Multiple speculative security issues

ISSUE DESCRIPTION

Note: Multiple issues are contained in this XSA due to their interactions.

1. Researchers at VU Amsterdam have discovered Spectre-BHB, pertaining to the use of Branch History between privilege levels.
   ARM have assigned CVE-2022-23960. Intel have assigned CVE-2022-0001 (Branch History Injection) and CVE-2022-0002 (Intra-mode BTI). AMD have no statement at the time of writing.
   For more details, see: <a href=“https://vusec.net/projects/bhi-spectre-bhb”>https://vusec.net/projects/bhi-spectre-bhb</a> <a href=“https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb”>https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb</a> <a href=“https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html”>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html</a> <a href=“https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html”>https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html</a>
2. Researchers at Open Source Security, Inc. have discovered that AMD CPUs may speculate beyond direct branches.
   AMD have assigned CVE-2021-26341.
   For more details, see: <a href=“https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before”>https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before</a> <a href=“https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026”>https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026</a>
3. Researchers at Intel have discovered that previous Spectre-v2 recommendations of using lfence/jmp is incomplete.
   AMD have assigned CVE-2021-26401.
   For more details, see: <a href=“https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036”>https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036</a>

IMPACT

An attacker might be able to infer the contents of arbitrary host memory, including memory assigned to other guests.

VULNERABLE SYSTEMS

Systems running all versions of Xen are affected.
Whether a CPU is potentially vulnerable depends on its microarchitecture. Consult your hardware vendor.
Xen does not have a managed runtime environment, so is not believed to be vulnerable to CVE-2022-0002 irrespective of any hardware susceptibility.
Xen does not have any known gadgets vulnerable to Direct Branch Straight Line Speculation. Therefore, no changes for CVE-2021-26341 are being provided at this time.
The AMD BTI (Spectre v2) protections do not depend on isolating predictions between different privileges, so the fact that Branch History is shared (just like the Branch Target Buffer) is not believed to be relevant to existing mitigations. Therefore, there is no believed impact from Spectre-BHB on AMD hardware.
Patches to mitigate CVE-2022-23960 on affected ARM CPUs are provided.
Intel have recommended not making any changes by default for CVE-2022-0001. Existing Spectre-v2 mitigations on pre-eIBRS hardware are believed to be sufficient. On eIBRS capable hardware, there is uncertainty over the utility of Branch History Injection to an adversary. However, the risk can be removed by using eIBRS in combination with retpoline.
For CVE-2021-26401, AMD have recommended using retpoline in preference to lfence/jmp as previously recommended to mitigate Spectre-v2. This recommendation also mitigates any risk from Branch History Injection.
For both CVE-2022-0001 on Intel, and CVE-2021-26401 on AMD, the suggestion to use retpoline is incompatible with CET Shadow Stacks as implemented in Xen 4.14 and later. The security team has decided that disabling CET Shadow Stacks to work around speculation problems is not a reasonable option for downstreams and end users.
Therefore, patches are also provided to: * Use IBRS on capable AMD hardware. This also mitigates CVE-2021-26401. * Use CET Indirect Branch Tracking on capable Intel hardware. CET-IBT has architectural guarantees about halting speculation, on top of being a hardware mechanism to protect against Call/Jump Oriented Programming attacks.
Both provide CET Shadow Stack compatible mitigations to these issues. A practical consequence of this decision is that CET Shadow Stacks are now considered security supported, upgraded from Tech Preview previously.
Note: CET-IBT patches are incomplete and will be backported at a later date.