0001 .. SPDX-License-Identifier: GPL-2.0
0002
0003 Spectre Side Channels
0004 =====================
0005
0006 Spectre is a class of side channel attacks that exploit branch prediction
0007 and speculative execution on modern CPUs to read memory, possibly
0008 bypassing access controls. Speculative execution side channel exploits
0009 do not modify memory but attempt to infer privileged data in the memory.
0010
0011 This document covers Spectre variant 1 and Spectre variant 2.
0012
0013 Affected processors
0014 -------------------
0015
0016 Speculative execution side channel methods affect a wide range of modern
0017 high performance processors, since most modern high speed processors
0018 use branch prediction and speculative execution.
0019
0020 The following CPUs are vulnerable:
0021
0022 - Intel Core, Atom, Pentium, and Xeon processors
0023
0024 - AMD Phenom, EPYC, and Zen processors
0025
0026 - IBM POWER and zSeries processors
0027
0028 - Higher end ARM processors
0029
0030 - Apple CPUs
0031
0032 - Higher end MIPS CPUs
0033
0034 - Likely most other high performance CPUs. Contact your CPU vendor for details.
0035
0036 Whether a processor is affected or not can be read out from the Spectre
0037 vulnerability files in sysfs. See :ref:`spectre_sys_info`.
0038
0039 Related CVEs
0040 ------------
0041
0042 The following CVE entries describe Spectre variants:
0043
0044 ============= ======================= ==========================
0045 CVE-2017-5753 Bounds check bypass Spectre variant 1
0046 CVE-2017-5715 Branch target injection Spectre variant 2
0047 CVE-2019-1125 Spectre v1 swapgs Spectre variant 1 (swapgs)
0048 ============= ======================= ==========================
0049
0050 Problem
0051 -------
0052
0053 CPUs use speculative operations to improve performance. That may leave
0054 traces of memory accesses or computations in the processor's caches,
0055 buffers, and branch predictors. Malicious software may be able to
0056 influence the speculative execution paths, and then use the side effects
0057 of the speculative execution in the CPUs' caches and buffers to infer
0058 privileged data touched during the speculative execution.
0059
0060 Spectre variant 1 attacks take advantage of speculative execution of
0061 conditional branches, while Spectre variant 2 attacks use speculative
0062 execution of indirect branches to leak privileged memory.
0063 See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[6] <spec_ref6>`
0064 :ref:`[7] <spec_ref7>` :ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.
0065
0066 Spectre variant 1 (Bounds Check Bypass)
0067 ---------------------------------------
0068
0069 The bounds check bypass attack :ref:`[2] <spec_ref2>` takes advantage
0070 of speculative execution that bypasses conditional branch instructions
0071 used for memory access bounds check (e.g. checking if the index of an
0072 array results in memory access within a valid range). This results in
0073 memory accesses to invalid memory (with out-of-bound index) that are
0074 done speculatively before validation checks resolve. Such speculative
0075 memory accesses can leave side effects, creating side channels which
0076 leak information to the attacker.
0077
0078 There are some extensions of Spectre variant 1 attacks for reading data
0079 over the network, see :ref:`[12] <spec_ref12>`. However such attacks
0080 are difficult, low bandwidth, fragile, and are considered low risk.
0081
0082 Note that, despite "Bounds Check Bypass" name, Spectre variant 1 is not
0083 only about user-controlled array bounds checks. It can affect any
0084 conditional checks. The kernel entry code interrupt, exception, and NMI
0085 handlers all have conditional swapgs checks. Those may be problematic
0086 in the context of Spectre v1, as kernel code can speculatively run with
0087 a user GS.
0088
0089 Spectre variant 2 (Branch Target Injection)
0090 -------------------------------------------
0091
0092 The branch target injection attack takes advantage of speculative
0093 execution of indirect branches :ref:`[3] <spec_ref3>`. The indirect
0094 branch predictors inside the processor used to guess the target of
0095 indirect branches can be influenced by an attacker, causing gadget code
0096 to be speculatively executed, thus exposing sensitive data touched by
0097 the victim. The side effects left in the CPU's caches during speculative
0098 execution can be measured to infer data values.
0099
0100 .. _poison_btb:
0101
0102 In Spectre variant 2 attacks, the attacker can steer speculative indirect
0103 branches in the victim to gadget code by poisoning the branch target
0104 buffer of a CPU used for predicting indirect branch addresses. Such
0105 poisoning could be done by indirect branching into existing code,
0106 with the address offset of the indirect branch under the attacker's
0107 control. Since the branch prediction on impacted hardware does not
0108 fully disambiguate branch address and uses the offset for prediction,
0109 this could cause privileged code's indirect branch to jump to a gadget
0110 code with the same offset.
0111
0112 The most useful gadgets take an attacker-controlled input parameter (such
0113 as a register value) so that the memory read can be controlled. Gadgets
0114 without input parameters might be possible, but the attacker would have
0115 very little control over what memory can be read, reducing the risk of
0116 the attack revealing useful data.
0117
0118 One other variant 2 attack vector is for the attacker to poison the
0119 return stack buffer (RSB) :ref:`[13] <spec_ref13>` to cause speculative
0120 subroutine return instruction execution to go to a gadget. An attacker's
0121 imbalanced subroutine call instructions might "poison" entries in the
0122 return stack buffer which are later consumed by a victim's subroutine
0123 return instructions. This attack can be mitigated by flushing the return
0124 stack buffer on context switch, or virtual machine (VM) exit.
0125
0126 On systems with simultaneous multi-threading (SMT), attacks are possible
0127 from the sibling thread, as level 1 cache and branch target buffer
0128 (BTB) may be shared between hardware threads in a CPU core. A malicious
0129 program running on the sibling thread may influence its peer's BTB to
0130 steer its indirect branch speculations to gadget code, and measure the
0131 speculative execution's side effects left in level 1 cache to infer the
0132 victim's data.
0133
0134 Yet another variant 2 attack vector is for the attacker to poison the
0135 Branch History Buffer (BHB) to speculatively steer an indirect branch
0136 to a specific Branch Target Buffer (BTB) entry, even if the entry isn't
0137 associated with the source address of the indirect branch. Specifically,
0138 the BHB might be shared across privilege levels even in the presence of
0139 Enhanced IBRS.
0140
0141 Currently the only known real-world BHB attack vector is via
0142 unprivileged eBPF. Therefore, it's highly recommended to not enable
0143 unprivileged eBPF, especially when eIBRS is used (without retpolines).
0144 For a full mitigation against BHB attacks, it's recommended to use
0145 retpolines (or eIBRS combined with retpolines).
0146
0147 Attack scenarios
0148 ----------------
0149
0150 The following list of attack scenarios have been anticipated, but may
0151 not cover all possible attack vectors.
0152
0153 1. A user process attacking the kernel
0154 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
0155
0156 Spectre variant 1
0157 ~~~~~~~~~~~~~~~~~
0158
0159 The attacker passes a parameter to the kernel via a register or
0160 via a known address in memory during a syscall. Such parameter may
0161 be used later by the kernel as an index to an array or to derive
0162 a pointer for a Spectre variant 1 attack. The index or pointer
0163 is invalid, but bound checks are bypassed in the code branch taken
0164 for speculative execution. This could cause privileged memory to be
0165 accessed and leaked.
0166
0167 For kernel code that has been identified where data pointers could
0168 potentially be influenced for Spectre attacks, new "nospec" accessor
0169 macros are used to prevent speculative loading of data.
0170
0171 Spectre variant 1 (swapgs)
0172 ~~~~~~~~~~~~~~~~~~~~~~~~~~
0173
0174 An attacker can train the branch predictor to speculatively skip the
0175 swapgs path for an interrupt or exception. If they initialize
0176 the GS register to a user-space value, if the swapgs is speculatively
0177 skipped, subsequent GS-related percpu accesses in the speculation
0178 window will be done with the attacker-controlled GS value. This
0179 could cause privileged memory to be accessed and leaked.
