Skip to content

Commit 9f132c0

Browse files
pa1guptagregkh
pa1gupta
authored and
gregkh
committed
x86/its: Add support for RSB stuffing mitigation
commit facd226 upstream. When retpoline mitigation is enabled for spectre-v2, enabling call-depth-tracking and RSB stuffing also mitigates ITS. Add cmdline option indirect_target_selection=stuff to allow enabling RSB stuffing mitigation. When retpoline mitigation is not enabled, =stuff option is ignored, and default mitigation for ITS is deployed. Signed-off-by: Pawan Gupta <[email protected]> Signed-off-by: Dave Hansen <[email protected]> Reviewed-by: Josh Poimboeuf <[email protected]> Reviewed-by: Alexandre Chartre <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent 4dc1902 commit 9f132c0

File tree

2 files changed

+22
-0
lines changed

2 files changed

+22
-0
lines changed

Documentation/admin-guide/kernel-parameters.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2159,6 +2159,9 @@
21592159
mitigation.
21602160
vmexit: Only deploy mitigation if CPU is affected by
21612161
guest/host isolation part of ITS.
2162+
stuff: Deploy RSB-fill mitigation when retpoline is
2163+
also deployed. Otherwise, deploy the default
2164+
mitigation.
21622165

21632166
For details see:
21642167
Documentation/admin-guide/hw-vuln/indirect-target-selection.rst

arch/x86/kernel/cpu/bugs.c

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1190,6 +1190,7 @@ enum its_mitigation_cmd {
11901190
ITS_CMD_OFF,
11911191
ITS_CMD_ON,
11921192
ITS_CMD_VMEXIT,
1193+
ITS_CMD_RSB_STUFF,
11931194
};
11941195

11951196
enum its_mitigation {
@@ -1230,6 +1231,8 @@ static int __init its_parse_cmdline(char *str)
12301231
setup_force_cpu_bug(X86_BUG_ITS);
12311232
} else if (!strcmp(str, "vmexit")) {
12321233
its_cmd = ITS_CMD_VMEXIT;
1234+
} else if (!strcmp(str, "stuff")) {
1235+
its_cmd = ITS_CMD_RSB_STUFF;
12331236
} else {
12341237
pr_err("Ignoring unknown indirect_target_selection option (%s).", str);
12351238
}
@@ -1281,6 +1284,12 @@ static void __init its_select_mitigation(void)
12811284
goto out;
12821285
}
12831286

1287+
if (cmd == ITS_CMD_RSB_STUFF &&
1288+
(!boot_cpu_has(X86_FEATURE_RETPOLINE) || !IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING))) {
1289+
pr_err("RSB stuff mitigation not supported, using default\n");
1290+
cmd = ITS_CMD_ON;
1291+
}
1292+
12841293
switch (cmd) {
12851294
case ITS_CMD_OFF:
12861295
its_mitigation = ITS_MITIGATION_OFF;
@@ -1298,6 +1307,16 @@ static void __init its_select_mitigation(void)
12981307
setup_force_cpu_cap(X86_FEATURE_RETHUNK);
12991308
set_return_thunk(its_return_thunk);
13001309
break;
1310+
case ITS_CMD_RSB_STUFF:
1311+
its_mitigation = ITS_MITIGATION_RETPOLINE_STUFF;
1312+
setup_force_cpu_cap(X86_FEATURE_RETHUNK);
1313+
setup_force_cpu_cap(X86_FEATURE_CALL_DEPTH);
1314+
set_return_thunk(call_depth_return_thunk);
1315+
if (retbleed_mitigation == RETBLEED_MITIGATION_NONE) {
1316+
retbleed_mitigation = RETBLEED_MITIGATION_STUFF;
1317+
pr_info("Retbleed mitigation updated to stuffing\n");
1318+
}
1319+
break;
13011320
}
13021321
out:
13031322
pr_info("%s\n", its_strings[its_mitigation]);

0 commit comments

Comments
 (0)