Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp113723imn; Fri, 29 Jul 2022 01:14:22 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sPnGMZyR/64vfmGQEB9MfxugJwFLnxEOPxTDrlG05JCzRdRmH+Lz42MabfKMaxoYv8+/5X X-Received: by 2002:a17:907:7295:b0:72b:8207:bdc2 with SMTP id dt21-20020a170907729500b0072b8207bdc2mr2042655ejc.753.1659082462414; Fri, 29 Jul 2022 01:14:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659082462; cv=none; d=google.com; s=arc-20160816; b=gI9hQqJew40h+iimzvSMi2ZRpUNfyh/ym2osDMxuyFdhLgdXOEeNACHve7Yy7bSmKY 8kgKeKVZLLeQkgpFUpZJ2j9+e18L9krCFJrg0EfDroH+x9FpMrM5K9JdWw2ONfX5X31D MRGgSswMhnoOJBS51Z18aIsepSwr0WONMkHzHfLTi6kCjY0aoxYmtKZ2dy0pfhBanTuX RW3fCpZi5e3q30jeWzMz3vZUNp2hPqvX71ZpZaZwroVOJrgzOx9EJhK1xuwbZyYu0oW7 2z56IPQ0IH0O5lMJNnco0jMovaVSgw3YGoyUgZpo+pxDRWFWp8YTGyZICtfVUWBLplJU vhxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=S6OXLj5CsWOBodkRXT3i4CgKhOtLFQplhD7nAMNeuq8=; b=IaE+5bWU0DTACqUPYgnq7fdKeVSQHtK66o+7LU2iTFJxDB58n/hXFXc5S5pKWkvD// lTXoFu1pq0BU41gsYYNBf0rLjFu0qMYLO1vv3WrqjfcNlIeBpfBBlISqCPrHMMeL4q6d BoSCoKkHjeB6d0/NhAew3WqZ3LgPXn3HH1Noh4RIvp5KdzYoHVpDS7bcHujNSG68TXyX 33BlUYhKQkS1J2JOwju2F9zbuNCnsK7kAnSv11axWVbtxW0u6GOUYtNJMl26YkxChdaM k+bMmyWTjUD/3BkrvNUlNTYIxqeDQ3bHP01jFWMP4WhdfTQp1MSwtEOe71P5GIPHrP8O u1fw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=IXMSLSFq; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id be18-20020a0564021a3200b0043aca113dc9si2369180edb.342.2022.07.29.01.13.57; Fri, 29 Jul 2022 01:14:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=IXMSLSFq; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235457AbiG2IME (ORCPT + 99 others); Fri, 29 Jul 2022 04:12:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230241AbiG2IMC (ORCPT ); Fri, 29 Jul 2022 04:12:02 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 19C517FE58; Fri, 29 Jul 2022 01:12:01 -0700 (PDT) Date: Fri, 29 Jul 2022 08:11:57 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1659082319; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S6OXLj5CsWOBodkRXT3i4CgKhOtLFQplhD7nAMNeuq8=; b=IXMSLSFqCwyyFh6aU4jMKAmR7MTyD/sG84Sa7lM7CXjLmtR1upxdGWz4BkMYF+GV4m32EA jMv9K29KRTf6HmYabi8UHlP30D6Q8RWd3PE332UhiP6xHENK9XrwEef2ynhufTwgObO57g v1HaR8MelonrubY33krXdKB8VuaxEX1WEspidbmLE4PLq4Vl4iaCUUwWX7qFjuRDVB44YK kPjD+SB8I08uVpf1jIYupE2oMvkwbu6oypKnh1IabV1OMtXuEnYhr2tj61qvg6WKU9YczJ vW5KzL7iSVsNLNducgMkZswnJQDidFgG+1U3JDqeCkG+8dYNJOzDbGzcHnOKkQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1659082319; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S6OXLj5CsWOBodkRXT3i4CgKhOtLFQplhD7nAMNeuq8=; b=97SmYFkWOoJ9ee+C/AkWZ3hHU/cU1TvhnUE/4LM5wp7y4IOnuipXIZpLLM+6cK+/rTJl9U JaJolThG2RPaqRDg== From: "tip-bot2 for Thadeu Lima de Souza Cascardo" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available Cc: Dimitri John Ledkov , Thadeu Lima de Souza Cascardo , Borislav Petkov , , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20220728122602.2500509-1-cascardo@canonical.com> References: <20220728122602.2500509-1-cascardo@canonical.com> MIME-Version: 1.0 Message-ID: <165908231771.15455.910099609203096597.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 571c30b1a88465a1c85a6f7762609939b9085a15 Gitweb: https://git.kernel.org/tip/571c30b1a88465a1c85a6f7762609939b9085a15 Author: Thadeu Lima de Souza Cascardo AuthorDate: Thu, 28 Jul 2022 09:26:02 -03:00 Committer: Borislav Petkov CommitterDate: Fri, 29 Jul 2022 10:02:35 +02:00 x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available Some cloud hypervisors do not provide IBPB on very recent CPU processors, including AMD processors affected by Retbleed. Using IBPB before firmware calls on such systems would cause a GPF at boot like the one below. Do not enable such calls when IBPB support is not present. EFI Variables Facility v0.08 2004-May-17 general protection fault, maybe for address 0x1: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 24 Comm: kworker/u2:1 Not tainted 5.19.0-rc8+ #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 Workqueue: efi_rts_wq efi_call_rts RIP: 0010:efi_call_rts Code: e8 37 33 58 ff 41 bf 48 00 00 00 49 89 c0 44 89 f9 48 83 c8 01 4c 89 c2 48 c1 ea 20 66 90 b9 49 00 00 00 b8 01 00 00 00 31 d2 <0f> 30 e8 7b 9f 5d ff e8 f6 f8 ff ff 4c 89 f1 4c 89 ea 4c 89 e6 48 RSP: 0018:ffffb373800d7e38 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 0000000000000006 RCX: 0000000000000049 RDX: 0000000000000000 RSI: ffff94fbc19d8fe0 RDI: ffff94fbc1b2b300 RBP: ffffb373800d7e70 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000000b R11: 000000000000000b R12: ffffb3738001fd78 R13: ffff94fbc2fcfc00 R14: ffffb3738001fd80 R15: 0000000000000048 FS: 0000000000000000(0000) GS:ffff94fc3da00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff94fc30201000 CR3: 000000006f610000 CR4: 00000000000406f0 Call Trace: ? __wake_up process_one_work worker_thread ? rescuer_thread kthread ? kthread_complete_and_exit ret_from_fork Modules linked in: Fixes: 28a99e95f55c ("x86/amd: Use IBPB for firmware calls") Reported-by: Dimitri John Ledkov Signed-off-by: Thadeu Lima de Souza Cascardo Signed-off-by: Borislav Petkov Cc: Link: https://lore.kernel.org/r/20220728122602.2500509-1-cascardo@canonical.com --- arch/x86/kernel/cpu/bugs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 6454bc7..6761668 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1520,6 +1520,7 @@ static void __init spectre_v2_select_mitigation(void) * enable IBRS around firmware calls. */ if (boot_cpu_has_bug(X86_BUG_RETBLEED) && + boot_cpu_has(X86_FEATURE_IBPB) && (boot_cpu_data.x86_vendor == X86_VENDOR_AMD || boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)) {