From: Greg Kroah-Hartman Date: Mon, 25 Jul 2022 09:35:27 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v4.9.325~47 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d10da5c057b7a9915ae7180bd9d031d160cae62c;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch --- diff --git a/queue-5.10/series b/queue-5.10/series index 54051155cd1..c6145d4ef37 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -79,3 +79,4 @@ kvm-don-t-null-dereference-ops-destroy.patch mm-mempolicy-fix-uninit-value-in-mpol_rebind_policy.patch bpf-make-sure-mac_header-was-set-before-using-it.patch sched-deadline-fix-bug_on-condition-for-deboosted-tasks.patch +x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch diff --git a/queue-5.10/x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch b/queue-5.10/x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch new file mode 100644 index 00000000000..2ef5f9906ee --- /dev/null +++ b/queue-5.10/x86-bugs-warn-when-ibrs-mitigation-is-selected-on-enhanced-ibrs-parts.patch @@ -0,0 +1,46 @@ +From eb23b5ef9131e6d65011de349a4d25ef1b3d4314 Mon Sep 17 00:00:00 2001 +From: Pawan Gupta +Date: Thu, 14 Jul 2022 16:15:35 -0700 +Subject: x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts + +From: Pawan Gupta + +commit eb23b5ef9131e6d65011de349a4d25ef1b3d4314 upstream. + +IBRS mitigation for spectre_v2 forces write to MSR_IA32_SPEC_CTRL at +every kernel entry/exit. On Enhanced IBRS parts setting +MSR_IA32_SPEC_CTRL[IBRS] only once at boot is sufficient. MSR writes at +every kernel entry/exit incur unnecessary performance loss. + +When Enhanced IBRS feature is present, print a warning about this +unnecessary performance loss. + +Signed-off-by: Pawan Gupta +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Thadeu Lima de Souza Cascardo +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/2a5eaf54583c2bfe0edc4fea64006656256cca17.1657814857.git.pawan.kumar.gupta@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/bugs.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -931,6 +931,7 @@ static inline const char *spectre_v2_mod + #define SPECTRE_V2_LFENCE_MSG "WARNING: LFENCE mitigation is not recommended for this CPU, data leaks possible!\n" + #define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n" + #define SPECTRE_V2_EIBRS_LFENCE_EBPF_SMT_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS+LFENCE mitigation and SMT, data leaks possible via Spectre v2 BHB attacks!\n" ++#define SPECTRE_V2_IBRS_PERF_MSG "WARNING: IBRS mitigation selected on Enhanced IBRS CPU, this may cause unnecessary performance loss\n" + + #ifdef CONFIG_BPF_SYSCALL + void unpriv_ebpf_notify(int new_state) +@@ -1371,6 +1372,8 @@ static void __init spectre_v2_select_mit + + case SPECTRE_V2_IBRS: + setup_force_cpu_cap(X86_FEATURE_KERNEL_IBRS); ++ if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) ++ pr_warn(SPECTRE_V2_IBRS_PERF_MSG); + break; + + case SPECTRE_V2_LFENCE: