From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 5.15 v2 11/14] x86/its: Enable Indirect Target Selection mitigation
Date: Wed, 14 May 2025 16:14:18 -0400 [thread overview]
Message-ID: <20250514113200-185cc2962e9d31fa@stable.kernel.org> (raw)
In-Reply-To: <20250513-its-5-15-v2-11-90690efdc7e0@linux.intel.com>
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected.
No action required from the submitter.
The upstream commit SHA1 provided is correct: f4818881c47fd91fcb6d62373c57c7844e3de1c0
Status in newer kernel trees:
6.14.y | Present (different SHA1: 2530e9327957)
6.12.y | Present (different SHA1: 29a3e7d59cac)
6.6.y | Present (different SHA1: 527b6f385495)
6.1.y | Present (different SHA1: 39fdd17f075d)
Note: The patch differs from the upstream commit:
---
1: f4818881c47fd ! 1: e0aa87dadeb43 x86/its: Enable Indirect Target Selection mitigation
@@ Metadata
## Commit message ##
x86/its: Enable Indirect Target Selection mitigation
+ commit f4818881c47fd91fcb6d62373c57c7844e3de1c0 upstream.
+
Indirect Target Selection (ITS) is a bug in some pre-ADL Intel CPUs with
eIBRS. It affects prediction of indirect branch and RETs in the
lower half of cacheline. Due to ITS such branches may get wrongly predicted
@@ Documentation/admin-guide/kernel-parameters.txt
Format: <full_path>
Run specified binary instead of /sbin/init as init
@@
+ improves system performance, but it may also
expose users to several CPU vulnerabilities.
- Equivalent to: if nokaslr then kpti=0 [ARM64]
- gather_data_sampling=off [X86]
+ Equivalent to: gather_data_sampling=off [X86]
+ indirect_target_selection=off [X86]
+ kpti=0 [ARM64]
kvm.nx_huge_pages=off [X86]
l1tf=off [X86]
- mds=off [X86]
## arch/x86/kernel/cpu/bugs.c ##
@@ arch/x86/kernel/cpu/bugs.c: static void __init srbds_select_mitigation(void);
static void __init l1d_flush_select_mitigation(void);
- static void __init srso_select_mitigation(void);
static void __init gds_select_mitigation(void);
+ static void __init srso_select_mitigation(void);
+static void __init its_select_mitigation(void);
/* The base value of the SPEC_CTRL MSR without task-specific bits set */
u64 x86_spec_ctrl_base;
@@ arch/x86/kernel/cpu/bugs.c: static DEFINE_MUTEX(spec_ctrl_mutex);
- void (*x86_return_thunk)(void) __ro_after_init = __x86_return_thunk;
+ void (*x86_return_thunk)(void) __ro_after_init = &__x86_return_thunk;
+static void __init set_return_thunk(void *thunk)
+{
@@ arch/x86/kernel/cpu/bugs.c: void __init cpu_select_mitigations(void)
/*
@@ arch/x86/kernel/cpu/bugs.c: static void __init retbleed_select_mitigation(void)
- setup_force_cpu_cap(X86_FEATURE_RETHUNK);
setup_force_cpu_cap(X86_FEATURE_UNRET);
-- x86_return_thunk = retbleed_return_thunk;
-+ set_return_thunk(retbleed_return_thunk);
+ if (IS_ENABLED(CONFIG_RETHUNK))
+- x86_return_thunk = retbleed_return_thunk;
++ set_return_thunk(retbleed_return_thunk);
if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD &&
boot_cpu_data.x86_vendor != X86_VENDOR_HYGON)
-@@ arch/x86/kernel/cpu/bugs.c: static void __init retbleed_select_mitigation(void)
- setup_force_cpu_cap(X86_FEATURE_RETHUNK);
- setup_force_cpu_cap(X86_FEATURE_CALL_DEPTH);
-
-- x86_return_thunk = call_depth_return_thunk;
-+ set_return_thunk(call_depth_return_thunk);
- break;
-
- default:
