On 18/07/2022 17:38, Peter Zijlstra wrote:
On Mon, Jul 18, 2022 at 06:28:27PM +0200, Borislav Petkov wrote:
On Mon, Jul 18, 2022 at 01:41:37PM +0200, Peter Zijlstra wrote:
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 10a3bfc1eb23..f934dcdb7c0d 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -297,6 +297,8 @@ do { \ alternative_msr_write(MSR_IA32_SPEC_CTRL, \ spec_ctrl_current() | SPEC_CTRL_IBRS, \ X86_FEATURE_USE_IBRS_FW); \
- altnerative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB, \
X86_FEATURE_USE_IBPB_FW); \} while (0)
So I'm being told we need to untrain on return from EFI to protect the kernel from it. Ontop of yours.
I don't think there's any credible way we can protect against EFI taking over the system if it wants to. It runs at CPL0 and has access to the direct map. If EFI wants it can take over the system without trying.
I don't think an untrain is needed either. EFI RS can do anything it wants, architecturally speaking, so the only threat is it acting as a confused deputy.
The IBPB on the way in mitigates any BTC attacks against EFI-RS.
The "safe" BTB entry can be evicted due to competition or an alias, both in kernel code or EFI code, but neither of these contexts will be deliberately creating a malicious entry.
~Andrew