One of the new exciting security features with Linux 6.17 is Attack Vector Controls as a means of easier managing CPU security mitigations depending upon the system/server use-case. It drastically simplifies CPU security mitigation management for only activating the mitigations relevant to intended use. With the Linux 6.17-rc2 kernel due out later today, Attack Vector Controls refines its logic around the Speculative Return Stack Overflow (SRSO) mitigation.
Sent out today were the x86 fixes ahead of Linux 6.17-rc2 coming out later today. With this week’s x86/urgent pull request is adjusting the SRSO mitigation behavior for Attack Vector Controls. AMD engineer David Kaplan who spearheaded the Attack Vector Controls effort explains with the patch refinement:
“The SRSO bug can theoretically be used to conduct user->user or guest->guest attacks and requires a mitigation (namely IBPB instead of SBPB on context switch) for these. So mark SRSO as being applicable to the user->user and guest->guest attack vectors.
Additionally, SRSO supports multiple mitigations which mitigate different potential attack vectors. Some CPUs are also immune to SRSO from certain attack vectors (like user->kernel).
Use the specific attack vectors requiring mitigation to select the best SRSO mitigation to avoid unnecessary performance hits.”
That’s in this pull along with separately better ensuring AMD SEV guest driver buffers used in encryption operations are linear mapped to help in possible encryption offloading. Plus a few other fixes:
– Remove a transitional asm/cpuid.h header which was added only as a fallback during cpuid helpers reorg
– Initialize reserved fields in the SVSM page validation calls structure to zero in order to allow for future structure extensions
– Have the sev-guest driver’s buffers used in encryption operations be in linear mapping space as the encryption operation can be offloaded to an accelerator
– Have a read-only MSR write when in an AMD SNP guest trap to the hypervisor as it is usually done. This makes the guest user experience better by simply raising a #GP instead of terminating said guest
– Do not output AVX512 elapsed time for kernel threads because the data is wrong and fix a NULL pointer dereferencing in the process
– Adjust the SRSO mitigation selection to the new attack vectors
Linux 6.17 with its many new features should be out as stable by early October.
