git.baikalelectronics.ru Git - kernel.git/commit

author	Kim Phillips <kim.phillips@amd.com>
	Mon, 8 Aug 2022 14:32:33 +0000 (09:32 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 17 Aug 2022 12:24:18 +0000 (14:24 +0200)
commit	04442ab8058e375077ce6cb95415fad1848815f7
tree	cb5ac115a4c18aa610e52c2a4e09b18e51945c50	tree \| snapshot
parent	88534543a9fe1b9dda0951ad1a21e1a69c05d828	commit \| diff

x86/bugs: Enable STIBP for IBPB mitigated RETBleed

commit 89b71ac1b216839a8ce4c3d5bfd18abfe69ec456 upstream.

AMD's "Technical Guidance for Mitigating Branch Type Confusion,
Rev. 1.0 2022-07-12" whitepaper, under section 6.1.2 "IBPB On
Privileged Mode Entry / SMT Safety" says:

  Similar to the Jmp2Ret mitigation, if the code on the sibling thread
  cannot be trusted, software should set STIBP to 1 or disable SMT to
  ensure SMT safety when using this mitigation.

So, like already being done for retbleed=unret, and now also for
retbleed=ibpb, force STIBP on machines that have it, and report its SMT
vulnerability status accordingly.

[ bp: Remove the "we" and remove "[AMD]" applicability parameter which
   doesn't work here. ]

Fixes: bf9a7f6cdeaa ("x86/bugs: Add retbleed=ibpb")
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: stable@vger.kernel.org # 5.10, 5.15, 5.19
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
Link: https://lore.kernel.org/r/20220804192201.439596-1-kim.phillips@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| history