Commit c62fa117 authored by Johannes Wikner's avatar Johannes Wikner Committed by Borislav Petkov (AMD)
Browse files

x86/bugs: Do not use UNTRAIN_RET with IBPB on entry 



Since X86_FEATURE_ENTRY_IBPB will invalidate all harmful predictions
with IBPB, no software-based untraining of returns is needed anymore.
Currently, this change affects retbleed and SRSO mitigations so if
either of the mitigations is doing IBPB and the other one does the
software sequence, the latter is not needed anymore.

  [ bp: Massage commit message. ]

Suggested-by: default avatarBorislav Petkov <bp@alien8.de>
Signed-off-by: default avatarJohannes Wikner <kwikner@ethz.ch>
Cc: <stable@kernel.org>
parent 0fad2878

arch/x86/kernel/cpu/bugs.c

+17 −0
Original line number Diff line number Diff line
@@ -1115,6 +1115,15 @@ static void __init retbleed_select_mitigation(void) 


	case RETBLEED_MITIGATION_IBPB:

		setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);



		/*

		 * IBPB on entry already obviates the need for

		 * software-based untraining so clear those in case some

		 * other mitigation like SRSO has selected them.

		 */

		setup_clear_cpu_cap(X86_FEATURE_UNRET);

		setup_clear_cpu_cap(X86_FEATURE_RETHUNK);



		setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);

		mitigate_smt = true;
@@ -2635,6 +2644,14 @@ static void __init srso_select_mitigation(void) 
			if (has_microcode) {

				setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);

				srso_mitigation = SRSO_MITIGATION_IBPB;



				/*

				 * IBPB on entry already obviates the need for

				 * software-based untraining so clear those in case some

				 * other mitigation like Retbleed has selected them.

				 */

				setup_clear_cpu_cap(X86_FEATURE_UNRET);

				setup_clear_cpu_cap(X86_FEATURE_RETHUNK);

			}

		} else {

			pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");