x86-bugs-fix-return-type-of-spectre_bhi_state.patch
x86-bugs-fix-bhi-documentation.patch
x86-bugs-cache-the-value-of-msr_ia32_arch_capabilities.patch
-x86-speculation-do-not-enable-automatic-ibrs-if-sev-snp-is-enabled.patch
x86-bugs-rename-various-ia32_cap-variables-to-x86_arch_cap_msr.patch
+x86-bugs-fix-bhi-handling-of-rrsba.patch
+x86-bugs-clarify-that-syscall-hardening-isn-t-a-bhi-mitigation.patch
+x86-bugs-remove-config_bhi_mitigation_auto-and-spectre_bhi-auto.patch
+x86-bugs-replace-config_spectre_bhi_-on-off-with-config_mitigation_spectre_bhi.patch
--- /dev/null
+From 5f882f3b0a8bf0788d5a0ee44b1191de5319bb8a Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@kernel.org>
+Date: Wed, 10 Apr 2024 22:40:48 -0700
+Subject: x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
+
+From: Josh Poimboeuf <jpoimboe@kernel.org>
+
+commit 5f882f3b0a8bf0788d5a0ee44b1191de5319bb8a upstream.
+
+While syscall hardening helps prevent some BHI attacks, there's still
+other low-hanging fruit remaining. Don't classify it as a mitigation
+and make it clear that the system may still be vulnerable if it doesn't
+have a HW or SW mitigation enabled.
+
+Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob")
+Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Sean Christopherson <seanjc@google.com>
+Link: https://lore.kernel.org/r/b5951dae3fdee7f1520d5136a27be3bdfe95f88b.1712813475.git.jpoimboe@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++------
+ Documentation/admin-guide/kernel-parameters.txt | 3 +--
+ arch/x86/kernel/cpu/bugs.c | 6 +++---
+ 3 files changed, 9 insertions(+), 11 deletions(-)
+
+--- a/Documentation/admin-guide/hw-vuln/spectre.rst
++++ b/Documentation/admin-guide/hw-vuln/spectre.rst
+@@ -441,10 +441,10 @@ The possible values in this file are:
+ - System is protected by BHI_DIS_S
+ * - BHI: SW loop, KVM SW loop
+ - System is protected by software clearing sequence
+- * - BHI: Syscall hardening
+- - Syscalls are hardened against BHI
+- * - BHI: Syscall hardening, KVM: SW loop
+- - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence
++ * - BHI: Vulnerable
++ - System is vulnerable to BHI
++ * - BHI: Vulnerable, KVM: SW loop
++ - System is vulnerable; KVM is protected by software clearing sequence
+
+ Full mitigation might require a microcode update from the CPU
+ vendor. When the necessary microcode is not available, the kernel will
+@@ -711,8 +711,7 @@ For user space mitigation:
+ spectre_bhi=
+
+ [X86] Control mitigation of Branch History Injection
+- (BHI) vulnerability. Syscalls are hardened against BHI
+- regardless of this setting. This setting affects the deployment
++ (BHI) vulnerability. This setting affects the deployment
+ of the HW BHI control and the SW BHB clearing sequence.
+
+ on
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -5406,8 +5406,7 @@
+ See Documentation/admin-guide/laptops/sonypi.rst
+
+ spectre_bhi= [X86] Control mitigation of Branch History Injection
+- (BHI) vulnerability. Syscalls are hardened against BHI
+- reglardless of this setting. This setting affects the
++ (BHI) vulnerability. This setting affects the
+ deployment of the HW BHI control and the SW BHB
+ clearing sequence.
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -2797,10 +2797,10 @@ static const char *spectre_bhi_state(voi
+ return "; BHI: SW loop, KVM: SW loop";
+ else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && rrsba_disabled)
+ return "; BHI: Retpoline";
+- else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT))
+- return "; BHI: Syscall hardening, KVM: SW loop";
++ else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT))
++ return "; BHI: Vulnerable, KVM: SW loop";
+
+- return "; BHI: Vulnerable (Syscall hardening enabled)";
++ return "; BHI: Vulnerable";
+ }
+
+ static ssize_t spectre_v2_show_state(char *buf)
--- /dev/null
+From 1cea8a280dfd1016148a3820676f2f03e3f5b898 Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@kernel.org>
+Date: Wed, 10 Apr 2024 22:40:47 -0700
+Subject: x86/bugs: Fix BHI handling of RRSBA
+
+From: Josh Poimboeuf <jpoimboe@kernel.org>
+
+commit 1cea8a280dfd1016148a3820676f2f03e3f5b898 upstream.
+
+The ARCH_CAP_RRSBA check isn't correct: RRSBA may have already been
+disabled by the Spectre v2 mitigation (or can otherwise be disabled by
+the BHI mitigation itself if needed). In that case retpolines are fine.
+
+Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob")
+Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Sean Christopherson <seanjc@google.com>
+Link: https://lore.kernel.org/r/6f56f13da34a0834b69163467449be7f58f253dc.1712813475.git.jpoimboe@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/cpu/bugs.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -1515,20 +1515,25 @@ static enum spectre_v2_mitigation __init
+ return SPECTRE_V2_RETPOLINE;
+ }
+
++static bool __ro_after_init rrsba_disabled;
++
+ /* Disable in-kernel use of non-RSB RET predictors */
+ static void __init spec_ctrl_disable_kernel_rrsba(void)
+ {
+- u64 x86_arch_cap_msr;
++ if (rrsba_disabled)
++ return;
+
+- if (!boot_cpu_has(X86_FEATURE_RRSBA_CTRL))
++ if (!(x86_arch_cap_msr & ARCH_CAP_RRSBA)) {
++ rrsba_disabled = true;
+ return;
++ }
+
+- x86_arch_cap_msr = x86_read_arch_cap_msr();
++ if (!boot_cpu_has(X86_FEATURE_RRSBA_CTRL))
++ return;
+
+- if (x86_arch_cap_msr & ARCH_CAP_RRSBA) {
+- x86_spec_ctrl_base |= SPEC_CTRL_RRSBA_DIS_S;
+- update_spec_ctrl(x86_spec_ctrl_base);
+- }
++ x86_spec_ctrl_base |= SPEC_CTRL_RRSBA_DIS_S;
++ update_spec_ctrl(x86_spec_ctrl_base);
++ rrsba_disabled = true;
+ }
+
+ static void __init spectre_v2_determine_rsb_fill_type_at_vmexit(enum spectre_v2_mitigation mode)
+@@ -1629,9 +1634,11 @@ static void __init bhi_select_mitigation
+ return;
+
+ /* Retpoline mitigates against BHI unless the CPU has RRSBA behavior */
+- if (cpu_feature_enabled(X86_FEATURE_RETPOLINE) &&
+- !(x86_read_arch_cap_msr() & ARCH_CAP_RRSBA))
+- return;
++ if (cpu_feature_enabled(X86_FEATURE_RETPOLINE)) {
++ spec_ctrl_disable_kernel_rrsba();
++ if (rrsba_disabled)
++ return;
++ }
+
+ if (spec_ctrl_bhi_dis())
+ return;
+@@ -2788,8 +2795,7 @@ static const char *spectre_bhi_state(voi
+ return "; BHI: BHI_DIS_S";
+ else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP))
+ return "; BHI: SW loop, KVM: SW loop";
+- else if (boot_cpu_has(X86_FEATURE_RETPOLINE) &&
+- !(x86_arch_cap_msr & ARCH_CAP_RRSBA))
++ else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && rrsba_disabled)
+ return "; BHI: Retpoline";
+ else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT))
+ return "; BHI: Syscall hardening, KVM: SW loop";
--- /dev/null
+From 36d4fe147c870f6d3f6602befd7ef44393a1c87a Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@kernel.org>
+Date: Wed, 10 Apr 2024 22:40:50 -0700
+Subject: x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
+
+From: Josh Poimboeuf <jpoimboe@kernel.org>
+
+commit 36d4fe147c870f6d3f6602befd7ef44393a1c87a upstream.
+
+Unlike most other mitigations' "auto" options, spectre_bhi=auto only
+mitigates newer systems, which is confusing and not particularly useful.
+
+Remove it.
+
+Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
+Cc: Sean Christopherson <seanjc@google.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Link: https://lore.kernel.org/r/412e9dc87971b622bbbaf64740ebc1f140bff343.1712813475.git.jpoimboe@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/admin-guide/hw-vuln/spectre.rst | 4 ----
+ Documentation/admin-guide/kernel-parameters.txt | 3 ---
+ arch/x86/Kconfig | 4 ----
+ arch/x86/kernel/cpu/bugs.c | 10 +---------
+ 4 files changed, 1 insertion(+), 20 deletions(-)
+
+--- a/Documentation/admin-guide/hw-vuln/spectre.rst
++++ b/Documentation/admin-guide/hw-vuln/spectre.rst
+@@ -719,10 +719,6 @@ For user space mitigation:
+ needed.
+ off
+ Disable the mitigation.
+- auto
+- Enable the HW mitigation if needed, but
+- *don't* enable the SW mitigation except for KVM.
+- The system may be vulnerable.
+
+ For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt
+
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -5413,9 +5413,6 @@
+ on - (default) Enable the HW or SW mitigation
+ as needed.
+ off - Disable the mitigation.
+- auto - Enable the HW mitigation if needed, but
+- *don't* enable the SW mitigation except
+- for KVM. The system may be vulnerable.
+
+ spectre_v2= [X86] Control mitigation of Spectre variant 2
+ (indirect branch speculation) vulnerability.
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -2523,10 +2523,6 @@ config SPECTRE_BHI_OFF
+ bool "off"
+ help
+ Equivalent to setting spectre_bhi=off command line parameter.
+-config SPECTRE_BHI_AUTO
+- bool "auto"
+- help
+- Equivalent to setting spectre_bhi=auto command line parameter.
+
+ endchoice
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -1602,13 +1602,10 @@ static bool __init spec_ctrl_bhi_dis(voi
+ enum bhi_mitigations {
+ BHI_MITIGATION_OFF,
+ BHI_MITIGATION_ON,
+- BHI_MITIGATION_AUTO,
+ };
+
+ static enum bhi_mitigations bhi_mitigation __ro_after_init =
+- IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON :
+- IS_ENABLED(CONFIG_SPECTRE_BHI_OFF) ? BHI_MITIGATION_OFF :
+- BHI_MITIGATION_AUTO;
++ IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : BHI_MITIGATION_OFF;
+
+ static int __init spectre_bhi_parse_cmdline(char *str)
+ {
+@@ -1619,8 +1616,6 @@ static int __init spectre_bhi_parse_cmdl
+ bhi_mitigation = BHI_MITIGATION_OFF;
+ else if (!strcmp(str, "on"))
+ bhi_mitigation = BHI_MITIGATION_ON;
+- else if (!strcmp(str, "auto"))
+- bhi_mitigation = BHI_MITIGATION_AUTO;
+ else
+ pr_err("Ignoring unknown spectre_bhi option (%s)", str);
+
+@@ -1650,9 +1645,6 @@ static void __init bhi_select_mitigation
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT);
+ pr_info("Spectre BHI mitigation: SW BHB clearing on vm exit\n");
+
+- if (bhi_mitigation == BHI_MITIGATION_AUTO)
+- return;
+-
+ /* Mitigate syscalls when the mitigation is forced =on */
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP);
+ pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n");
!cpu_has(c, X86_FEATURE_AMD_SSB_NO))
setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
-@@ -1260,17 +1260,17 @@ static void __init cpu_set_bug_bits(stru
- * Don't use AutoIBRS when SNP is enabled because it degrades host
- * userspace indirect branch performance.
+@@ -1257,15 +1257,15 @@ static void __init cpu_set_bug_bits(stru
+ * AMD's AutoIBRS is equivalent to Intel's eIBRS - use the Intel feature
+ * flag and protect from vendor-specific bugs via the whitelist.
*/
-- if ((ia32_cap & ARCH_CAP_IBRS_ALL) ||
-+ if ((x86_arch_cap_msr & ARCH_CAP_IBRS_ALL) ||
- (cpu_has(c, X86_FEATURE_AUTOIBRS) &&
- !cpu_feature_enabled(X86_FEATURE_SEV_SNP))) {
+- if ((ia32_cap & ARCH_CAP_IBRS_ALL) || cpu_has(c, X86_FEATURE_AUTOIBRS)) {
++ if ((x86_arch_cap_msr & ARCH_CAP_IBRS_ALL) || cpu_has(c, X86_FEATURE_AUTOIBRS)) {
setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
if (!cpu_matches(cpu_vuln_whitelist, NO_EIBRS_PBRSB) &&
- !(ia32_cap & ARCH_CAP_PBRSB_NO))
setup_force_cpu_bug(X86_BUG_MDS);
if (cpu_matches(cpu_vuln_whitelist, MSBDS_ONLY))
setup_force_cpu_bug(X86_BUG_MSBDS_ONLY);
-@@ -1289,9 +1289,9 @@ static void __init cpu_set_bug_bits(stru
+@@ -1284,9 +1284,9 @@ static void __init cpu_set_bug_bits(stru
* TSX_CTRL check alone is not sufficient for cases when the microcode
* update is not present or running as guest that don't get TSX_CTRL.
*/
setup_force_cpu_bug(X86_BUG_TAA);
/*
-@@ -1317,7 +1317,7 @@ static void __init cpu_set_bug_bits(stru
+@@ -1312,7 +1312,7 @@ static void __init cpu_set_bug_bits(stru
* Set X86_BUG_MMIO_UNKNOWN for CPUs that are neither in the blacklist,
* nor in the whitelist and also don't enumerate MSR ARCH_CAP MMIO bits.
*/
if (cpu_matches(cpu_vuln_blacklist, MMIO))
setup_force_cpu_bug(X86_BUG_MMIO_STALE_DATA);
else if (!cpu_matches(cpu_vuln_whitelist, NO_MMIO))
-@@ -1325,7 +1325,7 @@ static void __init cpu_set_bug_bits(stru
+@@ -1320,7 +1320,7 @@ static void __init cpu_set_bug_bits(stru
}
if (!cpu_has(c, X86_FEATURE_BTC_NO)) {
setup_force_cpu_bug(X86_BUG_RETBLEED);
}
-@@ -1338,7 +1338,7 @@ static void __init cpu_set_bug_bits(stru
+@@ -1333,7 +1333,7 @@ static void __init cpu_set_bug_bits(stru
* disabling AVX2. The only way to do this in HW is to clear XCR0[2],
* which means that AVX will be disabled.
*/
boot_cpu_has(X86_FEATURE_AVX))
setup_force_cpu_bug(X86_BUG_GDS);
-@@ -1347,11 +1347,11 @@ static void __init cpu_set_bug_bits(stru
+@@ -1342,11 +1342,11 @@ static void __init cpu_set_bug_bits(stru
setup_force_cpu_bug(X86_BUG_SRSO);
}
!cpu_matches(cpu_vuln_whitelist, NO_BHI) &&
(boot_cpu_has(X86_FEATURE_IBRS_ENHANCED) ||
boot_cpu_has(X86_FEATURE_HYPERVISOR)))
-@@ -1361,7 +1361,7 @@ static void __init cpu_set_bug_bits(stru
+@@ -1356,7 +1356,7 @@ static void __init cpu_set_bug_bits(stru
return;
/* Rogue Data Cache Load? No! */
--- /dev/null
+From 4f511739c54b549061993b53fc0380f48dfca23b Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@kernel.org>
+Date: Wed, 10 Apr 2024 22:40:51 -0700
+Subject: x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI
+
+From: Josh Poimboeuf <jpoimboe@kernel.org>
+
+commit 4f511739c54b549061993b53fc0380f48dfca23b upstream.
+
+For consistency with the other CONFIG_MITIGATION_* options, replace the
+CONFIG_SPECTRE_BHI_{ON,OFF} options with a single
+CONFIG_MITIGATION_SPECTRE_BHI option.