0180
0181 For example:
0182
0183 ::
0184
0185 if (coming from user space)
0186 swapgs
0187 mov %gs:<percpu_offset>, %reg
0188 mov (%reg), %reg1
0189
0190 When coming from user space, the CPU can speculatively skip the
0191 swapgs, and then do a speculative percpu load using the user GS
0192 value. So the user can speculatively force a read of any kernel
0193 value. If a gadget exists which uses the percpu value as an address
0194 in another load/store, then the contents of the kernel value may
0195 become visible via an L1 side channel attack.
0196
0197 A similar attack exists when coming from kernel space. The CPU can
0198 speculatively do the swapgs, causing the user GS to get used for the
0199 rest of the speculative window.
0200
0201 Spectre variant 2
0202 ~~~~~~~~~~~~~~~~~
0203
0204 A spectre variant 2 attacker can :ref:`poison <poison_btb>` the branch
0205 target buffer (BTB) before issuing syscall to launch an attack.
0206 After entering the kernel, the kernel could use the poisoned branch
0207 target buffer on indirect jump and jump to gadget code in speculative
0208 execution.
0209
0210 If an attacker tries to control the memory addresses leaked during
0211 speculative execution, he would also need to pass a parameter to the
0212 gadget, either through a register or a known address in memory. After
0213 the gadget has executed, he can measure the side effect.
0214
0215 The kernel can protect itself against consuming poisoned branch
0216 target buffer entries by using return trampolines (also known as
0217 "retpoline") :ref:`[3] <spec_ref3>` :ref:`[9] <spec_ref9>` for all
0218 indirect branches. Return trampolines trap speculative execution paths
0219 to prevent jumping to gadget code during speculative execution.
0220 x86 CPUs with Enhanced Indirect Branch Restricted Speculation
0221 (Enhanced IBRS) available in hardware should use the feature to
0222 mitigate Spectre variant 2 instead of retpoline. Enhanced IBRS is
0223 more efficient than retpoline.
0224
0225 There may be gadget code in firmware which could be exploited with
0226 Spectre variant 2 attack by a rogue user process. To mitigate such
0227 attacks on x86, Indirect Branch Restricted Speculation (IBRS) feature
0228 is turned on before the kernel invokes any firmware code.
0229
0230 2. A user process attacking another user process
0231 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
0232
0233 A malicious user process can try to attack another user process,
0234 either via a context switch on the same hardware thread, or from the
0235 sibling hyperthread sharing a physical processor core on simultaneous
0236 multi-threading (SMT) system.
0237
0238 Spectre variant 1 attacks generally require passing parameters
0239 between the processes, which needs a data passing relationship, such
0240 as remote procedure calls (RPC). Those parameters are used in gadget
0241 code to derive invalid data pointers accessing privileged memory in
0242 the attacked process.
0243
0244 Spectre variant 2 attacks can be launched from a rogue process by
0245 :ref:`poisoning <poison_btb>` the branch target buffer. This can
0246 influence the indirect branch targets for a victim process that either
0247 runs later on the same hardware thread, or running concurrently on
0248 a sibling hardware thread sharing the same physical core.
0249
0250 A user process can protect itself against Spectre variant 2 attacks
0251 by using the prctl() syscall to disable indirect branch speculation
0252 for itself. An administrator can also cordon off an unsafe process
0253 from polluting the branch target buffer by disabling the process's
0254 indirect branch speculation. This comes with a performance cost
0255 from not using indirect branch speculation and clearing the branch
0256 target buffer. When SMT is enabled on x86, for a process that has
0257 indirect branch speculation disabled, Single Threaded Indirect Branch
0258 Predictors (STIBP) :ref:`[4] <spec_ref4>` are turned on to prevent the
0259 sibling thread from controlling branch target buffer. In addition,
0260 the Indirect Branch Prediction Barrier (IBPB) is issued to clear the
0261 branch target buffer when context switching to and from such process.
0262
0263 On x86, the return stack buffer is stuffed on context switch.
0264 This prevents the branch target buffer from being used for branch
0265 prediction when the return stack buffer underflows while switching to
0266 a deeper call stack. Any poisoned entries in the return stack buffer
0267 left by the previous process will also be cleared.