@@ arch/x86/kernel/cpu/bugs.c: static void __init retbleed_select_mitigation(void)
pr_info("%s\n", retbleed_strings[retbleed_mitigation]);
}
@@ arch/x86/kernel/cpu/bugs.c: static void __init retbleed_select_mitigation(void)
+enum its_mitigation {
+ ITS_MITIGATION_OFF,
+ ITS_MITIGATION_ALIGNED_THUNKS,
-+ ITS_MITIGATION_RETPOLINE_STUFF,
+};
+
+static const char * const its_strings[] = {
+ [ITS_MITIGATION_OFF] = "Vulnerable",
+ [ITS_MITIGATION_ALIGNED_THUNKS] = "Mitigation: Aligned branch/return thunks",
-+ [ITS_MITIGATION_RETPOLINE_STUFF] = "Mitigation: Retpolines, Stuffing RSB",
+};
+
+static enum its_mitigation its_mitigation __ro_after_init = ITS_MITIGATION_ALIGNED_THUNKS;
@@ arch/x86/kernel/cpu/bugs.c: static void __init retbleed_select_mitigation(void)
+ return;
+ }
+
-+ /* Retpoline+CDT mitigates ITS, bail out */
-+ if (boot_cpu_has(X86_FEATURE_RETPOLINE) &&
-+ boot_cpu_has(X86_FEATURE_CALL_DEPTH)) {
-+ its_mitigation = ITS_MITIGATION_RETPOLINE_STUFF;
-+ goto out;
-+ }
-+
+ /* Exit early to avoid irrelevant warnings */
+ if (cmd == ITS_CMD_OFF) {
+ its_mitigation = ITS_MITIGATION_OFF;
@@ arch/x86/kernel/cpu/bugs.c: static void __init retbleed_select_mitigation(void)
+ its_mitigation = ITS_MITIGATION_OFF;
+ goto out;
+ }
-+ if (!IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) ||
-+ !IS_ENABLED(CONFIG_MITIGATION_RETHUNK)) {
++ if (!IS_ENABLED(CONFIG_RETPOLINE) || !IS_ENABLED(CONFIG_RETHUNK)) {
+ pr_err("WARNING: ITS mitigation depends on retpoline and rethunk support\n");
+ its_mitigation = ITS_MITIGATION_OFF;
+ goto out;
@@ arch/x86/kernel/cpu/bugs.c: static void __init srso_select_mitigation(void)
- x86_return_thunk = srso_return_thunk;
+ set_return_thunk(srso_return_thunk);
}
- if (has_microcode)
- srso_mitigation = SRSO_MITIGATION_SAFE_RET;
+ srso_mitigation = SRSO_MITIGATION_SAFE_RET;
+ } else {
@@ arch/x86/kernel/cpu/bugs.c: static ssize_t rfds_show_state(char *buf)
return sysfs_emit(buf, "%s\n", rfds_strings[rfds_mitigation]);
}
@@ arch/x86/kernel/cpu/bugs.c: ssize_t cpu_show_reg_file_data_sampling(struct devic
+ return cpu_show_common(dev, attr, buf, X86_BUG_ITS);
+}
#endif
-
- void __warn_thunk(void)
## drivers/base/cpu.c ##
-@@ drivers/base/cpu.c: CPU_SHOW_VULN_FALLBACK(spec_rstack_overflow);
- CPU_SHOW_VULN_FALLBACK(gds);
- CPU_SHOW_VULN_FALLBACK(reg_file_data_sampling);
- CPU_SHOW_VULN_FALLBACK(ghostwrite);
-+CPU_SHOW_VULN_FALLBACK(indirect_target_selection);
+@@ drivers/base/cpu.c: ssize_t __weak cpu_show_reg_file_data_sampling(struct device *dev,
+ return sysfs_emit(buf, "Not affected\n");
+ }
++ssize_t __weak cpu_show_indirect_target_selection(struct device *dev,
++ struct device_attribute *attr, char *buf)
++{
++ return sysfs_emit(buf, "Not affected\n");
++}
++
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
-@@ drivers/base/cpu.c: static DEVICE_ATTR(spec_rstack_overflow, 0444, cpu_show_spec_rstack_overflow, NU
+ static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
+@@ drivers/base/cpu.c: static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL);
static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL);
+ static DEVICE_ATTR(spec_rstack_overflow, 0444, cpu_show_spec_rstack_overflow, NULL);
static DEVICE_ATTR(reg_file_data_sampling, 0444, cpu_show_reg_file_data_sampling, NULL);
- static DEVICE_ATTR(ghostwrite, 0444, cpu_show_ghostwrite, NULL);
+static DEVICE_ATTR(indirect_target_selection, 0444, cpu_show_indirect_target_selection, NULL);
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
&dev_attr_meltdown.attr,
@@ drivers/base/cpu.c: static struct attribute *cpu_root_vulnerabilities_attrs[] = {
&dev_attr_gather_data_sampling.attr,
+ &dev_attr_spec_rstack_overflow.attr,
&dev_attr_reg_file_data_sampling.attr,
- &dev_attr_ghostwrite.attr,
+ &dev_attr_indirect_target_selection.attr,
NULL
};
@@ drivers/base/cpu.c: static struct attribute *cpu_root_vulnerabilities_attrs[] =
## include/linux/cpu.h ##
@@ include/linux/cpu.h: extern ssize_t cpu_show_gds(struct device *dev,
+ struct device_attribute *attr, char *buf);
extern ssize_t cpu_show_reg_file_data_sampling(struct device *dev,
struct device_attribute *attr, char *buf);
- extern ssize_t cpu_show_ghostwrite(struct device *dev, struct device_attribute *attr, char *buf);
+extern ssize_t cpu_show_indirect_target_selection(struct device *dev,
+ struct device_attribute *attr, char *buf);
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
next prev parent reply other threads:[~2025-05-14 20:14 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-14 6:06 [PATCH 5.15 v2 00/14] ITS mitigation Pawan Gupta
2025-05-14 6:06 ` [PATCH 5.15 v2 01/14] x86,nospec: Simplify {JMP,CALL}_NOSPEC Pawan Gupta
2025-05-14 20:13 ` Sasha Levin
2025-05-14 6:07 ` [PATCH 5.15 v2 02/14] x86/speculation: Simplify and make CALL_NOSPEC consistent Pawan Gupta
2025-05-14 20:14 ` Sasha Levin
2025-05-14 6:07 ` [PATCH 5.15 v2 03/14] x86/speculation: Add a conditional CS prefix to CALL_NOSPEC Pawan Gupta
2025-05-14 20:14 ` Sasha Levin
2025-05-14 6:07 ` [PATCH 5.15 v2 04/14] x86/speculation: Remove the extra #ifdef around CALL_NOSPEC Pawan Gupta
2025-05-14 20:13 ` Sasha Levin
2025-05-14 6:07 ` [PATCH 5.15 v2 05/14] Documentation: x86/bugs/its: Add ITS documentation Pawan Gupta
2025-05-14 20:14 ` Sasha Levin
2025-05-14 6:08 ` [PATCH 5.15 v2 06/14] x86/its: Enumerate Indirect Target Selection (ITS) bug Pawan Gupta
2025-05-14 20:13 ` Sasha Levin
2025-05-14 6:08 ` [PATCH 5.15 v2 07/14] x86/its: Add support for ITS-safe indirect thunk Pawan Gupta
2025-05-14 20:14 ` Sasha Levin
2025-05-14 6:08 ` [PATCH 5.15 v2 08/14] x86/alternative: Optimize returns patching Pawan Gupta
2025-05-14 20:14 ` Sasha Levin
2025-05-14 6:08 ` [PATCH 5.15 v2 09/14] x86/alternatives: Remove faulty optimization Pawan Gupta
2025-05-14 20:13 ` Sasha Levin
2025-05-14 6:09 ` [PATCH 5.15 v2 10/14] x86/its: Add support for ITS-safe return thunk Pawan Gupta
2025-05-14 20:13 ` Sasha Levin
2025-05-14 6:09 ` [PATCH 5.15 v2 11/14] x86/its: Enable Indirect Target Selection mitigation Pawan Gupta
2025-05-14 20:14 ` Sasha Levin [this message]
2025-05-14 6:09 ` [PATCH 5.15 v2 12/14] x86/its: Add "vmexit" option to skip mitigation on some CPUs Pawan Gupta
2025-05-14 20:14 ` Sasha Levin
2025-05-14 6:10 ` [PATCH 5.15 v2 13/14] x86/its: Align RETs in BHB clear sequence to avoid thunking Pawan Gupta
2025-05-14 20:13 ` Sasha Levin
2025-05-14 6:10 ` [PATCH 5.15 v2 14/14] x86/its: Use dynamic thunks for indirect branches Pawan Gupta
2025-05-14 20:14 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250514113200-185cc2962e9d31fa@stable.kernel.org \
--to=sashal@kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox