linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "tip-bot2 for Thadeu Lima de Souza Cascardo" <tip-bot2@linutronix.de>
To: linux-tip-commits@vger.kernel.org
Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>,
	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>,
	Borislav Petkov <bp@suse.de>, <stable@vger.kernel.org>,
	x86@kernel.org, linux-kernel@vger.kernel.org
Subject: [tip: x86/urgent] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
Date: Fri, 29 Jul 2022 08:11:57 -0000	[thread overview]
Message-ID: <165908231771.15455.910099609203096597.tip-bot2@tip-bot2> (raw)
In-Reply-To: <20220728122602.2500509-1-cascardo@canonical.com>

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     571c30b1a88465a1c85a6f7762609939b9085a15
Gitweb:        https://git.kernel.org/tip/571c30b1a88465a1c85a6f7762609939b9085a15
Author:        Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
AuthorDate:    Thu, 28 Jul 2022 09:26:02 -03:00
Committer:     Borislav Petkov <bp@suse.de>
CommitterDate: Fri, 29 Jul 2022 10:02:35 +02:00

x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available

Some cloud hypervisors do not provide IBPB on very recent CPU processors,
including AMD processors affected by Retbleed.

Using IBPB before firmware calls on such systems would cause a GPF at boot
like the one below. Do not enable such calls when IBPB support is not
present.

  EFI Variables Facility v0.08 2004-May-17
  general protection fault, maybe for address 0x1: 0000 [#1] PREEMPT SMP NOPTI
  CPU: 0 PID: 24 Comm: kworker/u2:1 Not tainted 5.19.0-rc8+ #7
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015
  Workqueue: efi_rts_wq efi_call_rts
  RIP: 0010:efi_call_rts
  Code: e8 37 33 58 ff 41 bf 48 00 00 00 49 89 c0 44 89 f9 48 83 c8 01 4c 89 c2 48 c1 ea 20 66 90 b9 49 00 00 00 b8 01 00 00 00 31 d2 <0f> 30 e8 7b 9f 5d ff e8 f6 f8 ff ff 4c 89 f1 4c 89 ea 4c 89 e6 48
  RSP: 0018:ffffb373800d7e38 EFLAGS: 00010246
  RAX: 0000000000000001 RBX: 0000000000000006 RCX: 0000000000000049
  RDX: 0000000000000000 RSI: ffff94fbc19d8fe0 RDI: ffff94fbc1b2b300
  RBP: ffffb373800d7e70 R08: 0000000000000000 R09: 0000000000000000
  R10: 000000000000000b R11: 000000000000000b R12: ffffb3738001fd78
  R13: ffff94fbc2fcfc00 R14: ffffb3738001fd80 R15: 0000000000000048
  FS:  0000000000000000(0000) GS:ffff94fc3da00000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: ffff94fc30201000 CR3: 000000006f610000 CR4: 00000000000406f0
  Call Trace:
   <TASK>
   ? __wake_up
   process_one_work
   worker_thread
   ? rescuer_thread
   kthread
   ? kthread_complete_and_exit
   ret_from_fork
   </TASK>
  Modules linked in:

Fixes: 28a99e95f55c ("x86/amd: Use IBPB for firmware calls")
Reported-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220728122602.2500509-1-cascardo@canonical.com
---
 arch/x86/kernel/cpu/bugs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 6454bc7..6761668 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1520,6 +1520,7 @@ static void __init spectre_v2_select_mitigation(void)
 	 * enable IBRS around firmware calls.
 	 */
 	if (boot_cpu_has_bug(X86_BUG_RETBLEED) &&
+	    boot_cpu_has(X86_FEATURE_IBPB) &&
 	    (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
 	     boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)) {
 

      parent reply	other threads:[~2022-07-29  8:12 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-28 12:26 [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available Thadeu Lima de Souza Cascardo
2022-07-28 12:35 ` Borislav Petkov
2022-07-28 12:39   ` Thadeu Lima de Souza Cascardo
2022-07-28 14:33   ` Dimitri John Ledkov
2022-07-28 15:18     ` Borislav Petkov
2022-07-28 15:50       ` Borislav Petkov
2022-07-28 17:01         ` Thadeu Lima de Souza Cascardo
2022-07-29 18:22           ` Borislav Petkov
2022-07-28 15:16 ` Peter Zijlstra
2022-07-29  8:11 ` tip-bot2 for Thadeu Lima de Souza Cascardo [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=165908231771.15455.910099609203096597.tip-bot2@tip-bot2 \
    --to=tip-bot2@linutronix.de \
    --cc=bp@suse.de \
    --cc=cascardo@canonical.com \
    --cc=dimitri.ledkov@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).