0268
0269 User programs should use address space randomization to make attacks
0270 more difficult (Set /proc/sys/kernel/randomize_va_space = 1 or 2).
0271
0272 3. A virtualized guest attacking the host
0273 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
0274
0275 The attack mechanism is similar to how user processes attack the
0276 kernel. The kernel is entered via hyper-calls or other virtualization
0277 exit paths.
0278
0279 For Spectre variant 1 attacks, rogue guests can pass parameters
0280 (e.g. in registers) via hyper-calls to derive invalid pointers to
0281 speculate into privileged memory after entering the kernel. For places
0282 where such kernel code has been identified, nospec accessor macros
0283 are used to stop speculative memory access.
0284
0285 For Spectre variant 2 attacks, rogue guests can :ref:`poison
0286 <poison_btb>` the branch target buffer or return stack buffer, causing
0287 the kernel to jump to gadget code in the speculative execution paths.
0288
0289 To mitigate variant 2, the host kernel can use return trampolines
0290 for indirect branches to bypass the poisoned branch target buffer,
0291 and flushing the return stack buffer on VM exit. This prevents rogue
0292 guests from affecting indirect branching in the host kernel.
0293
0294 To protect host processes from rogue guests, host processes can have
0295 indirect branch speculation disabled via prctl(). The branch target
0296 buffer is cleared before context switching to such processes.
0297
0298 4. A virtualized guest attacking other guest
0299 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
0300
0301 A rogue guest may attack another guest to get data accessible by the
0302 other guest.
0303
0304 Spectre variant 1 attacks are possible if parameters can be passed
0305 between guests. This may be done via mechanisms such as shared memory
0306 or message passing. Such parameters could be used to derive data
0307 pointers to privileged data in guest. The privileged data could be
0308 accessed by gadget code in the victim's speculation paths.
0309
0310 Spectre variant 2 attacks can be launched from a rogue guest by
0311 :ref:`poisoning <poison_btb>` the branch target buffer or the return
0312 stack buffer. Such poisoned entries could be used to influence
0313 speculation execution paths in the victim guest.
0314
0315 Linux kernel mitigates attacks to other guests running in the same
0316 CPU hardware thread by flushing the return stack buffer on VM exit,
0317 and clearing the branch target buffer before switching to a new guest.
0318
0319 If SMT is used, Spectre variant 2 attacks from an untrusted guest
0320 in the sibling hyperthread can be mitigated by the administrator,
0321 by turning off the unsafe guest's indirect branch speculation via
0322 prctl(). A guest can also protect itself by turning on microcode
0323 based mitigations (such as IBPB or STIBP on x86) within the guest.
0324
0325 .. _spectre_sys_info:
0326
0327 Spectre system information
0328 --------------------------
0329
0330 The Linux kernel provides a sysfs interface to enumerate the current
0331 mitigation status of the system for Spectre: whether the system is
0332 vulnerable, and which mitigations are active.
0333
0334 The sysfs file showing Spectre variant 1 mitigation status is:
0335
0336 /sys/devices/system/cpu/vulnerabilities/spectre_v1
0337
0338 The possible values in this file are:
0339
0340 .. list-table::
0341
0342 * - 'Not affected'
0343 - The processor is not vulnerable.
0344 * - 'Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers'
0345 - The swapgs protections are disabled; otherwise it has
0346 protection in the kernel on a case by case base with explicit
0347 pointer sanitation and usercopy LFENCE barriers.
0348 * - 'Mitigation: usercopy/swapgs barriers and __user pointer sanitization'
0349 - Protection in the kernel on a case by case base with explicit
0350 pointer sanitation, usercopy LFENCE barriers, and swapgs LFENCE
0351 barriers.
0352
0353 However, the protections are put in place on a case by case basis,
0354 and there is no guarantee that all possible attack vectors for Spectre
0355 variant 1 are covered.
0356
0357 The spectre_v2 kernel file reports if the kernel has been compiled with
0358 retpoline mitigation or if the CPU has hardware mitigation, and if the
0359 CPU has support for additional process-specific mitigation.
0360
0361 This file also reports CPU features enabled by microcode to mitigate
0362 attack between user processes:
0363
0364 1. Indirect Branch Prediction Barrier (IBPB) to add additional
0365 isolation between processes of different users.
0366 2. Single Thread Indirect Branch Predictors (STIBP) to add additional
0367 isolation between CPU threads running on the same core.
0368
0369 These CPU features may impact performance when used and can be enabled
0370 per process on a case-by-case base.
0371
0372 The sysfs file showing Spectre variant 2 mitigation status is:
0373
0374 /sys/devices/system/cpu/vulnerabilities/spectre_v2
0375
0376 The possible values in this file are:
0377
0378 - Kernel status:
0379
0380 ======================================== =================================
0381 'Not affected' The processor is not vulnerable
0382 'Mitigation: None' Vulnerable, no mitigation
0383 'Mitigation: Retpolines' Use Retpoline thunks
0384 'Mitigation: LFENCE' Use LFENCE instructions
0385 'Mitigation: Enhanced IBRS' Hardware-focused mitigation
0386 'Mitigation: Enhanced IBRS + Retpolines' Hardware-focused + Retpolines
0387 'Mitigation: Enhanced IBRS + LFENCE' Hardware-focused + LFENCE
0388 ======================================== =================================
0389
0390 - Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is
0391 used to protect against Spectre variant 2 attacks when calling firmware (x86 only).
0392
0393 ========== =============================================================
0394 'IBRS_FW' Protection against user program attacks when calling firmware
0395 ========== =============================================================
0396
0397 - Indirect branch prediction barrier (IBPB) status for protection between
0398 processes of different users. This feature can be controlled through
0399 prctl() per process, or through kernel command line options. This is
0400 an x86 only feature. For more details see below.
0401
0402 =================== ========================================================
0403 'IBPB: disabled' IBPB unused
0404 'IBPB: always-on' Use IBPB on all tasks
0405 'IBPB: conditional' Use IBPB on SECCOMP or indirect branch restricted tasks
0406 =================== ========================================================
0407
0408 - Single threaded indirect branch prediction (STIBP) status for protection
0409 between different hyper threads. This feature can be controlled through
0410 prctl per process, or through kernel command line options. This is x86
0411 only feature. For more details see below.
0412
0413 ==================== ========================================================
0414 'STIBP: disabled' STIBP unused
0415 'STIBP: forced' Use STIBP on all tasks
0416 'STIBP: conditional' Use STIBP on SECCOMP or indirect branch restricted tasks
0417 ==================== ========================================================
0418
0419 - Return stack buffer (RSB) protection status:
0420
0421 ============= ===========================================
0422 'RSB filling' Protection of RSB on context switch enabled
0423 ============= ===========================================
0424
0425 - EIBRS Post-barrier Return Stack Buffer (PBRSB) protection status:
0426
0427 =========================== =======================================================
0428 'PBRSB-eIBRS: SW sequence' CPU is affected and protection of RSB on VMEXIT enabled
0429 'PBRSB-eIBRS: Vulnerable' CPU is vulnerable
0430 'PBRSB-eIBRS: Not affected' CPU is not affected by PBRSB
0431 =========================== =======================================================
0432
0433 Full mitigation might require a microcode update from the CPU
0434 vendor. When the necessary microcode is not available, the kernel will
0435 report vulnerability.
0436
0437 Turning on mitigation for Spectre variant 1 and Spectre variant 2
0438 -----------------------------------------------------------------
0439
0440 1. Kernel mitigation
0441 ^^^^^^^^^^^^^^^^^^^^
0442
0443 Spectre variant 1
0444 ~~~~~~~~~~~~~~~~~
0445
0446 For the Spectre variant 1, vulnerable kernel code (as determined
0447 by code audit or scanning tools) is annotated on a case by case
0448 basis to use nospec accessor macros for bounds clipping :ref:`[2]
0449 <spec_ref2>` to avoid any usable disclosure gadgets. However, it may
0450 not cover all attack vectors for Spectre variant 1.
