mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
7a9b709e7c
Below are the tests added for Indirect Target Selection (ITS): - its_sysfs.py - Check if sysfs reflects the correct mitigation status for the mitigation selected via the kernel cmdline. - its_permutations.py - tests mitigation selection with cmdline permutations with other bugs like spectre_v2 and retbleed. - its_indirect_alignment.py - verifies that for addresses in .retpoline_sites section that belong to lower half of cacheline are patched to ITS-safe thunk. Typical output looks like below: Site 49: function symbol: __x64_sys_restart_syscall+0x1f <0xffffffffbb1509af> # vmlinux: 0xffffffff813509af: jmp 0xffffffff81f5a8e0 # kcore: 0xffffffffbb1509af: jmpq *%rax # ITS thunk NOT expected for site 49 # PASSED: Found *%rax # Site 50: function symbol: __resched_curr+0xb0 <0xffffffffbb181910> # vmlinux: 0xffffffff81381910: jmp 0xffffffff81f5a8e0 # kcore: 0xffffffffbb181910: jmp 0xffffffffc02000fc # ITS thunk expected for site 50 # PASSED: Found 0xffffffffc02000fc -> jmpq *%rax <scattered-thunk?> - its_ret_alignment.py - verifies that for addresses in .return_sites section that belong to lower half of cacheline are patched to its_return_thunk. Typical output looks like below: Site 97: function symbol: collect_event+0x48 <0xffffffffbb007f18> # vmlinux: 0xffffffff81207f18: jmp 0xffffffff81f5b500 # kcore: 0xffffffffbb007f18: jmp 0xffffffffbbd5b560 # PASSED: Found jmp 0xffffffffbbd5b560 <its_return_thunk> # Site 98: function symbol: collect_event+0xa4 <0xffffffffbb007f74> # vmlinux: 0xffffffff81207f74: jmp 0xffffffff81f5b500 # kcore: 0xffffffffbb007f74: retq # PASSED: Found retq Some of these tests have dependency on tools like virtme-ng[1] and drgn[2]. When the dependencies are not met, the test will be skipped. [1] https://github.com/arighi/virtme-ng [2] https://github.com/osandov/drgn Co-developed-by: Tao Zhang <tao1.zhang@linux.intel.com> Signed-off-by: Tao Zhang <tao1.zhang@linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
65 lines
2.3 KiB
Python
Executable file
65 lines
2.3 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Copyright (c) 2025 Intel Corporation
|
|
#
|
|
# Test for Indirect Target Selection(ITS) mitigation sysfs status.
|
|
|
|
import sys, os, re
|
|
this_dir = os.path.dirname(os.path.realpath(__file__))
|
|
sys.path.insert(0, this_dir + '/../../kselftest')
|
|
import ksft
|
|
|
|
from common import *
|
|
|
|
bug = "indirect_target_selection"
|
|
mitigation = get_sysfs(bug)
|
|
|
|
ITS_MITIGATION_ALIGNED_THUNKS = "Mitigation: Aligned branch/return thunks"
|
|
ITS_MITIGATION_RETPOLINE_STUFF = "Mitigation: Retpolines, Stuffing RSB"
|
|
ITS_MITIGATION_VMEXIT_ONLY = "Mitigation: Vulnerable, KVM: Not affected"
|
|
ITS_MITIGATION_VULNERABLE = "Vulnerable"
|
|
|
|
def check_mitigation():
|
|
if mitigation == ITS_MITIGATION_ALIGNED_THUNKS:
|
|
if cmdline_has(f'{bug}=stuff') and sysfs_has("spectre_v2", "Retpolines"):
|
|
bug_check_fail(bug, ITS_MITIGATION_ALIGNED_THUNKS, ITS_MITIGATION_RETPOLINE_STUFF)
|
|
return
|
|
if cmdline_has(f'{bug}=vmexit') and cpuinfo_has('its_native_only'):
|
|
bug_check_fail(bug, ITS_MITIGATION_ALIGNED_THUNKS, ITS_MITIGATION_VMEXIT_ONLY)
|
|
return
|
|
bug_check_pass(bug, ITS_MITIGATION_ALIGNED_THUNKS)
|
|
return
|
|
|
|
if mitigation == ITS_MITIGATION_RETPOLINE_STUFF:
|
|
if cmdline_has(f'{bug}=stuff') and sysfs_has("spectre_v2", "Retpolines"):
|
|
bug_check_pass(bug, ITS_MITIGATION_RETPOLINE_STUFF)
|
|
return
|
|
if sysfs_has('retbleed', 'Stuffing'):
|
|
bug_check_pass(bug, ITS_MITIGATION_RETPOLINE_STUFF)
|
|
return
|
|
bug_check_fail(bug, ITS_MITIGATION_RETPOLINE_STUFF, ITS_MITIGATION_ALIGNED_THUNKS)
|
|
|
|
if mitigation == ITS_MITIGATION_VMEXIT_ONLY:
|
|
if cmdline_has(f'{bug}=vmexit') and cpuinfo_has('its_native_only'):
|
|
bug_check_pass(bug, ITS_MITIGATION_VMEXIT_ONLY)
|
|
return
|
|
bug_check_fail(bug, ITS_MITIGATION_VMEXIT_ONLY, ITS_MITIGATION_ALIGNED_THUNKS)
|
|
|
|
if mitigation == ITS_MITIGATION_VULNERABLE:
|
|
if sysfs_has("spectre_v2", "Vulnerable"):
|
|
bug_check_pass(bug, ITS_MITIGATION_VULNERABLE)
|
|
else:
|
|
bug_check_fail(bug, "Mitigation", ITS_MITIGATION_VULNERABLE)
|
|
|
|
bug_status_unknown(bug, mitigation)
|
|
return
|
|
|
|
ksft.print_header()
|
|
ksft.set_plan(1)
|
|
ksft.print_msg(f'{bug}: {mitigation} ...')
|
|
|
|
if not basic_checks_sufficient(bug, mitigation):
|
|
check_mitigation()
|
|
|
|
ksft.finished()
|