diff options
Diffstat (limited to 'debian/patches/bugfix/x86/retbleed/0052-x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch')
| -rw-r--r-- | debian/patches/bugfix/x86/retbleed/0052-x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/bugfix/x86/retbleed/0052-x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch b/debian/patches/bugfix/x86/retbleed/0052-x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch new file mode 100644 index 000000000..b21ca419c --- /dev/null +++ b/debian/patches/bugfix/x86/retbleed/0052-x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch @@ -0,0 +1,44 @@ +From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> +Date: Thu, 7 Jul 2022 13:41:52 -0300 +Subject: x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported +Origin: https://git.kernel.org/linus/2259da159fbe5dba8ac00b560cf00b6a6537fa18 + +There are some VM configurations which have Skylake model but do not +support IBPB. In those cases, when using retbleed=ibpb, userspace is going +to be killed and kernel is going to panic. + +If the CPU does not support IBPB, warn and proceed with the auto option. Also, +do not fallback to IBPB on AMD/Hygon systems if it is not supported. + +Fixes: 3ebc17006888 ("x86/bugs: Add retbleed=ibpb") +Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> +Signed-off-by: Borislav Petkov <bp@suse.de> +--- + arch/x86/kernel/cpu/bugs.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index cf08a1b8f3c7..d26c57d98b98 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -865,7 +865,10 @@ static void __init retbleed_select_mitigation(void) + break; + + case RETBLEED_CMD_IBPB: +- if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { ++ if (!boot_cpu_has(X86_FEATURE_IBPB)) { ++ pr_err("WARNING: CPU does not support IBPB.\n"); ++ goto do_cmd_auto; ++ } else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { + retbleed_mitigation = RETBLEED_MITIGATION_IBPB; + } else { + pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); +@@ -880,7 +883,7 @@ static void __init retbleed_select_mitigation(void) + boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) { + if (IS_ENABLED(CONFIG_CPU_UNRET_ENTRY)) + retbleed_mitigation = RETBLEED_MITIGATION_UNRET; +- else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) ++ else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY) && boot_cpu_has(X86_FEATURE_IBPB)) + retbleed_mitigation = RETBLEED_MITIGATION_IBPB; + } + |