From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Date: Thu, 7 Jul 2022 13:41:52 -0300
Subject: [PATCH] x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
Patch-mainline: Queued in tip for 5.19
Git-commit: 31b74c1dfb6cb530920fdcd047614e2b5eb72f74
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git
References: bsc#1199657 CVE-2022-29900 CVE-2022-29901

There are some VM configurations which have Skylake model but do not
support IBPB. In those cases, when using retbleed=ibpb, userspace is going
to be killed and kernel is going to panic.

If the CPU does not support IBPB, warn and proceed with the auto option. Also,
do not fallback to IBPB on AMD/Hygon systems if it is not supported.

Fixes: 3ebc17006888 ("x86/bugs: Add retbleed=ibpb")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
---
 arch/x86/kernel/cpu/bugs.c |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -930,14 +930,21 @@ static void __init retbleed_select_mitig
 		break;
 
 	case RETBLEED_CMD_IBPB:
+		if (!boot_cpu_has(X86_FEATURE_IBPB)) {
+			pr_err("WARNING: CPU does not support IBPB.\n");
+			goto do_cmd_auto;
+		}
 		retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
 		break;
 
+do_cmd_auto:
 	case RETBLEED_CMD_AUTO:
 	default:
 		if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
 		    boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)
 			retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
+		else if (boot_cpu_has(X86_FEATURE_IBPB))
+			retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
 
 		/*
 		 * The Intel mitigation (IBRS or eIBRS) was already selected in