x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also

After a recent restructuring of the ITS mitigation, RSB stuffing can no longer
be enabled in eIBRS+Retpoline mode. Before ITS, retbleed mitigation only
allowed stuffing when eIBRS was not enabled. This was perfectly fine since
eIBRS mitigates retbleed.

However, RSB stuffing mitigation for ITS is still needed with eIBRS. The
restructuring solely relies on retbleed to deploy stuffing, and does not allow
it when eIBRS is enabled. This behavior is different from what was before the
restructuring. Fix it by allowing stuffing in eIBRS+retpoline mode also.

Fixes: 61ab72c2c6bf ("x86/bugs: Restructure ITS mitigation")
Closes: https://lore.kernel.org/lkml/20250519235101.2vm6sc5txyoykb2r@desk/
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250611-eibrs-fix-v4-7-5ff86cac6c61@linux.intel.com

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 31f3db0a514ea3d6e2513c0f6e072b84e0117f08..bdef2c9aa1b8b85a8e0ee7c959ea7afde81d443e 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1126,7 +1126,8 @@ static inline bool cdt_possible(enum spectre_v2_mitigation mode)
            !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE))
                return false;
 
-       if (mode == SPECTRE_V2_RETPOLINE)
+       if (mode == SPECTRE_V2_RETPOLINE ||
+           mode == SPECTRE_V2_EIBRS_RETPOLINE)
                return true;
 
        return false;
@@ -1281,7 +1282,7 @@ static void __init retbleed_update_mitigation(void)
 
        if (retbleed_mitigation == RETBLEED_MITIGATION_STUFF &&
            !cdt_possible(spectre_v2_enabled)) {
-               pr_err("WARNING: retbleed=stuff depends on spectre_v2=retpoline\n");
+               pr_err("WARNING: retbleed=stuff depends on retpoline\n");
                retbleed_mitigation = RETBLEED_MITIGATION_NONE;
        }
 
@@ -1454,6 +1455,7 @@ static void __init its_update_mitigation(void)
                its_mitigation = ITS_MITIGATION_OFF;
                break;
        case SPECTRE_V2_RETPOLINE:
+       case SPECTRE_V2_EIBRS_RETPOLINE:
                /* Retpoline+CDT mitigates ITS */
                if (retbleed_mitigation == RETBLEED_MITIGATION_STUFF)
                        its_mitigation = ITS_MITIGATION_RETPOLINE_STUFF;