[ Sasha's backport helper bot ]
Hi,
Summary of potential issues:
ℹ️ Patch is missing in 6.6.y (ignore if backport was sent)
The upstream commit SHA1 provided is correct: 318e8c339c9a0891c389298bb328ed0762a9935e
Status in newer kernel trees:
6.13.y | Present (different SHA1: 0bdda736ef7f)
6.12.y | Present (different SHA1: eea6d16f56e9)
6.6.y | Not found
Note: The patch differs from the upstream commit:
---
1: 318e8c339c9a0 ! 1: e509c2d77c608 x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
@@ Metadata
## Commit message ##
x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
+ commit 318e8c339c9a0891c389298bb328ed0762a9935e upstream.
+
In [1] the meaning of the synthetic IBPB flags has been redefined for a
better separation of concerns:
- ENTRY_IBPB -- issue IBPB on entry only
@@ Commit message
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
## arch/x86/Kconfig ##
-@@ arch/x86/Kconfig: config MITIGATION_IBPB_ENTRY
+@@ arch/x86/Kconfig: config CPU_IBPB_ENTRY
depends on CPU_SUP_AMD && X86_64
default y
help
@@ arch/x86/Kconfig: config MITIGATION_IBPB_ENTRY
+ Compile the kernel with support for the retbleed=ibpb and
+ spec_rstack_overflow={ibpb,ibpb-vmexit} mitigations.
- config MITIGATION_IBRS_ENTRY
+ config CPU_IBRS_ENTRY
bool "Enable IBRS on kernel entry"
## arch/x86/kernel/cpu/bugs.c ##
@@ arch/x86/kernel/cpu/bugs.c: static void __init retbleed_select_mitigation(void)
setup_clear_cpu_cap(X86_FEATURE_UNRET);
setup_clear_cpu_cap(X86_FEATURE_RETHUNK);
-- setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
- mitigate_smt = true;
-
/*
* There is no need for RSB filling: entry_ibpb() ensures
* all predictions, including the RSB, are invalidated,
@@ arch/x86/kernel/cpu/bugs.c: static void __init srso_select_mitigation(void)
- if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
+ if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
if (has_microcode) {
setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
+ setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
@@ arch/x86/kernel/cpu/bugs.c: static void __init srso_select_mitigation(void)
+ setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT);
}
} else {
- pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
+ pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
@@ arch/x86/kernel/cpu/bugs.c: static void __init srso_select_mitigation(void)
+ break;
- ibpb_on_vmexit:
case SRSO_CMD_IBPB_ON_VMEXIT:
-- if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) {
+- if (IS_ENABLED(CONFIG_CPU_SRSO)) {
- if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) {
-+ if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
++ if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
+ if (has_microcode) {
setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT;
@@ arch/x86/kernel/cpu/bugs.c: static void __init srso_select_mitigation(void)
setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT);
}
} else {
-- pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
+- pr_err("WARNING: kernel not compiled with CPU_SRSO.\n");
++ pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
+ goto pred_cmd;
- }
-+ pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
+ }
break;
+
default:
- break;
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
