]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ab77a4)
x86/bugs: Skip RSB fill at VMEXIT
authorJohannes Wikner <kwikner@ethz.ch>
Tue, 8 Oct 2024 10:36:30 +0000 (12:36 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 22 Oct 2024 13:39:26 +0000 (15:39 +0200)
commit 0fad2878642ec46225af2054564932745ac5c765 upstream.

entry_ibpb() is designed to follow Intel's IBPB specification regardless
of CPU. This includes invalidating RSB entries.

Hence, if IBPB on VMEXIT has been selected, entry_ibpb() as part of the
RET untraining in the VMEXIT path will take care of all BTB and RSB
clearing so there's no need to explicitly fill the RSB anymore.

  [ bp: Massage commit message. ]

Suggested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Johannes Wikner <kwikner@ethz.ch>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/x86/kernel/cpu/bugs.c patch | blob | blame | history

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index d6e14190cf80d54db512483b4b6a1e3cde69383e..23f884a5d12c803f8bf8b8b725fc9138d4a8c438 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1062,6 +1062,14 @@ do_cmd_auto:
        case RETBLEED_MITIGATION_IBPB:
                setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
                mitigate_smt = true;
+
+               /*
+                * There is no need for RSB filling: entry_ibpb() ensures
+                * all predictions, including the RSB, are invalidated,
+                * regardless of IBPB implementation.
+                */
+               setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT);
+
                break;
 
        default:
@@ -2465,6 +2473,13 @@ static void __init srso_select_mitigation(void)
                        if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) {
                                setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
                                srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT;
+
+                               /*
+                                * There is no need for RSB filling: entry_ibpb() ensures
+                                * all predictions, including the RSB, are invalidated,
+                                * regardless of IBPB implementation.
+                                */
+                               setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT);
                        }
                } else {
                        pr_err("WARNING: kernel not compiled with CPU_SRSO.\n");
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git