On Mon, Aug 08, 2022 at 09:17:02AM -0500, Kim Phillips wrote: > AMD's "Technical Guidance for Mitigating Branch Type Confusion, > Rev. 1.0 2022-07-12" whitepaper, under section 6.1.2 "IBPB On > Privileged Mode Entry / SMT Safety" says: > > "Similar to the Jmp2Ret mitigation, if the code on the sibling thread > cannot be trusted, software should set STIBP to 1 or disable SMT to > ensure SMT safety when using this mitigation." > > So, like already being done for retbleed=unret, the also for > retbleed=ibpb, force STIBP on machines that have it, and report > its SMT vulnerability status accordingly. > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 > Fixes: 3ebc17006888 ("x86/bugs: Add retbleed=ibpb") > Signed-off-by: Kim Phillips <kim.phillips@xxxxxxx> > --- > v3: "unret and ibpb mitigations" -> "UNRET and IBPB mitigations" (Mingo) > v2: Justify and explain STIBP's role with IBPB (Boris) > > .../admin-guide/kernel-parameters.txt | 20 ++++++++++++++----- > arch/x86/kernel/cpu/bugs.c | 10 ++++++---- > 2 files changed, 21 insertions(+), 9 deletions(-) Any specific reason you don't want this also backported to the stable kernel branches that have the other retbleed fixes in them? thanks, greg k-h
