From nobody Sun Feb 8 23:37:09 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C398225E463; Wed, 9 Apr 2025 11:44:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744199067; cv=none; b=GZjQpg+KrD39zzyK0dCjvHLJIWg9MvlfOz7yq7Z/hiTH1bkxlq9PgArg+FW6s0b/IYVzWNZa8DjkFtAisJ/6axkQrsLN0ntY/MKvTEBHlyLUHXxNb0x1r5md/4Lyd6OSBnSRpZKuUkmZ+wSEMOCUc6LB0P04ZcDFLU6dvOkA88Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744199067; c=relaxed/simple; bh=esQfNDGd1krvxpEW5+SaP0qAE/IEbNiz2Sp/mJOApjI=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=qBJVdY5MqV7+qK2qIM9xCB5tBhaYfm37kdYrvok5RyavtF1eYicDamx7aLVzE3P5Ctr8kCpjGHPjsDd0HP7Q2JpWpwUf44MYsLbEj6F05XfWwAXewfoLNDqvibFvDaUQpKLrZ3I38+UpZI2F6F5U1Z3idZ3DaoENPmNu0aovU5Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=iOgmhZl9; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=5KP4/Adh; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="iOgmhZl9"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="5KP4/Adh" Date: Wed, 09 Apr 2025 11:44:23 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1744199064; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PhGfEUEzXyDvud9yA+VM+gSjO2XWQCcU7AYQXzGyn78=; b=iOgmhZl9LLfIBgL8CkmdON+AF8SAhLRUJjZM6voDlRrTpPkv60BobSINzRTUR/1UmNkK8p WNIOTmdLOKp9jnPzSfKhLfWe/iNYnIwCGeliFz8GHe8U+T3BQa+ys8nCK/IDcf5cTxBhjt r8KRmnVVmgUHdnikCXeIS4RYyS8HnM5THgCEO9sHmb3UDL/bF9Io2g/uBn8EppZa5/0uH7 59tJzwSakeAMHeLPfpa16Fixxx1uzqkQvkG/7KTgW5FQ55wbO3S7aeenx2cFY8DuLrDN4u fZ0fYZ0T57hZyEDCtgkKsLviK85nBS/0x6LXiJvSFTAzvNEw1Bf48TN7WJ6NUw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1744199064; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PhGfEUEzXyDvud9yA+VM+gSjO2XWQCcU7AYQXzGyn78=; b=5KP4/AdhUE4E7lg35qE0+D6ItvJvtUk7gkNNwslORlBXvHrMhSWotZ8Kg9rlUSGpHlWGmR 1X+BY4RB5fpz06CQ== From: "tip-bot2 for Josh Poimboeuf" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/bugs: Don't fill RSB on context switch with eIBRS Cc: Pawan Gupta , Josh Poimboeuf , Ingo Molnar , Amit Shah , Nikolay Borisov , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <98cdefe42180358efebf78e3b80752850c7a3e1b.1744148254.git.jpoimboe@kernel.org> References: <98cdefe42180358efebf78e3b80752850c7a3e1b.1744148254.git.jpoimboe@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <174419906345.31282.9474588057565981469.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 27ce8299bc1ec6df8306073785ff82b30b3cc5ee Gitweb: https://git.kernel.org/tip/27ce8299bc1ec6df8306073785ff82b30= b3cc5ee Author: Josh Poimboeuf AuthorDate: Tue, 08 Apr 2025 14:47:34 -07:00 Committer: Ingo Molnar CommitterDate: Wed, 09 Apr 2025 12:42:09 +02:00 x86/bugs: Don't fill RSB on context switch with eIBRS User->user Spectre v2 attacks (including RSB) across context switches are already mitigated by IBPB in cond_mitigation(), if enabled globally or if either the prev or the next task has opted in to protection. RSB filling without IBPB serves no purpose for protecting user space, as indirect branches are still vulnerable. User->kernel RSB attacks are mitigated by eIBRS. In which case the RSB filling on context switch isn't needed, so remove it. Suggested-by: Pawan Gupta Signed-off-by: Josh Poimboeuf Signed-off-by: Ingo Molnar Reviewed-by: Pawan Gupta Reviewed-by: Amit Shah Reviewed-by: Nikolay Borisov Link: https://lore.kernel.org/r/98cdefe42180358efebf78e3b80752850c7a3e1b.17= 44148254.git.jpoimboe@kernel.org --- arch/x86/kernel/cpu/bugs.c | 24 ++++++++++++------------ arch/x86/mm/tlb.c | 6 +++--- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index a10b37b..e2a672f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1591,7 +1591,7 @@ static void __init spec_ctrl_disable_kernel_rrsba(voi= d) rrsba_disabled =3D true; } =20 -static void __init spectre_v2_determine_rsb_fill_type_at_vmexit(enum spect= re_v2_mitigation mode) +static void __init spectre_v2_select_rsb_mitigation(enum spectre_v2_mitiga= tion mode) { /* * Similar to context switches, there are two types of RSB attacks @@ -1615,7 +1615,7 @@ static void __init spectre_v2_determine_rsb_fill_type= _at_vmexit(enum spectre_v2_ */ switch (mode) { case SPECTRE_V2_NONE: - return; + break; =20 case SPECTRE_V2_EIBRS: case SPECTRE_V2_EIBRS_LFENCE: @@ -1624,18 +1624,21 @@ static void __init spectre_v2_determine_rsb_fill_ty= pe_at_vmexit(enum spectre_v2_ pr_info("Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT\n"); setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT_LITE); } - return; + break; =20 case SPECTRE_V2_RETPOLINE: case SPECTRE_V2_LFENCE: case SPECTRE_V2_IBRS: - pr_info("Spectre v2 / SpectreRSB : Filling RSB on VMEXIT\n"); + pr_info("Spectre v2 / SpectreRSB: Filling RSB on context switch and VMEX= IT\n"); + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT); - return; - } + break; =20 - pr_warn_once("Unknown Spectre v2 mode, disabling RSB mitigation at VM exi= t"); - dump_stack(); + default: + pr_warn_once("Unknown Spectre v2 mode, disabling RSB mitigation\n"); + dump_stack(); + break; + } } =20 /* @@ -1867,10 +1870,7 @@ static void __init spectre_v2_select_mitigation(void) * * FIXME: Is this pointless for retbleed-affected AMD? */ - setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); - pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switc= h\n"); - - spectre_v2_determine_rsb_fill_type_at_vmexit(mode); + spectre_v2_select_rsb_mitigation(mode); =20 /* * Retpoline protects the kernel, but doesn't protect firmware. IBRS diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index e459d97..eb83348 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -667,9 +667,9 @@ static void cond_mitigation(struct task_struct *next) prev_mm =3D this_cpu_read(cpu_tlbstate.last_user_mm_spec); =20 /* - * Avoid user/user BTB poisoning by flushing the branch predictor - * when switching between processes. This stops one process from - * doing Spectre-v2 attacks on another. + * Avoid user->user BTB/RSB poisoning by flushing them when switching + * between processes. This stops one process from doing Spectre-v2 + * attacks on another. * * Both, the conditional and the always IBPB mode use the mm * pointer to avoid the IBPB when switching between tasks of the