From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ben Hutchings <ben@decadent.org.uk>,
Borislav Petkov <bp@suse.de>
Subject: [PATCH 5.15 01/30] x86/speculation: Make all RETbleed mitigations 64-bit only
Date: Tue, 9 Aug 2022 20:00:26 +0200 [thread overview]
Message-ID: <20220809175514.322531397@linuxfoundation.org> (raw)
In-Reply-To: <20220809175514.276643253@linuxfoundation.org>
From: Ben Hutchings <ben@decadent.org.uk>
commit b648ab487f31bc4c38941bc770ea97fe394304bb upstream.
The mitigations for RETBleed are currently ineffective on x86_32 since
entry_32.S does not use the required macros. However, for an x86_32
target, the kconfig symbols for them are still enabled by default and
/sys/devices/system/cpu/vulnerabilities/retbleed will wrongly report
that mitigations are in place.
Make all of these symbols depend on X86_64, and only enable RETHUNK by
default on X86_64.
Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/YtwSR3NNsWp1ohfV@decadent.org.uk
[bwh: Backported to 5.10/5.15/5.18: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/Kconfig | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2427,7 +2427,7 @@ config RETPOLINE
config RETHUNK
bool "Enable return-thunks"
depends on RETPOLINE && CC_HAS_RETURN_THUNK
- default y
+ default y if X86_64
help
Compile the kernel with the return-thunks compiler option to guard
against kernel-to-user data leaks by avoiding return speculation.
@@ -2436,21 +2436,21 @@ config RETHUNK
config CPU_UNRET_ENTRY
bool "Enable UNRET on kernel entry"
- depends on CPU_SUP_AMD && RETHUNK
+ depends on CPU_SUP_AMD && RETHUNK && X86_64
default y
help
Compile the kernel with support for the retbleed=unret mitigation.
config CPU_IBPB_ENTRY
bool "Enable IBPB on kernel entry"
- depends on CPU_SUP_AMD
+ depends on CPU_SUP_AMD && X86_64
default y
help
Compile the kernel with support for the retbleed=ibpb mitigation.
config CPU_IBRS_ENTRY
bool "Enable IBRS on kernel entry"
- depends on CPU_SUP_INTEL
+ depends on CPU_SUP_INTEL && X86_64
default y
help
Compile the kernel with support for the spectre_v2=ibrs mitigation.
next prev parent reply other threads:[~2022-08-09 18:12 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-09 18:00 [PATCH 5.15 00/30] 5.15.60-rc1 review Greg Kroah-Hartman
2022-08-09 18:00 ` Greg Kroah-Hartman [this message]
2022-08-09 18:00 ` [PATCH 5.15 02/30] selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 03/30] selftests/bpf: Check dst_port only on the client socket Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 04/30] block: fix default IO priority handling again Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 05/30] tools/vm/slabinfo: Handle files in debugfs Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 06/30] ACPI: video: Force backlight native for some TongFang devices Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 07/30] ACPI: video: Shortening quirk list by identifying Clevo by board_name only Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 08/30] ACPI: APEI: Better fix to avoid spamming the console with old error logs Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 09/30] crypto: arm64/poly1305 - fix a read out-of-bound Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 10/30] KVM: x86: do not report a vCPU as preempted outside instruction boundaries Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 11/30] KVM: x86: do not set st->preempted when going back to user space Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 12/30] KVM: selftests: Make hyperv_clock selftest more stable Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 13/30] tools/kvm_stat: fix display of error when multiple processes are found Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 14/30] selftests: KVM: Handle compiler optimizations in ucall Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 15/30] KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 16/30] arm64: set UXN on swapper page tables Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 17/30] btrfs: zoned: prevent allocation from previous data relocation BG Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 18/30] btrfs: zoned: fix critical section of relocation inode writeback Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 19/30] Bluetooth: hci_bcm: Add BCM4349B1 variant Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 20/30] Bluetooth: hci_bcm: Add DT compatible for CYW55572 Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 21/30] dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 22/30] Bluetooth: btusb: Add support of IMC Networks PID 0x3568 Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 23/30] Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 24/30] Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 25/30] Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 26/30] Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 27/30] Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 28/30] macintosh/adb: fix oob read in do_adb_query() function Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 29/30] x86/speculation: Add RSB VM Exit protections Greg Kroah-Hartman
2022-08-09 18:00 ` [PATCH 5.15 30/30] x86/speculation: Add LFENCE to RSB fill sequence Greg Kroah-Hartman
2022-08-09 21:21 ` [PATCH 5.15 00/30] 5.15.60-rc1 review Florian Fainelli
2022-08-10 4:19 ` Bagas Sanjaya
2022-08-10 8:08 ` Naresh Kamboju
2022-08-10 13:24 ` Sudip Mukherjee (Codethink)
2022-08-10 13:32 ` Guenter Roeck
2022-08-10 14:25 ` Jon Hunter
2022-08-10 14:34 ` Shuah Khan
2022-08-10 21:58 ` Ron Economos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220809175514.322531397@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ben@decadent.org.uk \
--cc=bp@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.