x86/bugs: Add retbleed=ibpb (3ebc1700) · Commits · EulixOS / Software / Kernel

Documentation/admin-guide/kernel-parameters.txt

+3 −0

Original line number	Diff line number	Diff line
		@@ -5207,6 +5207,9 @@
		disabling SMT if necessary for
		the full mitigation (only on Zen1
		and older without STIBP).
		ibpb - mitigate short speculation windows on
		basic block boundaries too. Safe, highest
		perf impact.
		unret - force enable untrained return thunks,
		only effective on AMD f15h-f17h
		based systems.

+1 −1

Original line number	Diff line number	Diff line
		@@ -11,7 +11,7 @@ CFLAGS_REMOVE_common.o = $(CC_FLAGS_FTRACE)

		CFLAGS_common.o += -fno-stack-protector

		obj-y := entry_$(BITS).o thunk_$(BITS).o syscall_$(BITS).o
		obj-y := entry.o entry_$(BITS).o thunk_$(BITS).o syscall_$(BITS).o
		obj-y += common.o

		obj-y += vdso/

0 → 100644

+22 −0

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0 */
		/*
		* Common place for both 32- and 64-bit entry routines.
		*/

		#include <linux/linkage.h>
		#include <asm/export.h>
		#include <asm/msr-index.h>

		.pushsection .noinstr.text, "ax"

		SYM_FUNC_START(entry_ibpb)
		movl $MSR_IA32_PRED_CMD, %ecx
		movl $PRED_CMD_IBPB, %eax
		xorl %edx, %edx
		wrmsr
		RET
		SYM_FUNC_END(entry_ibpb)
		/* For KVM */
		EXPORT_SYMBOL_GPL(entry_ibpb);

		.popsection

+1 −1

Original line number	Diff line number	Diff line
		@@ -296,7 +296,7 @@
		#define X86_FEATURE_PER_THREAD_MBA (1132+ 7) / "" Per-thread Memory Bandwidth Allocation */
		#define X86_FEATURE_SGX1 (1132+ 8) / "" Basic SGX */
		#define X86_FEATURE_SGX2 (1132+ 9) / "" SGX Enclave Dynamic Memory Management (EDMM) */
		/* FREE! (1132+10) /
		#define X86_FEATURE_ENTRY_IBPB (1132+10) / "" Issue an IBPB on kernel entry */
		/* FREE! (1132+11) /
		#define X86_FEATURE_RETPOLINE (1132+12) / "" Generic Retpoline mitigation for Spectre variant 2 */
		#define X86_FEATURE_RETPOLINE_LFENCE (1132+13) / "" Use LFENCE for Spectre variant 2 */

+6 −2

Original line number	Diff line number	Diff line
		@@ -123,14 +123,17 @@
		* return thunk isn't mapped into the userspace tables (then again, AMD
		* typically has NO_MELTDOWN).
		*
		* Doesn't clobber any registers but does require a stable stack.
		* While zen_untrain_ret() doesn't clobber anything but requires stack,
		* entry_ibpb() will clobber AX, CX, DX.
		*
		* As such, this must be placed after every *SWITCH_TO_KERNEL_CR3 at a point
		* where we have a stack but before any RET instruction.
		*/
		.macro UNTRAIN_RET
		#ifdef CONFIG_RETPOLINE
		ALTERNATIVE "", "call zen_untrain_ret", X86_FEATURE_UNRET
		ALTERNATIVE_2 "", \
		"call zen_untrain_ret", X86_FEATURE_UNRET, \
		"call entry_ibpb", X86_FEATURE_ENTRY_IBPB
		#endif
		.endm

		@@ -147,6 +150,7 @@ extern retpoline_thunk_t __x86_indirect_thunk_array[];

		extern void __x86_return_thunk(void);
		extern void zen_untrain_ret(void);
		extern void entry_ibpb(void);

		#ifdef CONFIG_RETPOLINE

Original line number	Diff line number	Diff line
		@@ -296,7 +296,7 @@
		#define X86_FEATURE_PER_THREAD_MBA (1132+ 7) / "" Per-thread Memory Bandwidth Allocation */
		#define X86_FEATURE_SGX1 (1132+ 8) / "" Basic SGX */
		#define X86_FEATURE_SGX2 (1132+ 9) / "" SGX Enclave Dynamic Memory Management (EDMM) */
		/* FREE! (1132+10) /
		#define X86_FEATURE_ENTRY_IBPB (1132+10) / "" Issue an IBPB on kernel entry */
		/* FREE! (1132+11) /
		#define X86_FEATURE_RETPOLINE (1132+12) / "" Generic Retpoline mitigation for Spectre variant 2 */
		#define X86_FEATURE_RETPOLINE_LFENCE (1132+13) / "" Use LFENCE for Spectre variant 2 */