[SRU Focal][Pull] Retbleed IBRS mitigation

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Wed Oct 5 18:43:18 UTC 2022 

This mitigates Retbleed on Intel parts that support IBRS. This has been
submitted to upstream stable trees and has been boot and smoke tested on
different AMD and Intel parts.


The following changes since commit 616ded90414dbe3bf712ccc4d3fa4eb21d2bec37:

  ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (2022-10-05 16:29:09 +0200)

are available in the Git repository at:

  git://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/focal retbleed

for you to fetch changes up to cd16b9b58785af9492d00408a7078125e48ea75f:

  x86/speculation: Add RSB VM Exit protections (2022-10-05 15:13:06 -0300)

----------------------------------------------------------------
Alexandre Chartre (2):
      x86/bugs: Report AMD retbleed vulnerability
      x86/bugs: Add AMD retbleed= boot parameter

Andrew Cooper (1):
      x86/cpu/amd: Enumerate BTC_NO

Daniel Sneddon (1):
      x86/speculation: Add RSB VM Exit protections

Josh Poimboeuf (9):
      x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
      x86/speculation: Fix firmware entry SPEC_CTRL handling
      x86/speculation: Fix SPEC_CTRL write on SMT state change
      x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
      x86/speculation: Remove x86_spec_ctrl_mask
      KVM: VMX: Flatten __vmx_vcpu_run()
      KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
      KVM: VMX: Fix IBRS handling after vmexit
      x86/speculation: Fill RSB on vmexit for IBRS

Mark Gross (1):
      x86/cpu: Add a steppings field to struct x86_cpu_id

Nathan Chancellor (1):
      x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current

Pawan Gupta (4):
      x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
      x86/bugs: Add Cannon lake to RETBleed affected CPU list
      x86/speculation: Disable RRSBA behavior
      x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts

Peter Zijlstra (11):
      x86/kvm/vmx: Make noinstr clean
      x86/cpufeatures: Move RETPOLINE flags to word 11
      x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
      x86/entry: Remove skip_r11rcx
      x86/entry: Add kernel IBRS implementation
      x86/bugs: Optimize SPEC_CTRL MSR writes
      x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
      x86/bugs: Report Intel retbleed vulnerability
      intel_idle: Disable IBRS during long idle
      x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
      x86/common: Stamp out the stepping madness

Thadeu Lima de Souza Cascardo (3):
      Revert "x86/speculation: Add RSB VM Exit protections"
      Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
      KVM: VMX: Convert launched argument to flags

Thomas Gleixner (2):
      x86/devicetable: Move x86 specific macro out of generic code
      x86/cpu: Add consistent CPU match macros

Uros Bizjak (2):
      KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
      KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw

 Documentation/admin-guide/kernel-parameters.txt |  13 +
 arch/x86/entry/calling.h                        |  68 ++++-
 arch/x86/entry/entry_32.S                       |   2 -
 arch/x86/entry/entry_64.S                       |  34 ++-
 arch/x86/entry/entry_64_compat.S                |  11 +-
 arch/x86/include/asm/cpu_device_id.h            | 132 ++++++++-
 arch/x86/include/asm/cpufeatures.h              |  13 +-
 arch/x86/include/asm/intel-family.h             |   6 +
 arch/x86/include/asm/msr-index.h                |  10 +
 arch/x86/include/asm/nospec-branch.h            |  54 ++--
 arch/x86/kernel/cpu/amd.c                       |  21 +-
 arch/x86/kernel/cpu/bugs.c                      | 365 +++++++++++++++++++-----
 arch/x86/kernel/cpu/common.c                    |  61 ++--
 arch/x86/kernel/cpu/match.c                     |  13 +-
 arch/x86/kernel/cpu/scattered.c                 |   1 +
 arch/x86/kernel/process.c                       |   2 +-
 arch/x86/kvm/svm.c                              |   1 +
 arch/x86/kvm/vmx/nested.c                       |  32 +--
 arch/x86/kvm/vmx/run_flags.h                    |   8 +
 arch/x86/kvm/vmx/vmenter.S                      | 161 +++++------
 arch/x86/kvm/vmx/vmx.c                          |  72 +++--
 arch/x86/kvm/vmx/vmx.h                          |   5 +
 arch/x86/kvm/x86.c                              |   4 +-
 drivers/base/cpu.c                              |   8 +
 drivers/cpufreq/acpi-cpufreq.c                  |   1 +
 drivers/cpufreq/amd_freq_sensitivity.c          |   1 +
 drivers/idle/intel_idle.c                       |  43 ++-
 include/linux/cpu.h                             |   2 +
 include/linux/kvm_host.h                        |   2 +-
 include/linux/mod_devicetable.h                 |   4 +-
 tools/arch/x86/include/asm/cpufeatures.h        |   2 +-
 31 files changed, 840 insertions(+), 312 deletions(-)
 create mode 100644 arch/x86/kvm/vmx/run_flags.h

More information about the kernel-team mailing list