Whoops: The Linux Kernel's Spectre RSB Mitigation For PowerPC Missed Covering Some CPUs

Written by Michael Larabel in Linux Security on 28 November 2019 at 07:31 PM EST. 1 Comment
LINUX SECURITY
Even with all the light shed on Spectre over the past nearly two years, with the Spectre RSB (Return Stack Buffer) disclosure that did affect IBM POWER processors it turns out the mitigations applied didn't cover all of the CPUs that should have been in place until this week.

This lack of the Linux kernel not applying the Spectre RSB mitigation to all affected PowerPC processors resulted in CVE-2019-18660.

The commit that landed yesterday in mainline Git explained:
We failed to activate the mitigation for Spectre-RSB (Return Stack Buffer, aka. ret2spec) on context switch, on CPUs prior to Power9 DD2.3.

That allows a process to poison the RSB (called Link Stack on Power CPUs) and possibly misdirect speculative execution of another process. If the victim process can be induced to execute a leak gadget then it may be possible to extract information from the victim via a side channel.

The fix is to correctly activate the link stack flush mitigation on all CPUs that have any mitigation of Spectre v2 in userspace enabled.

There's a second commit which adds a link stack flush in the KVM guest exit path. A leak via that path has not been demonstrated, but we believe it's at least theoretically possible.

Since yesterday the fix has been in Linux 5.5 Git and already back-ported to the relevant stable trees. POWER9 DD2.3 is an updated Nimbus revision where as Power9 D2.2 are most of the POWER9 Sforza / Monza / LaGrange chips currently out there.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week