5.10-stable patches

added patches:
	x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch

diff --git a/queue-5.10/series b/queue-5.10/series
index 54051155cd1b2922024d7b567c0f3f74b9930e27..c6145d4ef37445d85be8eb13186a10c411aa71e1 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -79,3 +79,4 @@ kvm-don-t-null-dereference-ops-destroy.patch
 mm-mempolicy-fix-uninit-value-in-mpol_rebind_policy.patch
 bpf-make-sure-mac_header-was-set-before-using-it.patch
 sched-deadline-fix-bug_on-condition-for-deboosted-tasks.patch
+x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch

diff --git a/queue-5.10/x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch b/queue-5.10/x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch
new file mode 100644 (file)
index 0000000..2ef5f99
--- /dev/null
+++ b/queue-5.10/x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch
@@ -0,0 +1,46 @@
+From eb23b5ef9131e6d65011de349a4d25ef1b3d4314 Mon Sep 17 00:00:00 2001
+From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
+Date: Thu, 14 Jul 2022 16:15:35 -0700
+Subject: x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
+
+From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
+
+commit eb23b5ef9131e6d65011de349a4d25ef1b3d4314 upstream.
+
+IBRS mitigation for spectre_v2 forces write to MSR_IA32_SPEC_CTRL at
+every kernel entry/exit. On Enhanced IBRS parts setting
+MSR_IA32_SPEC_CTRL[IBRS] only once at boot is sufficient. MSR writes at
+every kernel entry/exit incur unnecessary performance loss.
+
+When Enhanced IBRS feature is present, print a warning about this
+unnecessary performance loss.
+
+Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Reviewed-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/2a5eaf54583c2bfe0edc4fea64006656256cca17.1657814857.git.pawan.kumar.gupta@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/cpu/bugs.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -931,6 +931,7 @@ static inline const char *spectre_v2_mod
+ #define SPECTRE_V2_LFENCE_MSG "WARNING: LFENCE mitigation is not recommended for this CPU, data leaks possible!\n"
+ #define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n"
+ #define SPECTRE_V2_EIBRS_LFENCE_EBPF_SMT_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS+LFENCE mitigation and SMT, data leaks possible via Spectre v2 BHB attacks!\n"
++#define SPECTRE_V2_IBRS_PERF_MSG "WARNING: IBRS mitigation selected on Enhanced IBRS CPU, this may cause unnecessary performance loss\n"
+ 
+ #ifdef CONFIG_BPF_SYSCALL
+ void unpriv_ebpf_notify(int new_state)
+@@ -1371,6 +1372,8 @@ static void __init spectre_v2_select_mit
+ 
+       case SPECTRE_V2_IBRS:
+               setup_force_cpu_cap(X86_FEATURE_KERNEL_IBRS);
++              if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED))
++                      pr_warn(SPECTRE_V2_IBRS_PERF_MSG);
+               break;
+ 
+       case SPECTRE_V2_LFENCE: