1fb3bd914SBorislav Petkov (AMD).. SPDX-License-Identifier: GPL-2.0 2fb3bd914SBorislav Petkov (AMD) 3fb3bd914SBorislav Petkov (AMD)Speculative Return Stack Overflow (SRSO) 4fb3bd914SBorislav Petkov (AMD)======================================== 5fb3bd914SBorislav Petkov (AMD) 6fb3bd914SBorislav Petkov (AMD)This is a mitigation for the speculative return stack overflow (SRSO) 7fb3bd914SBorislav Petkov (AMD)vulnerability found on AMD processors. The mechanism is by now the well 8fb3bd914SBorislav Petkov (AMD)known scenario of poisoning CPU functional units - the Branch Target 9fb3bd914SBorislav Petkov (AMD)Buffer (BTB) and Return Address Predictor (RAP) in this case - and then 10fb3bd914SBorislav Petkov (AMD)tricking the elevated privilege domain (the kernel) into leaking 11fb3bd914SBorislav Petkov (AMD)sensitive data. 12fb3bd914SBorislav Petkov (AMD) 13fb3bd914SBorislav Petkov (AMD)AMD CPUs predict RET instructions using a Return Address Predictor (aka 14fb3bd914SBorislav Petkov (AMD)Return Address Stack/Return Stack Buffer). In some cases, a non-architectural 15fb3bd914SBorislav Petkov (AMD)CALL instruction (i.e., an instruction predicted to be a CALL but is 16fb3bd914SBorislav Petkov (AMD)not actually a CALL) can create an entry in the RAP which may be used 17fb3bd914SBorislav Petkov (AMD)to predict the target of a subsequent RET instruction. 18fb3bd914SBorislav Petkov (AMD) 19fb3bd914SBorislav Petkov (AMD)The specific circumstances that lead to this varies by microarchitecture 20fb3bd914SBorislav Petkov (AMD)but the concern is that an attacker can mis-train the CPU BTB to predict 21fb3bd914SBorislav Petkov (AMD)non-architectural CALL instructions in kernel space and use this to 22fb3bd914SBorislav Petkov (AMD)control the speculative target of a subsequent kernel RET, potentially 23fb3bd914SBorislav Petkov (AMD)leading to information disclosure via a speculative side-channel. 24fb3bd914SBorislav Petkov (AMD) 25fb3bd914SBorislav Petkov (AMD)The issue is tracked under CVE-2023-20569. 26fb3bd914SBorislav Petkov (AMD) 27fb3bd914SBorislav Petkov (AMD)Affected processors 28fb3bd914SBorislav Petkov (AMD)------------------- 29fb3bd914SBorislav Petkov (AMD) 30fb3bd914SBorislav Petkov (AMD)AMD Zen, generations 1-4. That is, all families 0x17 and 0x19. Older 31fb3bd914SBorislav Petkov (AMD)processors have not been investigated. 32fb3bd914SBorislav Petkov (AMD) 33fb3bd914SBorislav Petkov (AMD)System information and options 34fb3bd914SBorislav Petkov (AMD)------------------------------ 35fb3bd914SBorislav Petkov (AMD) 36fb3bd914SBorislav Petkov (AMD)First of all, it is required that the latest microcode be loaded for 37fb3bd914SBorislav Petkov (AMD)mitigations to be effective. 38fb3bd914SBorislav Petkov (AMD) 39fb3bd914SBorislav Petkov (AMD)The sysfs file showing SRSO mitigation status is: 40fb3bd914SBorislav Petkov (AMD) 41fb3bd914SBorislav Petkov (AMD) /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow 42fb3bd914SBorislav Petkov (AMD) 43fb3bd914SBorislav Petkov (AMD)The possible values in this file are: 44fb3bd914SBorislav Petkov (AMD) 4509f9f37cSBorislav Petkov (AMD) * 'Not affected': 46fb3bd914SBorislav Petkov (AMD) 4709f9f37cSBorislav Petkov (AMD) The processor is not vulnerable 48fb3bd914SBorislav Petkov (AMD) 49*0a958abfSJosh Poimboeuf* 'Vulnerable': 50*0a958abfSJosh Poimboeuf 51*0a958abfSJosh Poimboeuf The processor is vulnerable and no mitigations have been applied. 52*0a958abfSJosh Poimboeuf 53*0a958abfSJosh Poimboeuf * 'Vulnerable: No microcode': 5409f9f37cSBorislav Petkov (AMD) 5509f9f37cSBorislav Petkov (AMD) The processor is vulnerable, no microcode extending IBPB 5609f9f37cSBorislav Petkov (AMD) functionality to address the vulnerability has been applied. 5709f9f37cSBorislav Petkov (AMD) 58*0a958abfSJosh Poimboeuf * 'Vulnerable: Safe RET, no microcode': 59*0a958abfSJosh Poimboeuf 60*0a958abfSJosh Poimboeuf The "Safe RET" mitigation (see below) has been applied to protect the 61*0a958abfSJosh Poimboeuf kernel, but the IBPB-extending microcode has not been applied. User 62*0a958abfSJosh Poimboeuf space tasks may still be vulnerable. 63*0a958abfSJosh Poimboeuf 64*0a958abfSJosh Poimboeuf * 'Vulnerable: Microcode, no safe RET': 6509f9f37cSBorislav Petkov (AMD) 6609f9f37cSBorislav Petkov (AMD) Extended IBPB functionality microcode patch has been applied. It does 6709f9f37cSBorislav Petkov (AMD) not address User->Kernel and Guest->Host transitions protection but it 6809f9f37cSBorislav Petkov (AMD) does address User->User and VM->VM attack vectors. 6909f9f37cSBorislav Petkov (AMD) 7009f9f37cSBorislav Petkov (AMD) Note that User->User mitigation is controlled by how the IBPB aspect in 7109f9f37cSBorislav Petkov (AMD) the Spectre v2 mitigation is selected: 7209f9f37cSBorislav Petkov (AMD) 7309f9f37cSBorislav Petkov (AMD) * conditional IBPB: 7409f9f37cSBorislav Petkov (AMD) 7509f9f37cSBorislav Petkov (AMD) where each process can select whether it needs an IBPB issued 7609f9f37cSBorislav Petkov (AMD) around it PR_SPEC_DISABLE/_ENABLE etc, see :doc:`spectre` 7709f9f37cSBorislav Petkov (AMD) 7809f9f37cSBorislav Petkov (AMD) * strict: 7909f9f37cSBorislav Petkov (AMD) 8009f9f37cSBorislav Petkov (AMD) i.e., always on - by supplying spectre_v2_user=on on the kernel 8109f9f37cSBorislav Petkov (AMD) command line 82fb3bd914SBorislav Petkov (AMD) 83fb3bd914SBorislav Petkov (AMD) (spec_rstack_overflow=microcode) 84fb3bd914SBorislav Petkov (AMD) 85*0a958abfSJosh Poimboeuf * 'Mitigation: Safe RET': 86fb3bd914SBorislav Petkov (AMD) 87*0a958abfSJosh Poimboeuf Combined microcode/software mitigation. It complements the 88*0a958abfSJosh Poimboeuf extended IBPB microcode patch functionality by addressing 89*0a958abfSJosh Poimboeuf User->Kernel and Guest->Host transitions protection. 90fb3bd914SBorislav Petkov (AMD) 9109f9f37cSBorislav Petkov (AMD) Selected by default or by spec_rstack_overflow=safe-ret 9209f9f37cSBorislav Petkov (AMD) 9309f9f37cSBorislav Petkov (AMD) * 'Mitigation: IBPB': 9409f9f37cSBorislav Petkov (AMD) 9509f9f37cSBorislav Petkov (AMD) Similar protection as "safe RET" above but employs an IBPB barrier on 9609f9f37cSBorislav Petkov (AMD) privilege domain crossings (User->Kernel, Guest->Host). 97fb3bd914SBorislav Petkov (AMD) 98fb3bd914SBorislav Petkov (AMD) (spec_rstack_overflow=ibpb) 99fb3bd914SBorislav Petkov (AMD) 10009f9f37cSBorislav Petkov (AMD) * 'Mitigation: IBPB on VMEXIT': 10109f9f37cSBorislav Petkov (AMD) 10209f9f37cSBorislav Petkov (AMD) Mitigation addressing the cloud provider scenario - the Guest->Host 10309f9f37cSBorislav Petkov (AMD) transitions only. 104fb3bd914SBorislav Petkov (AMD) 105fb3bd914SBorislav Petkov (AMD) (spec_rstack_overflow=ibpb-vmexit) 106fb3bd914SBorislav Petkov (AMD) 10709f9f37cSBorislav Petkov (AMD) 10809f9f37cSBorislav Petkov (AMD) 109fb3bd914SBorislav Petkov (AMD)In order to exploit vulnerability, an attacker needs to: 110fb3bd914SBorislav Petkov (AMD) 111fb3bd914SBorislav Petkov (AMD) - gain local access on the machine 112fb3bd914SBorislav Petkov (AMD) 113fb3bd914SBorislav Petkov (AMD) - break kASLR 114fb3bd914SBorislav Petkov (AMD) 115fb3bd914SBorislav Petkov (AMD) - find gadgets in the running kernel in order to use them in the exploit 116fb3bd914SBorislav Petkov (AMD) 117fb3bd914SBorislav Petkov (AMD) - potentially create and pin an additional workload on the sibling 118fb3bd914SBorislav Petkov (AMD) thread, depending on the microarchitecture (not necessary on fam 0x19) 119fb3bd914SBorislav Petkov (AMD) 120fb3bd914SBorislav Petkov (AMD) - run the exploit 121fb3bd914SBorislav Petkov (AMD) 122fb3bd914SBorislav Petkov (AMD)Considering the performance implications of each mitigation type, the 123fb3bd914SBorislav Petkov (AMD)default one is 'Mitigation: safe RET' which should take care of most 124fb3bd914SBorislav Petkov (AMD)attack vectors, including the local User->Kernel one. 125fb3bd914SBorislav Petkov (AMD) 126fb3bd914SBorislav Petkov (AMD)As always, the user is advised to keep her/his system up-to-date by 127fb3bd914SBorislav Petkov (AMD)applying software updates regularly. 128fb3bd914SBorislav Petkov (AMD) 129fb3bd914SBorislav Petkov (AMD)The default setting will be reevaluated when needed and especially when 130fb3bd914SBorislav Petkov (AMD)new attack vectors appear. 131fb3bd914SBorislav Petkov (AMD) 132fb3bd914SBorislav Petkov (AMD)As one can surmise, 'Mitigation: safe RET' does come at the cost of some 133fb3bd914SBorislav Petkov (AMD)performance depending on the workload. If one trusts her/his userspace 134fb3bd914SBorislav Petkov (AMD)and does not want to suffer the performance impact, one can always 135fb3bd914SBorislav Petkov (AMD)disable the mitigation with spec_rstack_overflow=off. 136fb3bd914SBorislav Petkov (AMD) 137fb3bd914SBorislav Petkov (AMD)Similarly, 'Mitigation: IBPB' is another full mitigation type employing 138fb3bd914SBorislav Petkov (AMD)an indrect branch prediction barrier after having applied the required 139fb3bd914SBorislav Petkov (AMD)microcode patch for one's system. This mitigation comes also at 140fb3bd914SBorislav Petkov (AMD)a performance cost. 141fb3bd914SBorislav Petkov (AMD) 142*0a958abfSJosh PoimboeufMitigation: Safe RET 143fb3bd914SBorislav Petkov (AMD)-------------------- 144fb3bd914SBorislav Petkov (AMD) 145fb3bd914SBorislav Petkov (AMD)The mitigation works by ensuring all RET instructions speculate to 146fb3bd914SBorislav Petkov (AMD)a controlled location, similar to how speculation is controlled in the 147fb3bd914SBorislav Petkov (AMD)retpoline sequence. To accomplish this, the __x86_return_thunk forces 148fb3bd914SBorislav Petkov (AMD)the CPU to mispredict every function return using a 'safe return' 149fb3bd914SBorislav Petkov (AMD)sequence. 150fb3bd914SBorislav Petkov (AMD) 151fb3bd914SBorislav Petkov (AMD)To ensure the safety of this mitigation, the kernel must ensure that the 152fb3bd914SBorislav Petkov (AMD)safe return sequence is itself free from attacker interference. In Zen3 153fb3bd914SBorislav Petkov (AMD)and Zen4, this is accomplished by creating a BTB alias between the 15442be649dSPeter Zijlstrauntraining function srso_alias_untrain_ret() and the safe return 15542be649dSPeter Zijlstrafunction srso_alias_safe_ret() which results in evicting a potentially 156fb3bd914SBorislav Petkov (AMD)poisoned BTB entry and using that safe one for all function returns. 157fb3bd914SBorislav Petkov (AMD) 158fb3bd914SBorislav Petkov (AMD)In older Zen1 and Zen2, this is accomplished using a reinterpretation 159fb3bd914SBorislav Petkov (AMD)technique similar to Retbleed one: srso_untrain_ret() and 160fb3bd914SBorislav Petkov (AMD)srso_safe_ret(). 161