This is a note to let you know that I've just added the patch titled
x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
to the 5.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86-bugs-do-not-enable-ibpb-on-entry-when-ibpb-is-not-supported.patch
and it can be found in the queue-5.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Tue Jul 12 05:03:58 PM CEST 2022
From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
Date: Thu, 7 Jul 2022 13:41:52 -0300
Subject: x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
From: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
commit 2259da159fbe5dba8ac00b560cf00b6a6537fa18 upstream.
There are some VM configurations which have Skylake model but do not
support IBPB. In those cases, when using retbleed=ibpb, userspace is going
to be killed and kernel is going to panic.
If the CPU does not support IBPB, warn and proceed with the auto option. Also,
do not fallback to IBPB on AMD/Hygon systems if it is not supported.
Fixes: 3ebc17006888 ("x86/bugs: Add retbleed=ibpb")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
Signed-off-by: Borislav Petkov <bp@xxxxxxx>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -858,7 +858,10 @@ static void __init retbleed_select_mitig
break;
case RETBLEED_CMD_IBPB:
- if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
+ if (!boot_cpu_has(X86_FEATURE_IBPB)) {
+ pr_err("WARNING: CPU does not support IBPB.\n");
+ goto do_cmd_auto;
+ } else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
} else {
pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
@@ -873,7 +876,7 @@ do_cmd_auto:
boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) {
if (IS_ENABLED(CONFIG_CPU_UNRET_ENTRY))
retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
- else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY))
+ else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY) && boot_cpu_has(X86_FEATURE_IBPB))
retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
}
Patches currently in stable-queue which might be from cascardo@xxxxxxxxxxxxx are
queue-5.18/x86-sev-avoid-using-__x86_return_thunk.patch
queue-5.18/kvm-vmx-prevent-rsb-underflow-before-vmenter.patch
queue-5.18/x86-ftrace-use-alternative-ret-encoding.patch
queue-5.18/objtool-re-add-unwind_hint_-save_restore.patch
queue-5.18/x86-bugs-add-retbleed-ibpb.patch
queue-5.18/x86-kexec-disable-ret-on-kexec.patch
queue-5.18/x86-bugs-enable-stibp-for-jmp2ret.patch
queue-5.18/x86-retpoline-cleanup-some-ifdefery.patch
queue-5.18/x86-speculation-disable-rrsba-behavior.patch
queue-5.18/kvm-vmx-flatten-__vmx_vcpu_run.patch
queue-5.18/x86-kvm-vmx-make-noinstr-clean.patch
queue-5.18/x86-retbleed-add-fine-grained-kconfig-knobs.patch
queue-5.18/x86-cpu-amd-add-spectral-chicken.patch
queue-5.18/kvm-vmx-fix-ibrs-handling-after-vmexit.patch
queue-5.18/kvm-vmx-prevent-guest-rsb-poisoning-attacks-with-eibrs.patch
queue-5.18/x86-vsyscall_emu-64-don-t-use-ret-in-vsyscall-emulation.patch
queue-5.18/objtool-skip-non-text-sections-when-adding-return-thunk-sites.patch
queue-5.18/x86-bugs-do-ibpb-fallback-check-only-once.patch
queue-5.18/x86-add-magic-amd-return-thunk.patch
queue-5.18/x86-bugs-keep-a-per-cpu-ia32_spec_ctrl-value.patch
queue-5.18/x86-objtool-create-.return_sites.patch
queue-5.18/x86-kvm-fix-setcc-emulation-for-return-thunks.patch
queue-5.18/x86-cpu-amd-enumerate-btc_no.patch
queue-5.18/x86-entry-move-push_and_clear_regs-out-of-error_entry.patch
queue-5.18/x86-retpoline-swizzle-retpoline-thunk.patch
queue-5.18/x86-entry-switch-the-stack-after-error_entry-returns.patch
queue-5.18/x86-speculation-fix-firmware-entry-spec_ctrl-handling.patch
queue-5.18/x86-speculation-add-spectre_v2-ibrs-option-to-support-kernel-ibrs.patch
queue-5.18/x86-xen-add-untrain_ret.patch
queue-5.18/x86-undo-return-thunk-damage.patch
queue-5.18/x86-speculation-remove-x86_spec_ctrl_mask.patch
queue-5.18/x86-entry-avoid-very-early-ret.patch
queue-5.18/x86-bugs-add-cannon-lake-to-retbleed-affected-cpu-list.patch
queue-5.18/x86-entry-move-push_and_clear_regs-back-into-error_entry.patch
queue-5.18/x86-speculation-fill-rsb-on-vmexit-for-ibrs.patch
queue-5.18/objtool-add-entry-unret-validation.patch
queue-5.18/kvm-vmx-convert-launched-argument-to-flags.patch
queue-5.18/x86-bpf-use-alternative-ret-encoding.patch
queue-5.18/x86-common-stamp-out-the-stepping-madness.patch
queue-5.18/x86-bugs-split-spectre_v2_select_mitigation-and-spectre_v2_user_select_mitigation.patch
queue-5.18/x86-entry-don-t-call-error_entry-for-xenpv.patch
queue-5.18/x86-bugs-report-intel-retbleed-vulnerability.patch
queue-5.18/x86-cpufeatures-move-retpoline-flags-to-word-11.patch
queue-5.18/x86-speculation-fix-spec_ctrl-write-on-smt-state-change.patch
queue-5.18/x86-retpoline-use-mfunction-return.patch
queue-5.18/x86-xen-rename-sys-entry-points.patch
queue-5.18/x86-bugs-optimize-spec_ctrl-msr-writes.patch
queue-5.18/x86-traps-use-pt_regs-directly-in-fixup_bad_iret.patch
queue-5.18/x86-bugs-do-not-enable-ibpb-on-entry-when-ibpb-is-not-supported.patch
queue-5.18/x86-bugs-report-amd-retbleed-vulnerability.patch
queue-5.18/x86-static_call-use-alternative-ret-encoding.patch
queue-5.18/x86-speculation-fix-rsb-filling-with-config_retpoline-n.patch
queue-5.18/x86-use-return-thunk-in-asm-code.patch
queue-5.18/intel_idle-disable-ibrs-during-long-idle.patch
queue-5.18/x86-entry-remove-skip_r11rcx.patch
queue-5.18/x86-speculation-use-cached-host-spec_ctrl-value-for-guest-entry-exit.patch
queue-5.18/x86-bugs-add-amd-retbleed-boot-parameter.patch
queue-5.18/x86-entry-add-kernel-ibrs-implementation.patch
queue-5.18/objtool-treat-.text.__x86.-as-noinstr.patch
queue-5.18/objtool-update-retpoline-validation.patch
