kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   888eddd4fd1e487559f6a6cf1b44bfe17b8ae897
  2.   patches.suse
  3.   x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch
Blob History Raw
Borislav Petkov 8e5641 
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Borislav Petkov 8e5641 
Date: Thu, 7 Jul 2022 13:41:52 -0300
Borislav Petkov 8e5641 
Subject: [PATCH] x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
Borislav Petkov d06c64 
Patch-mainline: v5.19-rc4
Borislav Petkov d06c64 
Git-commit: 2259da159fbe5dba8ac00b560cf00b6a6537fa18
Borislav Petkov 8e5641 
References: bsc#1199657 CVE-2022-29900 CVE-2022-29901
Borislav Petkov 8e5641
Borislav Petkov 8e5641 
There are some VM configurations which have Skylake model but do not
Borislav Petkov 8e5641 
support IBPB. In those cases, when using retbleed=ibpb, userspace is going
Borislav Petkov 8e5641 
to be killed and kernel is going to panic.
Borislav Petkov 8e5641
Borislav Petkov 8e5641 
If the CPU does not support IBPB, warn and proceed with the auto option. Also,
Borislav Petkov 8e5641 
do not fallback to IBPB on AMD/Hygon systems if it is not supported.
Borislav Petkov 8e5641
Borislav Petkov 8e5641 
Fixes: 3ebc17006888 ("x86/bugs: Add retbleed=ibpb")
Borislav Petkov 8e5641 
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Borislav Petkov 7e3175
Borislav Petkov 7e3175 
  [ bp: The fallback to IBPB when RETBLEED_CMD_AUTO doesn't make sense for our
Borislav Petkov 7e3175 
    trees because upstream has fine-grained config options which we didn't
Borislav Petkov 7e3175 
    backport. ]
Borislav Petkov 7e3175
Borislav Petkov 8e5641 
Signed-off-by: Borislav Petkov <bp@suse.de>
Borislav Petkov 8e5641 
---
Borislav Petkov 7e3175 
 arch/x86/kernel/cpu/bugs.c |    5 +++++
Borislav Petkov 7e3175 
 1 file changed, 5 insertions(+)
Borislav Petkov 8e5641
Borislav Petkov 8e5641 
--- a/arch/x86/kernel/cpu/bugs.c
Borislav Petkov 8e5641 
+++ b/arch/x86/kernel/cpu/bugs.c
Borislav Petkov 7e3175 
@@ -930,9 +930,14 @@ static void __init retbleed_select_mitig
Borislav Petkov 8e5641 
 		break;
Borislav Petkov 8e5641
Borislav Petkov 8e5641 
 	case RETBLEED_CMD_IBPB:
Borislav Petkov 8e5641 
+		if (!boot_cpu_has(X86_FEATURE_IBPB)) {
Borislav Petkov 8e5641 
+			pr_err("WARNING: CPU does not support IBPB.\n");
Borislav Petkov 8e5641 
+			goto do_cmd_auto;
Borislav Petkov 8e5641 
+		}
Borislav Petkov 8e5641 
 		retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
Borislav Petkov 8e5641 
 		break;
Borislav Petkov 8e5641
Borislav Petkov 8e5641 
+do_cmd_auto:
Borislav Petkov 8e5641 
 	case RETBLEED_CMD_AUTO:
Borislav Petkov 8e5641 
 	default:
Borislav Petkov 8e5641 
 		if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.