^^^^^^^^^^^^^^^^^^^^^^^^ 476 ^^^^^^^^^^^^^^^^^^^^^^^^^^
531 477
532 User programs can mitigate Spectre variant 478 User programs can mitigate Spectre variant 1 using LFENCE or "bounds
533 clipping". For more details see :ref:`[2] < 479 clipping". For more details see :ref:`[2] <spec_ref2>`.
534 480
535 For Spectre variant 2 mitigation, individua 481 For Spectre variant 2 mitigation, individual user programs
536 can be compiled with return trampolines for 482 can be compiled with return trampolines for indirect branches.
537 This protects them from consuming poisoned 483 This protects them from consuming poisoned entries in the branch
538 target buffer left by malicious software. !! 484 target buffer left by malicious software. Alternatively, the
539 !! 485 programs can disable their indirect branch speculation via prctl()
540 On legacy IBRS systems, at return to usersp !! 486 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
541 because the kernel clears the IBRS bit. In <<
542 can disable indirect branch speculation via <<
543 :ref:`Documentation/userspace-api/spec_ctrl <<
544 On x86, this will turn on STIBP to guard ag 487 On x86, this will turn on STIBP to guard against attacks from the
545 sibling thread when the user program is run 488 sibling thread when the user program is running, and use IBPB to
546 flush the branch target buffer when switchi 489 flush the branch target buffer when switching to/from the program.
547 490
548 Restricting indirect branch speculation on 491 Restricting indirect branch speculation on a user program will
549 also prevent the program from launching a v 492 also prevent the program from launching a variant 2 attack
550 on x86. Administrators can change that beh !! 493 on x86. All sand-boxed SECCOMP programs have indirect branch
551 command line and sysfs control files. !! 494 speculation restricted by default. Administrators can change
>> 495 that behavior via the kernel command line and sysfs control files.
552 See :ref:`spectre_mitigation_control_comman 496 See :ref:`spectre_mitigation_control_command_line`.
553 497
554 Programs that disable their indirect branch 498 Programs that disable their indirect branch speculation will have
555 more overhead and run slower. 499 more overhead and run slower.
556 500
557 User programs should use address space rand 501 User programs should use address space randomization
558 (/proc/sys/kernel/randomize_va_space = 1 or 502 (/proc/sys/kernel/randomize_va_space = 1 or 2) to make attacks more
559 difficult. 503 difficult.
560 504
561 3. VM mitigation 505 3. VM mitigation
562 ^^^^^^^^^^^^^^^^ 506 ^^^^^^^^^^^^^^^^
563 507
564 Within the kernel, Spectre variant 1 attack 508 Within the kernel, Spectre variant 1 attacks from rogue guests are
565 mitigated on a case by case basis in VM exi 509 mitigated on a case by case basis in VM exit paths. Vulnerable code
566 uses nospec accessor macros for "bounds cli 510 uses nospec accessor macros for "bounds clipping", to avoid any
567 usable disclosure gadgets. However, this m 511 usable disclosure gadgets. However, this may not cover all variant
568 1 attack vectors. 512 1 attack vectors.
569 513
570 For Spectre variant 2 attacks from rogue gu 514 For Spectre variant 2 attacks from rogue guests to the kernel, the
571 Linux kernel uses retpoline or Enhanced IBR 515 Linux kernel uses retpoline or Enhanced IBRS to prevent consumption of
572 poisoned entries in branch target buffer le 516 poisoned entries in branch target buffer left by rogue guests. It also
573 flushes the return stack buffer on every VM 517 flushes the return stack buffer on every VM exit to prevent a return
574 stack buffer underflow so poisoned branch t 518 stack buffer underflow so poisoned branch target buffer could be used,
575 or attacker guests leaving poisoned entries 519 or attacker guests leaving poisoned entries in the return stack buffer.
576 520
577 To mitigate guest-to-guest attacks in the s 521 To mitigate guest-to-guest attacks in the same CPU hardware thread,
578 the branch target buffer is sanitized by fl 522 the branch target buffer is sanitized by flushing before switching
579 to a new guest on a CPU. 523 to a new guest on a CPU.
580 524
581 The above mitigations are turned on by defa 525 The above mitigations are turned on by default on vulnerable CPUs.
582 526
583 To mitigate guest-to-guest attacks from sib 527 To mitigate guest-to-guest attacks from sibling thread when SMT is
584 in use, an untrusted guest running in the s 528 in use, an untrusted guest running in the sibling thread can have
585 its indirect branch speculation disabled by 529 its indirect branch speculation disabled by administrator via prctl().
586 530
587 The kernel also allows guests to use any mi 531 The kernel also allows guests to use any microcode based mitigation
588 they choose to use (such as IBPB or STIBP o 532 they choose to use (such as IBPB or STIBP on x86) to protect themselves.
589 533
590 .. _spectre_mitigation_control_command_line: 534 .. _spectre_mitigation_control_command_line:
591 535
592 Mitigation control on the kernel command line 536 Mitigation control on the kernel command line
593 --------------------------------------------- 537 ---------------------------------------------
594 538
595 In general the kernel selects reasonable defau !! 539 Spectre variant 2 mitigation can be disabled or force enabled at the
596 current CPU. !! 540 kernel command line.
597 <<
598 Spectre default mitigations can be disabled or <<
599 command line with the following options: <<
600 541
601 - nospectre_v1 !! 542 nospectre_v1
602 - nospectre_v2 <<
603 - spectre_v2={option} <<
604 - spectre_v2_user={option} <<
605 - spectre_bhi={option} <<
606 543
607 For more details on the available options, ref !! 544 [X86,PPC] Disable mitigations for Spectre Variant 1
>> 545 (bounds check bypass). With this option data leaks are
>> 546 possible in the system.
>> 547
>> 548 nospectre_v2
>> 549
>> 550 [X86] Disable all mitigations for the Spectre variant 2
>> 551 (indirect branch prediction) vulnerability. System may
>> 552 allow data leaks with this option, which is equivalent
>> 553 to spectre_v2=off.
>> 554
>> 555
>> 556 spectre_v2=
>> 557
>> 558 [X86] Control mitigation of Spectre variant 2
>> 559 (indirect branch speculation) vulnerability.
>> 560 The default operation protects the kernel from
>> 561 user space attacks.
>> 562
>> 563 on
>> 564 unconditionally enable, implies
>> 565 spectre_v2_user=on
>> 566 off
>> 567 unconditionally disable, implies
>> 568 spectre_v2_user=off
>> 569 auto
>> 570 kernel detects whether your CPU model is
>> 571 vulnerable
>> 572
>> 573 Selecting 'on' will, and 'auto' may, choose a
>> 574 mitigation method at run time according to the
>> 575 CPU, the available microcode, the setting of the
>> 576 CONFIG_RETPOLINE configuration option, and the
>> 577 compiler with which the kernel was built.
>> 578
>> 579 Selecting 'on' will also enable the mitigation
>> 580 against user space to user space task attacks.
>> 581
>> 582 Selecting 'off' will disable both the kernel and
>> 583 the user space protections.
>> 584
>> 585 Specific mitigations can also be selected manually:
>> 586
>> 587 retpoline
>> 588 replace indirect branches
>> 589 retpoline,generic
>> 590 google's original retpoline
>> 591 retpoline,amd
>> 592 AMD-specific minimal thunk
>> 593
>> 594 Not specifying this option is equivalent to
>> 595 spectre_v2=auto.
>> 596
>> 597 For user space mitigation:
>> 598
>> 599 spectre_v2_user=
>> 600
>> 601 [X86] Control mitigation of Spectre variant 2
>> 602 (indirect branch speculation) vulnerability between
>> 603 user space tasks
>> 604
>> 605 on
>> 606 Unconditionally enable mitigations. Is
>> 607 enforced by spectre_v2=on
>> 608
>> 609 off
>> 610 Unconditionally disable mitigations. Is
>> 611 enforced by spectre_v2=off
>> 612
>> 613 prctl
>> 614 Indirect branch speculation is enabled,
>> 615 but mitigation can be enabled via prctl
>> 616 per thread. The mitigation control state
>> 617 is inherited on fork.
>> 618
>> 619 prctl,ibpb
>> 620 Like "prctl" above, but only STIBP is
>> 621 controlled per thread. IBPB is issued
>> 622 always when switching between different user
>> 623 space processes.
>> 624
>> 625 seccomp
>> 626 Same as "prctl" above, but all seccomp
>> 627 threads will enable the mitigation unless
>> 628 they explicitly opt out.
>> 629
>> 630 seccomp,ibpb
>> 631 Like "seccomp" above, but only STIBP is
>> 632 controlled per thread. IBPB is issued
>> 633 always when switching between different
>> 634 user space processes.
>> 635
>> 636 auto
>> 637 Kernel selects the mitigation depending on
>> 638 the available CPU features and vulnerability.
>> 639
>> 640 Default mitigation:
>> 641 If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl"
>> 642
>> 643 Not specifying this option is equivalent to
>> 644 spectre_v2_user=auto.
>> 645
>> 646 In general the kernel by default selects
>> 647 reasonable mitigations for the current CPU. To
>> 648 disable Spectre variant 2 mitigations, boot with
>> 649 spectre_v2=off. Spectre variant 1 mitigations
>> 650 cannot be disabled.
608 651
609 Mitigation selection guide 652 Mitigation selection guide
610 -------------------------- 653 --------------------------
611 654
612 1. Trusted userspace 655 1. Trusted userspace
613 ^^^^^^^^^^^^^^^^^^^^ 656 ^^^^^^^^^^^^^^^^^^^^
614 657
615 If all userspace applications are from trus 658 If all userspace applications are from trusted sources and do not
616 execute externally supplied untrusted code, 659 execute externally supplied untrusted code, then the mitigations can
617 be disabled. 660 be disabled.
618 661
619 2. Protect sensitive programs 662 2. Protect sensitive programs
620 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 663 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
621 664
622 For security-sensitive programs that have s 665 For security-sensitive programs that have secrets (e.g. crypto
623 keys), protection against Spectre variant 2 666 keys), protection against Spectre variant 2 can be put in place by
624 disabling indirect branch speculation when 667 disabling indirect branch speculation when the program is running
625 (See :ref:`Documentation/userspace-api/spec 668 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
626 669
627 3. Sandbox untrusted programs 670 3. Sandbox untrusted programs
628 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 671 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
629 672
630 Untrusted programs that could be a source o 673 Untrusted programs that could be a source of attacks can be cordoned
631 off by disabling their indirect branch spec 674 off by disabling their indirect branch speculation when they are run
632 (See :ref:`Documentation/userspace-api/spec 675 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
633 This prevents untrusted programs from pollu 676 This prevents untrusted programs from polluting the branch target
634 buffer. This behavior can be changed via t !! 677 buffer. All programs running in SECCOMP sandboxes have indirect
635 and sysfs control files. See !! 678 branch speculation restricted by default. This behavior can be
>> 679 changed via the kernel command line and sysfs control files. See
636 :ref:`spectre_mitigation_control_command_li 680 :ref:`spectre_mitigation_control_command_line`.
637 681
638 3. High security mode 682 3. High security mode
639 ^^^^^^^^^^^^^^^^^^^^^ 683 ^^^^^^^^^^^^^^^^^^^^^
640 684
641 All Spectre variant 2 mitigations can be fo 685 All Spectre variant 2 mitigations can be forced on
642 at boot time for all programs (See the "on" 686 at boot time for all programs (See the "on" option in
643 :ref:`spectre_mitigation_control_command_li 687 :ref:`spectre_mitigation_control_command_line`). This will add
644 overhead as indirect branch speculations fo 688 overhead as indirect branch speculations for all programs will be
645 restricted. 689 restricted.
646 690
647 On x86, branch target buffer will be flushe 691 On x86, branch target buffer will be flushed with IBPB when switching
648 to a new program. STIBP is left on all the 692 to a new program. STIBP is left on all the time to protect programs
649 against variant 2 attacks originating from 693 against variant 2 attacks originating from programs running on
650 sibling threads. 694 sibling threads.
