Commit 0fad2878 authored by Johannes Wikner's avatar Johannes Wikner Committed by Borislav Petkov (AMD)
Browse files

x86/bugs: Skip RSB fill at VMEXIT 



entry_ibpb() is designed to follow Intel's IBPB specification regardless
of CPU. This includes invalidating RSB entries.

Hence, if IBPB on VMEXIT has been selected, entry_ibpb() as part of the
RET untraining in the VMEXIT path will take care of all BTB and RSB
clearing so there's no need to explicitly fill the RSB anymore.

  [ bp: Massage commit message. ]

Suggested-by: default avatarBorislav Petkov <bp@alien8.de>
Signed-off-by: default avatarJohannes Wikner <kwikner@ethz.ch>
Cc: <stable@kernel.org>
parent 50e4b3b9

arch/x86/kernel/cpu/bugs.c

+15 −0
Original line number Diff line number Diff line
@@ -1117,6 +1117,14 @@ static void __init retbleed_select_mitigation(void) 
		setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);

		setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);

		mitigate_smt = true;



		/*

		 * There is no need for RSB filling: entry_ibpb() ensures

		 * all predictions, including the RSB, are invalidated,

		 * regardless of IBPB implementation.

		 */

		setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT);



		break;



	case RETBLEED_MITIGATION_STUFF:
@@ -2638,6 +2646,13 @@ static void __init srso_select_mitigation(void) 
			if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) {

				setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);

				srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT;



				/*

				 * There is no need for RSB filling: entry_ibpb() ensures

				 * all predictions, including the RSB, are invalidated,

				 * regardless of IBPB implementation.

				 */

				setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT);

			}

		} else {

			pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");