|
| 1 | +.. SPDX-License-Identifier: GPL-2.0 |
| 2 | +
|
| 3 | +Indirect Target Selection (ITS) |
| 4 | +=============================== |
| 5 | + |
| 6 | +ITS is a vulnerability in some Intel CPUs that support Enhanced IBRS and were |
| 7 | +released before Alder Lake. ITS may allow an attacker to control the prediction |
| 8 | +of indirect branches and RETs located in the lower half of a cacheline. |
| 9 | + |
| 10 | +ITS is assigned CVE-2024-28956 with a CVSS score of 4.7 (Medium). |
| 11 | + |
| 12 | +Scope of Impact |
| 13 | +--------------- |
| 14 | +- **eIBRS Guest/Host Isolation**: Indirect branches in KVM/kernel may still be |
| 15 | + predicted with unintended target corresponding to a branch in the guest. |
| 16 | + |
| 17 | +- **Intra-Mode BTI**: In-kernel training such as through cBPF or other native |
| 18 | + gadgets. |
| 19 | + |
| 20 | +- **Indirect Branch Prediction Barrier (IBPB)**: After an IBPB, indirect |
| 21 | + branches may still be predicted with targets corresponding to direct branches |
| 22 | + executed prior to the IBPB. This is fixed by the IPU 2025.1 microcode, which |
| 23 | + should be available via distro updates. Alternatively microcode can be |
| 24 | + obtained from Intel's github repository [#f1]_. |
| 25 | + |
| 26 | +Affected CPUs |
| 27 | +------------- |
| 28 | +Below is the list of ITS affected CPUs [#f2]_ [#f3]_: |
| 29 | + |
| 30 | + ======================== ============ ==================== =============== |
| 31 | + Common name Family_Model eIBRS Intra-mode BTI |
| 32 | + Guest/Host Isolation |
| 33 | + ======================== ============ ==================== =============== |
| 34 | + SKYLAKE_X (step >= 6) 06_55H Affected Affected |
| 35 | + ICELAKE_X 06_6AH Not affected Affected |
| 36 | + ICELAKE_D 06_6CH Not affected Affected |
| 37 | + ICELAKE_L 06_7EH Not affected Affected |
| 38 | + TIGERLAKE_L 06_8CH Not affected Affected |
| 39 | + TIGERLAKE 06_8DH Not affected Affected |
| 40 | + KABYLAKE_L (step >= 12) 06_8EH Affected Affected |
| 41 | + KABYLAKE (step >= 13) 06_9EH Affected Affected |
| 42 | + COMETLAKE 06_A5H Affected Affected |
| 43 | + COMETLAKE_L 06_A6H Affected Affected |
| 44 | + ROCKETLAKE 06_A7H Not affected Affected |
| 45 | + ======================== ============ ==================== =============== |
| 46 | + |
| 47 | +- All affected CPUs enumerate Enhanced IBRS feature. |
| 48 | +- IBPB isolation is affected on all ITS affected CPUs, and need a microcode |
| 49 | + update for mitigation. |
| 50 | +- None of the affected CPUs enumerate BHI_CTRL which was introduced in Golden |
| 51 | + Cove (Alder Lake and Sapphire Rapids). This can help guests to determine the |
| 52 | + host's affected status. |
| 53 | +- Intel Atom CPUs are not affected by ITS. |
| 54 | + |
| 55 | +Mitigation |
| 56 | +---------- |
| 57 | +As only the indirect branches and RETs that have their last byte of instruction |
| 58 | +in the lower half of the cacheline are vulnerable to ITS, the basic idea behind |
| 59 | +the mitigation is to not allow indirect branches in the lower half. |
| 60 | + |
| 61 | +This is achieved by relying on existing retpoline support in the kernel, and in |
| 62 | +compilers. ITS-vulnerable retpoline sites are runtime patched to point to newly |
| 63 | +added ITS-safe thunks. These safe thunks consists of indirect branch in the |
| 64 | +second half of the cacheline. Not all retpoline sites are patched to thunks, if |
| 65 | +a retpoline site is evaluated to be ITS-safe, it is replaced with an inline |
| 66 | +indirect branch. |
| 67 | + |
| 68 | +Dynamic thunks |
| 69 | +~~~~~~~~~~~~~~ |
| 70 | +From a dynamically allocated pool of safe-thunks, each vulnerable site is |
| 71 | +replaced with a new thunk, such that they get a unique address. This could |
| 72 | +improve the branch prediction accuracy. Also, it is a defense-in-depth measure |
| 73 | +against aliasing. |
| 74 | + |
| 75 | +Note, for simplicity, indirect branches in eBPF programs are always replaced |
| 76 | +with a jump to a static thunk in __x86_indirect_its_thunk_array. If required, |
| 77 | +in future this can be changed to use dynamic thunks. |
| 78 | + |
| 79 | +All vulnerable RETs are replaced with a static thunk, they do not use dynamic |
| 80 | +thunks. This is because RETs get their prediction from RSB mostly that does not |
| 81 | +depend on source address. RETs that underflow RSB may benefit from dynamic |
| 82 | +thunks. But, RETs significantly outnumber indirect branches, and any benefit |
| 83 | +from a unique source address could be outweighed by the increased icache |
| 84 | +footprint and iTLB pressure. |
| 85 | + |
| 86 | +Retpoline |
| 87 | +~~~~~~~~~ |
| 88 | +Retpoline sequence also mitigates ITS-unsafe indirect branches. For this |
| 89 | +reason, when retpoline is enabled, ITS mitigation only relocates the RETs to |
| 90 | +safe thunks. Unless user requested the RSB-stuffing mitigation. |
| 91 | + |
| 92 | +RSB Stuffing |
| 93 | +~~~~~~~~~~~~ |
| 94 | +RSB-stuffing via Call Depth Tracking is a mitigation for Retbleed RSB-underflow |
| 95 | +attacks. And it also mitigates RETs that are vulnerable to ITS. |
| 96 | + |
| 97 | +Mitigation in guests |
| 98 | +^^^^^^^^^^^^^^^^^^^^ |
| 99 | +All guests deploy ITS mitigation by default, irrespective of eIBRS enumeration |
| 100 | +and Family/Model of the guest. This is because eIBRS feature could be hidden |
| 101 | +from a guest. One exception to this is when a guest enumerates BHI_DIS_S, which |
| 102 | +indicates that the guest is running on an unaffected host. |
| 103 | + |
| 104 | +To prevent guests from unnecessarily deploying the mitigation on unaffected |
| 105 | +platforms, Intel has defined ITS_NO bit(62) in MSR IA32_ARCH_CAPABILITIES. When |
| 106 | +a guest sees this bit set, it should not enumerate the ITS bug. Note, this bit |
| 107 | +is not set by any hardware, but is **intended for VMMs to synthesize** it for |
| 108 | +guests as per the host's affected status. |
| 109 | + |
| 110 | +Mitigation options |
| 111 | +^^^^^^^^^^^^^^^^^^ |
| 112 | +The ITS mitigation can be controlled using the "indirect_target_selection" |
| 113 | +kernel parameter. The available options are: |
| 114 | + |
| 115 | + ======== =================================================================== |
| 116 | + on (default) Deploy the "Aligned branch/return thunks" mitigation. |
| 117 | + If spectre_v2 mitigation enables retpoline, aligned-thunks are only |
| 118 | + deployed for the affected RET instructions. Retpoline mitigates |
| 119 | + indirect branches. |
| 120 | + |
| 121 | + off Disable ITS mitigation. |
| 122 | + |
| 123 | + vmexit Equivalent to "=on" if the CPU is affected by guest/host isolation |
| 124 | + part of ITS. Otherwise, mitigation is not deployed. This option is |
| 125 | + useful when host userspace is not in the threat model, and only |
| 126 | + attacks from guest to host are considered. |
| 127 | + |
| 128 | + stuff Deploy RSB-fill mitigation when retpoline is also deployed. |
| 129 | + Otherwise, deploy the default mitigation. When retpoline mitigation |
| 130 | + is enabled, RSB-stuffing via Call-Depth-Tracking also mitigates |
| 131 | + ITS. |
| 132 | + |
| 133 | + force Force the ITS bug and deploy the default mitigation. |
| 134 | + ======== =================================================================== |
| 135 | + |
| 136 | +Sysfs reporting |
| 137 | +--------------- |
| 138 | + |
| 139 | +The sysfs file showing ITS mitigation status is: |
| 140 | + |
| 141 | + /sys/devices/system/cpu/vulnerabilities/indirect_target_selection |
| 142 | + |
| 143 | +Note, microcode mitigation status is not reported in this file. |
| 144 | + |
| 145 | +The possible values in this file are: |
| 146 | + |
| 147 | +.. list-table:: |
| 148 | + |
| 149 | + * - Not affected |
| 150 | + - The processor is not vulnerable. |
| 151 | + * - Vulnerable |
| 152 | + - System is vulnerable and no mitigation has been applied. |
| 153 | + * - Vulnerable, KVM: Not affected |
| 154 | + - System is vulnerable to intra-mode BTI, but not affected by eIBRS |
| 155 | + guest/host isolation. |
| 156 | + * - Mitigation: Aligned branch/return thunks |
| 157 | + - The mitigation is enabled, affected indirect branches and RETs are |
| 158 | + relocated to safe thunks. |
| 159 | + * - Mitigation: Retpolines, Stuffing RSB |
| 160 | + - The mitigation is enabled using retpoline and RSB stuffing. |
| 161 | + |
| 162 | +References |
| 163 | +---------- |
| 164 | +.. [#f1] Microcode repository - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files |
| 165 | +
|
| 166 | +.. [#f2] Affected Processors list - https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html |
| 167 | +
|
| 168 | +.. [#f3] Affected Processors list (machine readable) - https://github.com/intel/Intel-affected-processor-list |
0 commit comments