From: Peter Zijlstra <peterz@infradead.org>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, peterz@infradead.org,
David.Kaplan@amd.com, Andrew.Cooper3@citrix.com,
jpoimboe@kernel.org, gregkh@linuxfoundation.org
Subject: [RFC][PATCH 08/17] x86/cpu: Add IBPB on VMEXIT to retbleed=
Date: Wed, 09 Aug 2023 09:12:26 +0200 [thread overview]
Message-ID: <20230809072200.990061113@infradead.org> (raw)
In-Reply-To: 20230809071218.000335006@infradead.org
Since IBPB-on-VMEXIT is an obvious variant of retbleed=ibpb, add it as
an such.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
arch/x86/kernel/cpu/bugs.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -751,6 +751,7 @@ enum retbleed_mitigation {
RETBLEED_MITIGATION_UNRET_SRSO,
RETBLEED_MITIGATION_UNRET_SRSO_ALIAS,
RETBLEED_MITIGATION_IBPB,
+ RETBLEED_MITIGATION_IBPB_VMEXIT,
RETBLEED_MITIGATION_IBRS,
RETBLEED_MITIGATION_EIBRS,
RETBLEED_MITIGATION_STUFF,
@@ -763,6 +764,7 @@ enum retbleed_mitigation_cmd {
RETBLEED_CMD_UNRET_SRSO,
RETBLEED_CMD_UNRET_SRSO_ALIAS,
RETBLEED_CMD_IBPB,
+ RETBLEED_CMD_IBPB_VMEXIT,
RETBLEED_CMD_STUFF,
};
@@ -772,6 +774,7 @@ static const char * const retbleed_strin
[RETBLEED_MITIGATION_UNRET_SRSO] = "Mitigation: srso untrained return thunk",
[RETBLEED_MITIGATION_UNRET_SRSO_ALIAS] = "Mitigation: srso alias untrained return thunk",
[RETBLEED_MITIGATION_IBPB] = "Mitigation: IBPB",
+ [RETBLEED_MITIGATION_IBPB_VMEXIT] = "Mitigation: IBPB on VMEXIT only",
[RETBLEED_MITIGATION_IBRS] = "Mitigation: IBRS",
[RETBLEED_MITIGATION_EIBRS] = "Mitigation: Enhanced IBRS",
[RETBLEED_MITIGATION_STUFF] = "Mitigation: Stuffing",
@@ -808,6 +811,8 @@ static int __init retbleed_parse_cmdline
retbleed_cmd = RETBLEED_CMD_UNRET_SRSO_ALIAS;
} else if (!strcmp(str, "ibpb")) {
retbleed_cmd = RETBLEED_CMD_IBPB;
+ } else if (!strcmp(str, "ibpb_vmexit")) {
+ retbleed_cmd = RETBLEED_CMD_IBPB_VMEXIT;
} else if (!strcmp(str, "stuff")) {
retbleed_cmd = RETBLEED_CMD_STUFF;
} else if (!strcmp(str, "nosmt")) {
@@ -881,13 +886,17 @@ static void __init retbleed_select_mitig
break;
case RETBLEED_CMD_IBPB:
+ case RETBLEED_CMD_IBPB_VMEXIT:
if (!boot_cpu_has(X86_FEATURE_IBPB)) {
pr_err("WARNING: CPU does not support IBPB.\n");
goto do_cmd_auto;
} else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
if (boot_cpu_has_bug(X86_BUG_SRSO) && !has_microcode)
pr_err("IBPB-extending microcode not applied; SRSO NOT mitigated\n");
- retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
+ if (retbleed_cmd == RETBLEED_CMD_IBPB)
+ retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
+ if (retbleed_cmd == RETBLEED_CMD_IBPB_VMEXIT)
+ retbleed_mitigation = RETBLEED_MITIGATION_IBPB_VMEXIT;
} else {
pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
goto do_cmd_auto;
@@ -961,6 +970,12 @@ static void __init retbleed_select_mitig
case RETBLEED_MITIGATION_IBPB:
setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
+ setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
+ mitigate_smt = true;
+ break;
+
+ case RETBLEED_MITIGATION_IBPB_VMEXIT:
+ setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
mitigate_smt = true;
break;
next prev parent reply other threads:[~2023-08-09 7:27 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-09 7:12 [RFC][PATCH 00/17] Fix up the recent SRSO patches Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 01/17] x86/alternative: Unconditional custom return thunk Peter Zijlstra
2023-08-09 9:31 ` Nikolay Borisov
2023-08-10 11:37 ` Borislav Petkov
2023-08-09 7:12 ` [RFC][PATCH 02/17] x86/cpu: Clean up SRSO return thunk mess Peter Zijlstra
2023-08-09 15:45 ` Nikolay Borisov
2023-08-10 11:51 ` Borislav Petkov
2023-08-10 12:37 ` Peter Zijlstra
2023-08-10 12:56 ` Borislav Petkov
2023-08-10 13:22 ` Peter Zijlstra
2023-08-11 7:01 ` Peter Zijlstra
2023-08-11 17:00 ` Nick Desaulniers
2023-08-12 11:20 ` Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 03/17] x86/cpu: Make srso_untrain_ret consistent Peter Zijlstra
2023-08-10 12:00 ` Borislav Petkov
2023-08-09 7:12 ` [RFC][PATCH 04/17] objtool/x86: Fix SRSO mess Peter Zijlstra
2023-08-10 12:06 ` Borislav Petkov
2023-08-10 12:48 ` Peter Zijlstra
2023-08-10 12:50 ` Peter Zijlstra
2023-08-10 15:02 ` Borislav Petkov
2023-08-10 15:22 ` Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 05/17] x86/cpu: Cleanup the untrain mess Peter Zijlstra
2023-08-09 12:51 ` Josh Poimboeuf
2023-08-09 13:12 ` Peter Zijlstra
2023-08-09 13:26 ` Peter Zijlstra
2023-08-12 18:30 ` Borislav Petkov
2023-08-09 7:12 ` [RFC][PATCH 06/17] x86/cpu: Add SRSO untrain to retbleed= Peter Zijlstra
2023-08-09 13:42 ` Josh Poimboeuf
2023-08-09 14:06 ` Peter Zijlstra
2023-08-09 14:28 ` Josh Poimboeuf
2023-08-09 15:08 ` Peter Zijlstra
2023-08-09 15:43 ` Josh Poimboeuf
2023-08-09 14:31 ` Andrew.Cooper3
2023-08-09 14:39 ` Josh Poimboeuf
2023-08-10 15:44 ` Borislav Petkov
2023-08-10 16:10 ` Josh Poimboeuf
2023-08-11 10:27 ` Borislav Petkov
2023-08-12 11:32 ` Peter Zijlstra
2023-08-12 12:12 ` Borislav Petkov
2023-08-14 15:45 ` David Laight
2023-08-12 11:24 ` Peter Zijlstra
2023-08-12 12:10 ` Borislav Petkov
2023-08-14 10:56 ` Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 07/17] x86/cpu/kvm: Provide UNTRAIN_RET_VM Peter Zijlstra
2023-08-09 13:50 ` Josh Poimboeuf
2023-08-09 14:06 ` Peter Zijlstra
2023-08-09 14:30 ` Josh Poimboeuf
2023-08-09 15:10 ` Peter Zijlstra
2023-08-13 10:36 ` Borislav Petkov
2023-08-14 10:35 ` Peter Zijlstra
2023-08-09 7:12 ` Peter Zijlstra [this message]
2023-08-09 7:12 ` [RFC][PATCH 09/17] x86: Remove CONFIG_CPU_SRSO Peter Zijlstra
2023-08-09 13:57 ` Josh Poimboeuf
2023-08-09 7:12 ` [RFC][PATCH 10/17] x86: Remove CPU_IBPB_ENTRY Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 11/17] x86/cpu: Remove all SRSO interface nonsense Peter Zijlstra
2023-08-09 13:10 ` Andrew.Cooper3
2023-08-09 13:36 ` Peter Zijlstra
2023-08-09 14:05 ` Josh Poimboeuf
2023-08-09 14:43 ` Peter Zijlstra
2023-08-09 14:51 ` Josh Poimboeuf
2023-08-09 15:34 ` Josh Poimboeuf
2023-08-09 7:12 ` [RFC][PATCH 12/17] x86/cpu: Rename original retbleed return thunk Peter Zijlstra
2023-08-09 14:20 ` Josh Poimboeuf
2023-08-09 14:22 ` Peter Zijlstra
2023-08-10 11:06 ` Andrew.Cooper3
2023-08-10 13:02 ` Peter Zijlstra
2023-08-13 15:23 ` Andrew.Cooper3
2023-08-14 10:34 ` Peter Zijlstra
2023-08-14 11:31 ` Andrew.Cooper3
2023-08-14 12:06 ` Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 13/17] objtool/x86: Add arch_is_offset_insn() Peter Zijlstra
2023-08-09 9:56 ` Nikolay Borisov
2023-08-09 14:34 ` Josh Poimboeuf
2023-08-09 7:12 ` [RFC][PATCH 14/17] objtool: Add comments to the arch_is_$foo() magic symbols Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 15/17] x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 16/17] x86/alternatives: Simplify ALTERNATIVE_n() Peter Zijlstra
2023-08-09 7:12 ` [RFC][PATCH 17/17] x86/cpu: Use fancy alternatives to get rid of entry_untrain_ret() Peter Zijlstra
2023-08-09 9:04 ` [RFC][PATCH 00/17] Fix up the recent SRSO patches Nikolay Borisov
2023-08-09 10:04 ` Andrew.Cooper3
2023-08-09 11:58 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230809072200.990061113@infradead.org \
--to=peterz@infradead.org \
--cc=Andrew.Cooper3@citrix.com \
--cc=David.Kaplan@amd.com \
--cc=gregkh@linuxfoundation.org \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox