Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp540425imn; Thu, 28 Jul 2022 08:19:07 -0700 (PDT) X-Google-Smtp-Source: AGRyM1ts0k+ETEZXUTvHXYd9X6HPNYBSks4ImJC8jD/eHlKAsgLcyO8IBoi6yX2dhtBtCSnFgB77 X-Received: by 2002:a65:6885:0:b0:412:a2ed:c3b with SMTP id e5-20020a656885000000b00412a2ed0c3bmr16327713pgt.606.1659021547479; Thu, 28 Jul 2022 08:19:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659021547; cv=none; d=google.com; s=arc-20160816; b=pX9CkjZNYLNSvrATnALimfkP6ZnSQmg3CJq4ZIgvwYEKTbumlSmbID6q1yY8Za1O9t 1VZJrQQpzafpmncGilGa2OB4Q4qDip3o8x78ww9AeGBiMu/pUbtSuLGQ95IYQrq0Futz ALB/rbxlqdLmIV1Na8f4FDJo0+/BPwCB8WMl0lHdwXIimTOCXAqjMdRhcyQcQRl3smVw Ei+OlY5CkgoYdglbFcr/qFjP/iB2oMdEroWSdsaSQUhN+GQSGoWiRvOgpiBgx/irIq7l nfFtXJrU0Nf2Bed8/SJWFOT6hLVrBcRAihWBQBW4JWQyQu3r1ITPISvkK8byuGAlZcVp wNCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=AmUPpMsyzQAMiFXXvNrmIFoCDHFhaj7UZeTTQJGeCWw=; b=YnL4LJxgq7//yMQLyBkJf6EJAeUSzwnVxQakqoSdsN/ECBJczZvPLEO+7jGyj7/rO1 jQChIptXFDma8gYS7MIS0hJtUYqweVnf+/pqlemoH/l9ZqwH85JKTozq093FJGmRqPRp 7Y96eMYjzq9dIHpyIe+ngkhN1Z9jOqSyIdkck4MvimZ+DwAhg3oUkV/8LcQNw01auozs 0eGJPpXBpi8k3aVA9OnioC0gSgG6reIybkJYOQqiRkR9UvRix/29xh0sYZa1zpjyBze2 ObsfQNUlVeQHfa5WlMwRGzZNLTM5PABk7c93yDB1012xav4V13ZcgEh7X3iNMTuAOCQI uAVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=QoKQ9jXF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q21-20020a637515000000b00419ffb91859si1388678pgc.442.2022.07.28.08.18.48; Thu, 28 Jul 2022 08:19:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=QoKQ9jXF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231542AbiG1PQ5 (ORCPT + 99 others); Thu, 28 Jul 2022 11:16:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58830 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230410AbiG1PQw (ORCPT ); Thu, 28 Jul 2022 11:16:52 -0400 Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE6ED54ACD; Thu, 28 Jul 2022 08:16:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=AmUPpMsyzQAMiFXXvNrmIFoCDHFhaj7UZeTTQJGeCWw=; b=QoKQ9jXFdAB+rfISOb/LkuVmpk iONt7UX2u072T60dMWkSQGDHSMAddG7zT5nuBbMvlxIof5wCSIXY/3iBEUc2PGwiMCLinsOALEa1F V5+74tzg7h3bFrNSs7adRwGAH7CG2c1+MkPoYJ4+7iHQnkC0vP8HQbGGbLZEw6pcHj441I8Zl0heJ 31JdQ764cl/RdnOVc55YwU6xL759EXVBwajIsfPG6yj1pAxLRbKhiHCBrhFIaevPlAlvOcVY7926t pEZXbbhWmxA8bip0HkbahXbzEbQjLLNoVN/9tzq0vMPEmFdpE8/mDmUPYi3FdHzBnMkZs/qb8Tp0D 8Cn0Pqlg==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=worktop.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1oH5Fi-0018J0-UV; Thu, 28 Jul 2022 15:16:43 +0000 Received: by worktop.programming.kicks-ass.net (Postfix, from userid 1000) id D180A98047B; Thu, 28 Jul 2022 17:16:40 +0200 (CEST) Date: Thu, 28 Jul 2022 17:16:40 +0200 From: Peter Zijlstra To: Thadeu Lima de Souza Cascardo Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Dimitri John Ledkov , Borislav Petkov , stable@vger.kernel.org Subject: Re: [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available Message-ID: References: <20220728122602.2500509-1-cascardo@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220728122602.2500509-1-cascardo@canonical.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 28, 2022 at 09:26:02AM -0300, Thadeu Lima de Souza Cascardo wrote: > Some cloud hypervisors do not provide IBPB on very recent CPU processors, > including AMD processors affected by Retbleed. That's a bug in the hypervisor. > Fixes: 28a99e95f55c ("x86/amd: Use IBPB for firmware calls") Fixes^WCreates-a-speculation-hole-in: > Reported-by: Dimitri John Ledkov > Signed-off-by: Thadeu Lima de Souza Cascardo > Cc: Peter Zijlstra (Intel) > Cc: Borislav Petkov > Cc: > --- > arch/x86/kernel/cpu/bugs.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 6454bc767f0f..6761668100b9 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -1520,6 +1520,7 @@ static void __init spectre_v2_select_mitigation(void) > * enable IBRS around firmware calls. > */ > if (boot_cpu_has_bug(X86_BUG_RETBLEED) && > + boot_cpu_has(X86_FEATURE_IBPB) && > (boot_cpu_data.x86_vendor == X86_VENDOR_AMD || > boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)) { At the very least we need a pr_warn() and something nasty in retbleed_show_state() to warn the user their firmware calls are vulnerable.