Commit 2259da15 authored by Thadeu Lima de Souza Cascardo's avatar Thadeu Lima de Souza Cascardo Committed by Borislav Petkov

x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported

There are some VM configurations which have Skylake model but do not
support IBPB. In those cases, when using retbleed=ibpb, userspace is going
to be killed and kernel is going to panic.

If the CPU does not support IBPB, warn and proceed with the auto option. Also,
do not fallback to IBPB on AMD/Hygon systems if it is not supported.

Fixes: 3ebc1700 ("x86/bugs: Add retbleed=ibpb")
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
parent 2c08b9b3
...@@ -865,7 +865,10 @@ static void __init retbleed_select_mitigation(void) ...@@ -865,7 +865,10 @@ static void __init retbleed_select_mitigation(void)
break; break;
case RETBLEED_CMD_IBPB: case RETBLEED_CMD_IBPB:
if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) { if (!boot_cpu_has(X86_FEATURE_IBPB)) {
pr_err("WARNING: CPU does not support IBPB.\n");
goto do_cmd_auto;
} else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
retbleed_mitigation = RETBLEED_MITIGATION_IBPB; retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
} else { } else {
pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n"); pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
...@@ -880,7 +883,7 @@ static void __init retbleed_select_mitigation(void) ...@@ -880,7 +883,7 @@ static void __init retbleed_select_mitigation(void)
boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) { boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) {
if (IS_ENABLED(CONFIG_CPU_UNRET_ENTRY)) if (IS_ENABLED(CONFIG_CPU_UNRET_ENTRY))
retbleed_mitigation = RETBLEED_MITIGATION_UNRET; retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY) && boot_cpu_has(X86_FEATURE_IBPB))
retbleed_mitigation = RETBLEED_MITIGATION_IBPB; retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment