x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported

stable inclusion from stable-v5.10.133 commit 51552b6b52fc865f37ef3ddacd27d807a36695ac category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5PTAS CVE: CVE-2022-29900,CVE-2022-23816,CVE-2022-29901 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=51552b6b52fc865f37ef3ddacd27d807a36695ac -------------------------------- commit 2259da15 upstream. There are some VM configurations which have Skylake model but do not support IBPB. In those cases, when using retbleed=ibpb, userspace is going to be killed and kernel is going to panic. If the CPU does not support IBPB, warn and proceed with the auto option. Also, do not fallback to IBPB on AMD/Hygon systems if it is not supported. Fixes: 3ebc1700 ("x86/bugs: Add retbleed=ibpb") Signed-off-by: N Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: N Borislav Petkov <bp@suse.de> Signed-off-by: N Ben Hutchings <ben@decadent.org.uk> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Lin Yujun <linyujun809@huawei.com> Reviewed-by: N Zhang Jianhua <chris.zjh@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
stable inclusion from stable-v5.10.133 commit 51552b6b52fc865f37ef3ddacd27d807a36695ac category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5PTAS CVE: CVE-2022-29900,CVE-2022-23816,CVE-2022-29901 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=51552b6b52fc865f37ef3ddacd27d807a36695ac -------------------------------- commit 2259da15 upstream. There are some VM configurations which have Skylake model but do not support IBPB. In those cases, when using retbleed=ibpb, userspace is going to be killed and kernel is going to panic. If the CPU does not support IBPB, warn and proceed with the auto option. Also, do not fallback to IBPB on AMD/Hygon systems if it is not supported. Fixes: 3ebc1700 ("x86/bugs: Add retbleed=ibpb") Signed-off-by: N Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: N Borislav Petkov <bp@suse.de> Signed-off-by: N Ben Hutchings <ben@decadent.org.uk> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Lin Yujun <linyujun809@huawei.com> Reviewed-by: N Zhang Jianhua <chris.zjh@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
a4e10f56 · Thadeu Lima de Souza Cascardo · Zheng Zengkai · 6bd90964 · a4e10f56
显示空白变更内容
内联并排

Showing with 5 addition and 2 deletion

arch/x86/kernel/cpu/bugs.c arch/x86/kernel/cpu/bugs.c +5 -2

未找到文件。
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -821,7 +821,10 @@ static void __init retbleed_select_mitigation(void)
 		break;

 	case RETBLEED_CMD_IBPB:
-		if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
+		if (!boot_cpu_has(X86_FEATURE_IBPB)) {
+			pr_err("WARNING: CPU does not support IBPB.\n");
+			goto do_cmd_auto;
+		} else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
 			retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
 		} else {
 			pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
@@ -836,7 +839,7 @@ static void __init retbleed_select_mitigation(void)
 		    boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) {
 			if (IS_ENABLED(CONFIG_CPU_UNRET_ENTRY))
 				retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
-			else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY))
+			else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY) && boot_cpu_has(X86_FEATURE_IBPB))
 				retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
 		}