From: Ingo Molnar <mingo@kernel.org>
To: Borislav Petkov <bp@alien8.de>
Cc: Josh Poimboeuf <jpoimboe@kernel.org>,
x86@kernel.org, linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Babu Moger <babu.moger@amd.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
David.Kaplan@amd.com, Andrew Cooper <andrew.cooper3@citrix.com>,
Nikolay Borisov <nik.borisov@suse.com>,
gregkh@linuxfoundation.org, Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH v3 00/20] SRSO fixes/cleanups
Date: Tue, 5 Sep 2023 12:02:41 +0200 [thread overview]
Message-ID: <ZPb8we3RAespXmXI@gmail.com> (raw)
In-Reply-To: <20230905063550.GAZPbMRuLizPxmRuHF@fat_crate.local>
* Borislav Petkov <bp@alien8.de> wrote:
> On Mon, Sep 04, 2023 at 10:04:44PM -0700, Josh Poimboeuf wrote:
> > v3:
> > - drop kvm patches (to be picked up by Sean)
> > - fix "no microcode, no microcode" printk
> > - fix "Safe Ret" capitalization in documentation
> > - fix chopped line in commit log
> > - drop "x86/srso: Remove redundant X86_FEATURE_ENTRY_IBPB check" patch
> >
> > Josh Poimboeuf (20):
> > x86/srso: Fix srso_show_state() side effect
> > x86/srso: Set CPUID feature bits independently of bug or mitigation
> > status
> > x86/srso: Don't probe microcode in a guest
> > x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
> > x86/srso: Fix SBPB enablement for (possible) future fixed HW
> > x86/srso: Print actual mitigation if requested mitigation isn't
> > possible
> > x86/srso: Print mitigation for retbleed IBPB case
> > x86/srso: Fix vulnerability reporting for missing microcode
> > x86/srso: Fix unret validation dependencies
> > x86/alternatives: Remove faulty optimization
> > x86/srso: Improve i-cache locality for alias mitigation
> > x86/srso: Unexport untraining functions
> > x86/srso: Remove 'pred_cmd' label
> > x86/bugs: Remove default case for fully switched enums
> > x86/srso: Move retbleed IBPB check into existing 'has_microcode' code
> > block
> > x86/srso: Disentangle rethunk-dependent options
> > x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros
> > x86/retpoline: Remove .text..__x86.return_thunk section
> > x86/nospec: Refactor UNTRAIN_RET[_*]
> > x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk()
> >
> > Documentation/admin-guide/hw-vuln/srso.rst | 24 ++-
> > arch/x86/include/asm/nospec-branch.h | 69 ++++-----
> > arch/x86/include/asm/processor.h | 2 -
> > arch/x86/kernel/alternative.c | 8 -
> > arch/x86/kernel/cpu/amd.c | 28 ++--
> > arch/x86/kernel/cpu/bugs.c | 102 ++++++------
> > arch/x86/kernel/vmlinux.lds.S | 10 +-
> > arch/x86/lib/retpoline.S | 171 +++++++++++----------
> > include/linux/objtool.h | 3 +-
> > scripts/Makefile.vmlinux_o | 3 +-
> > 10 files changed, 201 insertions(+), 219 deletions(-)
>
> They all look good to me, thanks!
>
> Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
I've applied them to tip:x86/bugs, thanks guys!
Below is the delta diff from v2 to v3.
Thanks,
Ingo
diff --git a/Documentation/admin-guide/hw-vuln/srso.rst b/Documentation/admin-guide/hw-vuln/srso.rst
index 4516719e00b5..e715bfc09879 100644
--- a/Documentation/admin-guide/hw-vuln/srso.rst
+++ b/Documentation/admin-guide/hw-vuln/srso.rst
@@ -57,7 +57,7 @@ The possible values in this file are:
* 'Vulnerable: Safe RET, no microcode':
- The "Safe Ret" mitigation (see below) has been applied to protect the
+ The "Safe RET" mitigation (see below) has been applied to protect the
kernel, but the IBPB-extending microcode has not been applied. User
space tasks may still be vulnerable.
@@ -139,7 +139,7 @@ an indrect branch prediction barrier after having applied the required
microcode patch for one's system. This mitigation comes also at
a performance cost.
-Mitigation: safe RET
+Mitigation: Safe RET
--------------------
The mitigation works by ensuring all RET instructions speculate to
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index d538043c776d..016a32613259 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2494,7 +2494,7 @@ static void __init srso_select_mitigation(void)
case SRSO_CMD_IBPB_ON_VMEXIT:
if (IS_ENABLED(CONFIG_CPU_SRSO)) {
- if (has_microcode) {
+ if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) {
setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT;
}
@@ -2505,7 +2505,7 @@ static void __init srso_select_mitigation(void)
}
out:
- pr_info("%s%s\n", srso_strings[srso_mitigation], has_microcode ? "" : ", no microcode");
+ pr_info("%s\n", srso_strings[srso_mitigation]);
}
#undef pr_fmt
prev parent reply other threads:[~2023-09-05 16:18 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-05 5:04 [PATCH v3 00/20] SRSO fixes/cleanups Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 01/20] x86/srso: Fix srso_show_state() side effect Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:45 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 02/20] x86/srso: Set CPUID feature bits independently of bug or mitigation status Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:45 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 03/20] x86/srso: Don't probe microcode in a guest Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:45 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 04/20] x86/srso: Fix SBPB enablement for spec_rstack_overflow=off Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:45 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 05/20] x86/srso: Fix SBPB enablement for (possible) future fixed HW Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 06/20] x86/srso: Print actual mitigation if requested mitigation isn't possible Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 07/20] x86/srso: Print mitigation for retbleed IBPB case Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 08/20] x86/srso: Fix vulnerability reporting for missing microcode Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 09/20] x86/srso: Fix unret validation dependencies Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 10/20] x86/alternatives: Remove faulty optimization Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 11/20] x86/srso: Improve i-cache locality for alias mitigation Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 12/20] x86/srso: Unexport untraining functions Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 13/20] x86/srso: Remove 'pred_cmd' label Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 14/20] x86/bugs: Remove default case for fully switched enums Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:04 ` [PATCH v3 15/20] x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:05 ` [PATCH v3 16/20] x86/srso: Disentangle rethunk-dependent options Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:05 ` [PATCH v3 17/20] x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:05 ` [PATCH v3 18/20] x86/retpoline: Remove .text..__x86.return_thunk section Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:05 ` [PATCH v3 19/20] x86/nospec: Refactor UNTRAIN_RET[_*] Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 5:05 ` [PATCH v3 20/20] x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() Josh Poimboeuf
2023-09-05 10:09 ` [tip: x86/bugs] " tip-bot2 for Josh Poimboeuf
2023-09-19 9:53 ` tip-bot2 for Josh Poimboeuf
2023-09-23 12:20 ` tip-bot2 for Josh Poimboeuf
2023-10-20 11:37 ` tip-bot2 for Josh Poimboeuf
2023-09-05 6:35 ` [PATCH v3 00/20] SRSO fixes/cleanups Borislav Petkov
2023-09-05 10:02 ` Ingo Molnar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZPb8we3RAespXmXI@gmail.com \
--to=mingo@kernel.org \
--cc=David.Kaplan@amd.com \
--cc=andrew.cooper3@citrix.com \
--cc=babu.moger@amd.com \
--cc=bp@alien8.de \
--cc=gregkh@linuxfoundation.org \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nik.borisov@suse.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.