0451
0452 Copy-from-user code has an LFENCE barrier to prevent the access_ok()
0453 check from being mis-speculated. The barrier is done by the
0454 barrier_nospec() macro.
0455
0456 For the swapgs variant of Spectre variant 1, LFENCE barriers are
0457 added to interrupt, exception and NMI entry where needed. These
0458 barriers are done by the FENCE_SWAPGS_KERNEL_ENTRY and
0459 FENCE_SWAPGS_USER_ENTRY macros.
0460
0461 Spectre variant 2
0462 ~~~~~~~~~~~~~~~~~
0463
0464 For Spectre variant 2 mitigation, the compiler turns indirect calls or
0465 jumps in the kernel into equivalent return trampolines (retpolines)
0466 :ref:`[3] <spec_ref3>` :ref:`[9] <spec_ref9>` to go to the target
0467 addresses. Speculative execution paths under retpolines are trapped
0468 in an infinite loop to prevent any speculative execution jumping to
0469 a gadget.
0470
0471 To turn on retpoline mitigation on a vulnerable CPU, the kernel
0472 needs to be compiled with a gcc compiler that supports the
0473 -mindirect-branch=thunk-extern -mindirect-branch-register options.
0474 If the kernel is compiled with a Clang compiler, the compiler needs
0475 to support -mretpoline-external-thunk option. The kernel config
0476 CONFIG_RETPOLINE needs to be turned on, and the CPU needs to run with
0477 the latest updated microcode.
0478
0479 On Intel Skylake-era systems the mitigation covers most, but not all,
0480 cases. See :ref:`[3] <spec_ref3>` for more details.
0481
0482 On CPUs with hardware mitigation for Spectre variant 2 (e.g. Enhanced
0483 IBRS on x86), retpoline is automatically disabled at run time.
0484
0485 The retpoline mitigation is turned on by default on vulnerable
0486 CPUs. It can be forced on or off by the administrator
0487 via the kernel command line and sysfs control files. See
0488 :ref:`spectre_mitigation_control_command_line`.
0489
0490 On x86, indirect branch restricted speculation is turned on by default
0491 before invoking any firmware code to prevent Spectre variant 2 exploits
0492 using the firmware.
0493
0494 Using kernel address space randomization (CONFIG_RANDOMIZE_BASE=y
0495 and CONFIG_SLAB_FREELIST_RANDOM=y in the kernel configuration) makes
0496 attacks on the kernel generally more difficult.
0497
0498 2. User program mitigation
0499 ^^^^^^^^^^^^^^^^^^^^^^^^^^
0500
0501 User programs can mitigate Spectre variant 1 using LFENCE or "bounds
0502 clipping". For more details see :ref:`[2] <spec_ref2>`.
0503
0504 For Spectre variant 2 mitigation, individual user programs
0505 can be compiled with return trampolines for indirect branches.
0506 This protects them from consuming poisoned entries in the branch
0507 target buffer left by malicious software. Alternatively, the
0508 programs can disable their indirect branch speculation via prctl()
0509 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
0510 On x86, this will turn on STIBP to guard against attacks from the
0511 sibling thread when the user program is running, and use IBPB to
0512 flush the branch target buffer when switching to/from the program.
0513
0514 Restricting indirect branch speculation on a user program will
0515 also prevent the program from launching a variant 2 attack
0516 on x86. Administrators can change that behavior via the kernel
0517 command line and sysfs control files.
0518 See :ref:`spectre_mitigation_control_command_line`.
0519
0520 Programs that disable their indirect branch speculation will have
0521 more overhead and run slower.
0522
0523 User programs should use address space randomization
0524 (/proc/sys/kernel/randomize_va_space = 1 or 2) to make attacks more
0525 difficult.
0526
0527 3. VM mitigation
0528 ^^^^^^^^^^^^^^^^
0529
0530 Within the kernel, Spectre variant 1 attacks from rogue guests are
0531 mitigated on a case by case basis in VM exit paths. Vulnerable code
0532 uses nospec accessor macros for "bounds clipping", to avoid any
0533 usable disclosure gadgets. However, this may not cover all variant
0534 1 attack vectors.
0535
0536 For Spectre variant 2 attacks from rogue guests to the kernel, the
0537 Linux kernel uses retpoline or Enhanced IBRS to prevent consumption of
0538 poisoned entries in branch target buffer left by rogue guests. It also
0539 flushes the return stack buffer on every VM exit to prevent a return
0540 stack buffer underflow so poisoned branch target buffer could be used,
0541 or attacker guests leaving poisoned entries in the return stack buffer.
0542
0543 To mitigate guest-to-guest attacks in the same CPU hardware thread,
0544 the branch target buffer is sanitized by flushing before switching
0545 to a new guest on a CPU.
0546
0547 The above mitigations are turned on by default on vulnerable CPUs.
0548
0549 To mitigate guest-to-guest attacks from sibling thread when SMT is
0550 in use, an untrusted guest running in the sibling thread can have
0551 its indirect branch speculation disabled by administrator via prctl().
0552
0553 The kernel also allows guests to use any microcode based mitigation
0554 they choose to use (such as IBPB or STIBP on x86) to protect themselves.
0555
0556 .. _spectre_mitigation_control_command_line:
0557
0558 Mitigation control on the kernel command line
0559 ---------------------------------------------
0560
0561 Spectre variant 2 mitigation can be disabled or force enabled at the
0562 kernel command line.
0563
0564 nospectre_v1
0565
0566 [X86,PPC] Disable mitigations for Spectre Variant 1
0567 (bounds check bypass). With this option data leaks are
0568 possible in the system.
0569
0570 nospectre_v2
0571
0572 [X86] Disable all mitigations for the Spectre variant 2
0573 (indirect branch prediction) vulnerability. System may
0574 allow data leaks with this option, which is equivalent
0575 to spectre_v2=off.
0576
0577
0578 spectre_v2=
0579
0580 [X86] Control mitigation of Spectre variant 2
0581 (indirect branch speculation) vulnerability.
0582 The default operation protects the kernel from
0583 user space attacks.
0584
0585 on
0586 unconditionally enable, implies
0587 spectre_v2_user=on
0588 off
0589 unconditionally disable, implies
0590 spectre_v2_user=off
0591 auto
0592 kernel detects whether your CPU model is
0593 vulnerable
0594
0595 Selecting 'on' will, and 'auto' may, choose a
0596 mitigation method at run time according to the
0597 CPU, the available microcode, the setting of the
0598 CONFIG_RETPOLINE configuration option, and the
0599 compiler with which the kernel was built.
0600
0601 Selecting 'on' will also enable the mitigation
0602 against user space to user space task attacks.
0603
0604 Selecting 'off' will disable both the kernel and
0605 the user space protections.
0606
0607 Specific mitigations can also be selected manually:
0608
0609 retpoline auto pick between generic,lfence
0610 retpoline,generic Retpolines
0611 retpoline,lfence LFENCE; indirect branch
0612 retpoline,amd alias for retpoline,lfence
0613 eibrs enhanced IBRS
0614 eibrs,retpoline enhanced IBRS + Retpolines
0615 eibrs,lfence enhanced IBRS + LFENCE
0616
0617 Not specifying this option is equivalent to
0618 spectre_v2=auto.
0619
0620 In general the kernel by default selects
0621 reasonable mitigations for the current CPU. To
0622 disable Spectre variant 2 mitigations, boot with
0623 spectre_v2=off. Spectre variant 1 mitigations
0624 cannot be disabled.
0625
0626 For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt
0627
0628 Mitigation selection guide
0629 --------------------------
0630
0631 1. Trusted userspace
0632 ^^^^^^^^^^^^^^^^^^^^
0633
0634 If all userspace applications are from trusted sources and do not
0635 execute externally supplied untrusted code, then the mitigations can
0636 be disabled.
0637
0638 2. Protect sensitive programs
0639 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
0640
0641 For security-sensitive programs that have secrets (e.g. crypto
0642 keys), protection against Spectre variant 2 can be put in place by
0643 disabling indirect branch speculation when the program is running
0644 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
0645
0646 3. Sandbox untrusted programs
0647 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
0648
0649 Untrusted programs that could be a source of attacks can be cordoned
0650 off by disabling their indirect branch speculation when they are run
0651 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
0652 This prevents untrusted programs from polluting the branch target
0653 buffer. This behavior can be changed via the kernel command line
0654 and sysfs control files. See
0655 :ref:`spectre_mitigation_control_command_line`.
0656
0657 3. High security mode
0658 ^^^^^^^^^^^^^^^^^^^^^
0659
0660 All Spectre variant 2 mitigations can be forced on
0661 at boot time for all programs (See the "on" option in
0662 :ref:`spectre_mitigation_control_command_line`). This will add
0663 overhead as indirect branch speculations for all programs will be
0664 restricted.
0665
0666 On x86, branch target buffer will be flushed with IBPB when switching
0667 to a new program. STIBP is left on all the time to protect programs
0668 against variant 2 attacks originating from programs running on
0669 sibling threads.
0670
0671 Alternatively, STIBP can be used only when running programs
0672 whose indirect branch speculation is explicitly disabled,
0673 while IBPB is still used all the time when switching to a new
0674 program to clear the branch target buffer (See "ibpb" option in
0675 :ref:`spectre_mitigation_control_command_line`). This "ibpb" option
0676 has less performance cost than the "on" option, which leaves STIBP
0677 on all the time.
0678
0679 References on Spectre
0680 ---------------------
0681
0682 Intel white papers:
0683
0684 .. _spec_ref1:
0685
0686 [1] `Intel analysis of speculative execution side channels <https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf>`_.
0687
0688 .. _spec_ref2:
0689
0690 [2] `Bounds check bypass <https://software.intel.com/security-software-guidance/software-guidance/bounds-check-bypass>`_.
0691
0692 .. _spec_ref3:
0693
0694 [3] `Deep dive: Retpoline: A branch target injection mitigation <https://software.intel.com/security-software-guidance/insights/deep-dive-retpoline-branch-target-injection-mitigation>`_.
0695
0696 .. _spec_ref4:
0697
0698 [4] `Deep Dive: Single Thread Indirect Branch Predictors <https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors>`_.
0699
0700 AMD white papers:
0701
0702 .. _spec_ref5:
0703
0704 [5] `AMD64 technology indirect branch control extension <https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf>`_.
0705
0706 .. _spec_ref6:
0707
0708 [6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/Managing-Speculation-on-AMD-Processors.pdf>`_.
0709
0710 ARM white papers:
0711
0712 .. _spec_ref7:
0713
0714 [7] `Cache speculation side-channels <https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/download-the-whitepaper>`_.
0715
0716 .. _spec_ref8:
0717
0718 [8] `Cache speculation issues update <https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/latest-updates/cache-speculation-issues-update>`_.
0719
0720 Google white paper:
0721
0722 .. _spec_ref9:
0723
0724 [9] `Retpoline: a software construct for preventing branch-target-injection <https://support.google.com/faqs/answer/7625886>`_.
0725
0726 MIPS white paper:
0727
0728 .. _spec_ref10:
0729
0730 [10] `MIPS: response on speculative execution and side channel vulnerabilities <https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/>`_.
0731
0732 Academic papers:
0733
0734 .. _spec_ref11:
0735
0736 [11] `Spectre Attacks: Exploiting Speculative Execution <https://spectreattack.com/spectre.pdf>`_.
0737
0738 .. _spec_ref12:
0739
0740 [12] `NetSpectre: Read Arbitrary Memory over Network <https://arxiv.org/abs/1807.10535>`_.
0741
0742 .. _spec_ref13:
0743
0744 [13] `Spectre Returns! Speculation Attacks using the Return Stack Buffer <https://www.usenix.org/system/files/conference/woot18/woot18-paper-koruyeh.pdf>`_.
