The backport of "x86/retpoline: Fill return stack buffer on vmexit"
made the full stuffing of RSB only enabled if the kernel had
selected X86_FEATURE_RETPOLINE.
But if we are using IBRS we still want the full RSB stuffing
as it was prior to the backport.
Since we have both retpoline and ibrs wanting it we introduce
a new feature to enable the common mitigation that both of them
need.
Orabug:
27477743
CVE: CVE-2017-5715
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
#define X86_FEATURE_IBPB (7*32+24) /* Indirect Branch Prediction Barrier */
+#define X86_FEATURE_VMEXIT_RSB_FULL (7*32+27) /* "" Whether to stuff the RSB on VMEXIT. */
#define X86_FEATURE_STUFF_RSB (7*32+28) /* "" Whether to stuff the RSB (usually dependent on !SMEP) */
#define X86_FEATURE_RETPOLINE ( 7*32+29) /* Generic Retpoline mitigation for Spectre variant 2 */
#define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* AMD Retpoline mitigation for Spectre variant 2 */
asm volatile (ALTERNATIVE("jmp 910f",
__stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1)),
- X86_FEATURE_RETPOLINE)
+ X86_FEATURE_VMEXIT_RSB_FULL)
"910:"
: "=r" (loops), ASM_CALL_CONSTRAINT
: : "memory" );
mode == SPECTRE_V2_RETPOLINE_AMD) {
disable_ibrs_and_friends();
}
+ /* Future CPUs with IBRS_ATT might be able to avoid this. */
+ setup_force_cpu_cap(X86_FEATURE_VMEXIT_RSB_FULL);
}
#undef pr_fmt
projects / users / jedix / linux-maple.git / commitdiff