+
+[ mingo: Fix ]
+
+Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: Sean Christopherson <seanjc@google.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Nikolay Borisov <nik.borisov@suse.com>
+Link: https://lore.kernel.org/r/3833812ea63e7fdbe36bf8b932e63f70d18e2a2a.1712813475.git.jpoimboe@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/Kconfig | 17 +++--------------
+ arch/x86/kernel/cpu/bugs.c | 2 +-
+ 2 files changed, 4 insertions(+), 15 deletions(-)
+
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -2505,27 +2505,16 @@ config MITIGATION_RFDS
+ stored in floating point, vector and integer registers.
+ See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst>
+
+-choice
+- prompt "Clear branch history"
++config MITIGATION_SPECTRE_BHI
++ bool "Mitigate Spectre-BHB (Branch History Injection)"
+ depends on CPU_SUP_INTEL
+- default SPECTRE_BHI_ON
++ default y
+ help
+ Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks
+ where the branch history buffer is poisoned to speculatively steer
+ indirect branches.
+ See <file:Documentation/admin-guide/hw-vuln/spectre.rst>
+
+-config SPECTRE_BHI_ON
+- bool "on"
+- help
+- Equivalent to setting spectre_bhi=on command line parameter.
+-config SPECTRE_BHI_OFF
+- bool "off"
+- help
+- Equivalent to setting spectre_bhi=off command line parameter.
+-
+-endchoice
+-
+ endif
+
+ config ARCH_HAS_ADD_PAGES
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -1605,7 +1605,7 @@ enum bhi_mitigations {
+ };
+
+ static enum bhi_mitigations bhi_mitigation __ro_after_init =
+- IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : BHI_MITIGATION_OFF;
++ IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ? BHI_MITIGATION_ON : BHI_MITIGATION_OFF;
+
+ static int __init spectre_bhi_parse_cmdline(char *str)
+ {
+++ /dev/null
-From acaa4b5c4c854b5009f4d4a5395b2609ad0f4937 Mon Sep 17 00:00:00 2001
-From: Kim Phillips <kim.phillips@amd.com>
-Date: Thu, 25 Jan 2024 22:11:02 -0600
-Subject: x86/speculation: Do not enable Automatic IBRS if SEV-SNP is enabled
-
-From: Kim Phillips <kim.phillips@amd.com>
-
-commit acaa4b5c4c854b5009f4d4a5395b2609ad0f4937 upstream.
-
-Without SEV-SNP, Automatic IBRS protects only the kernel. But when
-SEV-SNP is enabled, the Automatic IBRS protection umbrella widens to all
-host-side code, including userspace. This protection comes at a cost:
-reduced userspace indirect branch performance.
-
-To avoid this performance loss, don't use Automatic IBRS on SEV-SNP
-hosts and all back to retpolines instead.
-
- [ mdr: squash in changes from review discussion. ]
-
-Signed-off-by: Kim Phillips <kim.phillips@amd.com>
-Signed-off-by: Michael Roth <michael.roth@amd.com>
-Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
-Acked-by: Dave Hansen <dave.hansen@intel.com>
-Link: https://lore.kernel.org/r/20240126041126.1927228-3-michael.roth@amd.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/x86/kernel/cpu/common.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -1256,8 +1256,13 @@ static void __init cpu_set_bug_bits(stru
- /*
- * AMD's AutoIBRS is equivalent to Intel's eIBRS - use the Intel feature
- * flag and protect from vendor-specific bugs via the whitelist.
-+ *
-+ * Don't use AutoIBRS when SNP is enabled because it degrades host
-+ * userspace indirect branch performance.
- */
-- if ((ia32_cap & ARCH_CAP_IBRS_ALL) || cpu_has(c, X86_FEATURE_AUTOIBRS)) {
-+ if ((ia32_cap & ARCH_CAP_IBRS_ALL) ||
-+ (cpu_has(c, X86_FEATURE_AUTOIBRS) &&
-+ !cpu_feature_enabled(X86_FEATURE_SEV_SNP))) {
- setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
- if (!cpu_matches(cpu_vuln_whitelist, NO_EIBRS_PBRSB) &&
- !(ia32_cap & ARCH_CAP_PBRSB_NO))
projects / thirdparty / kernel / stable-queue.git / commitdiff
