x86/srso: Add IBPB

Add the option to mitigate using IBPB on a kernel entry. Pull in the
Retbleed alternative so that the IBPB call from there can be used. Also,
if Retbleed mitigation is done using IBPB, the same mitigation can and
must be used here.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 8346c33760c1268bb1a0baee79884149cea9fbf1..3faf044569a5d262e59ad93dd90a22c82139965b 100644 (file)
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -290,7 +290,7 @@
  */
 .macro UNTRAIN_RET
 #if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CPU_IBPB_ENTRY) || \
-       defined(CONFIG_CALL_DEPTH_TRACKING)
+       defined(CONFIG_CALL_DEPTH_TRACKING) || defined(CONFIG_CPU_SRSO)
        VALIDATE_UNRET_END
        ALTERNATIVE_3 "",                                               \
                      CALL_ZEN_UNTRAIN_RET, X86_FEATURE_UNRET,          \

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 439ecad623174ee25ef2cc57541f28266f62f444..f3cc432ed81836e58753973e5c57f6661e6fb32c 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2197,18 +2197,21 @@ enum srso_mitigation {
        SRSO_MITIGATION_NONE,
        SRSO_MITIGATION_MICROCODE,
        SRSO_MITIGATION_SAFE_RET,
+       SRSO_MITIGATION_IBPB,
 };
 
 enum srso_mitigation_cmd {
        SRSO_CMD_OFF,
        SRSO_CMD_MICROCODE,
        SRSO_CMD_SAFE_RET,
+       SRSO_CMD_IBPB,
 };
 
 static const char * const srso_strings[] = {
        [SRSO_MITIGATION_NONE]           = "Vulnerable",
        [SRSO_MITIGATION_MICROCODE]      = "Mitigation: microcode",
        [SRSO_MITIGATION_SAFE_RET]       = "Mitigation: safe RET",
+       [SRSO_MITIGATION_IBPB]           = "Mitigation: IBPB",
 };
 
 static enum srso_mitigation srso_mitigation __ro_after_init = SRSO_MITIGATION_NONE;
@@ -2225,6 +2228,8 @@ static int __init srso_parse_cmdline(char *str)
                srso_cmd = SRSO_CMD_MICROCODE;
        else if (!strcmp(str, "safe-ret"))
                srso_cmd = SRSO_CMD_SAFE_RET;
+       else if (!strcmp(str, "ibpb"))
+               srso_cmd = SRSO_CMD_IBPB;
        else
                pr_err("Ignoring unknown SRSO option (%s).", str);
 
@@ -2266,6 +2271,14 @@ static void __init srso_select_mitigation(void)
                        setup_force_cpu_cap(X86_FEATURE_SRSO_NO);
        }
 
+       if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
+               if (has_microcode) {
+                       pr_err("Retbleed IBPB mitigation enabled, using same for SRSO\n");
+                       srso_mitigation = SRSO_MITIGATION_IBPB;
+                       goto pred_cmd;
+               }
+       }
+
        switch (srso_cmd) {
        case SRSO_CMD_OFF:
                return;
@@ -2290,6 +2303,16 @@ static void __init srso_select_mitigation(void)
                }
                break;
 
+       case SRSO_CMD_IBPB:
+               if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
+                       if (has_microcode) {
+                               setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
+                               srso_mitigation = SRSO_MITIGATION_IBPB;
+                       }
+               } else {
+                       pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
+                       goto pred_cmd;
+               }
        default:
                break;
        }