1. Patchew
  2. linux
  3. View series

[PATCH] x86/bugs: Fix handling when srso mitigation is disabled

David Kaplan posted 1 patch 1 year, 3 months ago 
arch/x86/kernel/cpu/bugs.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
[PATCH] x86/bugs: Fix handling when srso mitigation is disabled
Posted by David Kaplan 1 year, 3 months ago 
When the srso mitigation is disabled, either via mitigations=off or
spec_rstack_overflow=off, SBPB should be used instead of IBPB if
possible.  Additionally, move the check earlier in the function so no
warning is printed about the lack of IBPB-enhancing microcode since the
user has turned off the mitigation.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
 arch/x86/kernel/cpu/bugs.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 189840db2f8d..10d0775e7aa5 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2557,10 +2557,9 @@ static void __init srso_select_mitigation(void)
 {
 	bool has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE);
 
-	if (cpu_mitigations_off())
-		return;
-
-	if (!boot_cpu_has_bug(X86_BUG_SRSO)) {
+	if (!boot_cpu_has_bug(X86_BUG_SRSO) ||
+	     cpu_mitigations_off() ||
+	     srso_cmd == SRSO_CMD_OFF) {
 		if (boot_cpu_has(X86_FEATURE_SBPB))
 			x86_pred_cmd = PRED_CMD_SBPB;
 		return;
@@ -2591,11 +2590,6 @@ static void __init srso_select_mitigation(void)
 	}
 
 	switch (srso_cmd) {
-	case SRSO_CMD_OFF:
-		if (boot_cpu_has(X86_FEATURE_SBPB))
-			x86_pred_cmd = PRED_CMD_SBPB;
-		return;
-
 	case SRSO_CMD_MICROCODE:
 		if (has_microcode) {
 			srso_mitigation = SRSO_MITIGATION_MICROCODE;
@@ -2649,6 +2643,8 @@ static void __init srso_select_mitigation(void)
 			pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
                 }
 		break;
+	default:
+		break;
 	}
 
 out:
-- 
2.34.1
Re: [PATCH] x86/bugs: Fix handling when srso mitigation is disabled
Posted by Josh Poimboeuf 1 year, 3 months ago 
On Wed, Sep 04, 2024 at 10:07:11AM -0500, David Kaplan wrote:
> When the srso mitigation is disabled, either via mitigations=off or
> spec_rstack_overflow=off, SBPB should be used instead of IBPB if
> possible.  Additionally, move the check earlier in the function so no
> warning is printed about the lack of IBPB-enhancing microcode since the
> user has turned off the mitigation.
> 
> Signed-off-by: David Kaplan <david.kaplan@amd.com>
> ---
>  arch/x86/kernel/cpu/bugs.c | 14 +++++---------
>  1 file changed, 5 insertions(+), 9 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 189840db2f8d..10d0775e7aa5 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -2557,10 +2557,9 @@ static void __init srso_select_mitigation(void)
>  {
>  	bool has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE);
>  
> -	if (cpu_mitigations_off())
> -		return;
> -
> -	if (!boot_cpu_has_bug(X86_BUG_SRSO)) {
> +	if (!boot_cpu_has_bug(X86_BUG_SRSO) ||
> +	     cpu_mitigations_off() ||
> +	     srso_cmd == SRSO_CMD_OFF) {

These last two lines should be properly indented by shifting left one
space:

	if (!boot_cpu_has_bug(X86_BUG_SRSO) ||
	    cpu_mitigations_off() ||
	    srso_cmd == SRSO_CMD_OFF) {

Otherwise,

Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>

-- 
Josh
[tip: x86/bugs] x86/bugs: Fix handling when SRSO mitigation is disabled
Posted by tip-bot2 for David Kaplan 1 year, 3 months ago 
The following commit has been merged into the x86/bugs branch of tip:

Commit-ID:     1dbb6b1495d472806fef1f4c94f5b3e4c89a3c1d
Gitweb:        https://git.kernel.org/tip/1dbb6b1495d472806fef1f4c94f5b3e4c89a3c1d
Author:        David Kaplan <david.kaplan@amd.com>
AuthorDate:    Wed, 04 Sep 2024 10:07:11 -05:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Thu, 05 Sep 2024 11:20:50 +02:00

x86/bugs: Fix handling when SRSO mitigation is disabled

When the SRSO mitigation is disabled, either via mitigations=off or
spec_rstack_overflow=off, the warning about the lack of IBPB-enhancing
microcode is printed anyway.

This is unnecessary since the user has turned off the mitigation.

  [ bp: Massage, drop SBPB rationale as it doesn't matter because when
    mitigations are disabled x86_pred_cmd is not being used anyway. ]

Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20240904150711.193022-1-david.kaplan@amd.com
---
 arch/x86/kernel/cpu/bugs.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 189840d..d191542 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2557,10 +2557,9 @@ static void __init srso_select_mitigation(void)
 {
 	bool has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE);
 
-	if (cpu_mitigations_off())
-		return;
-
-	if (!boot_cpu_has_bug(X86_BUG_SRSO)) {
+	if (!boot_cpu_has_bug(X86_BUG_SRSO) ||
+	    cpu_mitigations_off() ||
+	    srso_cmd == SRSO_CMD_OFF) {
 		if (boot_cpu_has(X86_FEATURE_SBPB))
 			x86_pred_cmd = PRED_CMD_SBPB;
 		return;
@@ -2591,11 +2590,6 @@ static void __init srso_select_mitigation(void)
 	}
 
 	switch (srso_cmd) {
-	case SRSO_CMD_OFF:
-		if (boot_cpu_has(X86_FEATURE_SBPB))
-			x86_pred_cmd = PRED_CMD_SBPB;
-		return;
-
 	case SRSO_CMD_MICROCODE:
 		if (has_microcode) {
 			srso_mitigation = SRSO_MITIGATION_MICROCODE;
@@ -2649,6 +2643,8 @@ static void __init srso_select_mitigation(void)
 			pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
                 }
 		break;
+	default:
+		break;
 	}
 
 out:

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.