651 695
652 Alternatively, STIBP can be used only when 696 Alternatively, STIBP can be used only when running programs
653 whose indirect branch speculation is explic 697 whose indirect branch speculation is explicitly disabled,
654 while IBPB is still used all the time when 698 while IBPB is still used all the time when switching to a new
655 program to clear the branch target buffer ( 699 program to clear the branch target buffer (See "ibpb" option in
656 :ref:`spectre_mitigation_control_command_li 700 :ref:`spectre_mitigation_control_command_line`). This "ibpb" option
657 has less performance cost than the "on" opt 701 has less performance cost than the "on" option, which leaves STIBP
658 on all the time. 702 on all the time.
659 703
660 References on Spectre 704 References on Spectre
661 --------------------- 705 ---------------------
662 706
663 Intel white papers: 707 Intel white papers:
664 708
665 .. _spec_ref1: 709 .. _spec_ref1:
666 710
667 [1] `Intel analysis of speculative execution s 711 [1] `Intel analysis of speculative execution side channels <https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf>`_.
668 712
669 .. _spec_ref2: 713 .. _spec_ref2:
670 714
671 [2] `Bounds check bypass <https://software.int 715 [2] `Bounds check bypass <https://software.intel.com/security-software-guidance/software-guidance/bounds-check-bypass>`_.
672 716
673 .. _spec_ref3: 717 .. _spec_ref3:
674 718
675 [3] `Deep dive: Retpoline: A branch target inj 719 [3] `Deep dive: Retpoline: A branch target injection mitigation <https://software.intel.com/security-software-guidance/insights/deep-dive-retpoline-branch-target-injection-mitigation>`_.
676 720
677 .. _spec_ref4: 721 .. _spec_ref4:
678 722
679 [4] `Deep Dive: Single Thread Indirect Branch 723 [4] `Deep Dive: Single Thread Indirect Branch Predictors <https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors>`_.
680 724
681 AMD white papers: 725 AMD white papers:
682 726
683 .. _spec_ref5: 727 .. _spec_ref5:
684 728
685 [5] `AMD64 technology indirect branch control 729 [5] `AMD64 technology indirect branch control extension <https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf>`_.
686 730
687 .. _spec_ref6: 731 .. _spec_ref6:
688 732
689 [6] `Software techniques for managing speculat !! 733 [6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf>`_.
690 734
691 ARM white papers: 735 ARM white papers:
692 736
693 .. _spec_ref7: 737 .. _spec_ref7:
694 738
695 [7] `Cache speculation side-channels <https:// 739 [7] `Cache speculation side-channels <https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/download-the-whitepaper>`_.
696 740
697 .. _spec_ref8: 741 .. _spec_ref8:
698 742
699 [8] `Cache speculation issues update <https:// 743 [8] `Cache speculation issues update <https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/latest-updates/cache-speculation-issues-update>`_.
700 744
701 Google white paper: 745 Google white paper:
702 746
703 .. _spec_ref9: 747 .. _spec_ref9:
704 748
705 [9] `Retpoline: a software construct for preve 749 [9] `Retpoline: a software construct for preventing branch-target-injection <https://support.google.com/faqs/answer/7625886>`_.
706 750
707 MIPS white paper: 751 MIPS white paper:
708 752
709 .. _spec_ref10: 753 .. _spec_ref10:
710 754
711 [10] `MIPS: response on speculative execution 755 [10] `MIPS: response on speculative execution and side channel vulnerabilities <https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/>`_.
712 756
713 Academic papers: 757 Academic papers:
714 758
715 .. _spec_ref11: 759 .. _spec_ref11:
716 760
717 [11] `Spectre Attacks: Exploiting Speculative 761 [11] `Spectre Attacks: Exploiting Speculative Execution <https://spectreattack.com/spectre.pdf>`_.
718 762
719 .. _spec_ref12: 763 .. _spec_ref12:
720 764
721 [12] `NetSpectre: Read Arbitrary Memory over N 765 [12] `NetSpectre: Read Arbitrary Memory over Network <https://arxiv.org/abs/1807.10535>`_.
722 766
723 .. _spec_ref13: 767 .. _spec_ref13:
724 768
725 [13] `Spectre Returns! Speculation Attacks usi 769 [13] `Spectre Returns! Speculation Attacks using the Return Stack Buffer <https://www.usenix.org/system/files/conference/woot18/woot18-paper-koruyeh.pdf>`_.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.