From nobody Sun Dec 14 12:06:25 2025
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.16])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D25E3FB0E
	for <linux-kernel@vger.kernel.org>; Thu, 22 May 2025 02:44:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.16
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1747881865; cv=none;
 b=swZVJfrG+RcCoCq5OrkYubUqumiFJmtgZaY6f5GInmRvnqw8r1nQ1apEq1i+MTfuQ6QTzE81gmJkBRYawN4CwCq1VWuxFjlHNsdqu+15H18zREdHBFuTqlowFnwnHjYFYS3K8b2CzIiprkASp0kjybAdxotJgvmzaTvQE0Jozyk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1747881865; c=relaxed/simple;
	bh=D+l3fV7MsE14lG/QYMvhUWwstdjtnwDuZHgJmmwW3xc=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To;
 b=CZXvf9RBRf+4T5qV/yqT/gU3s1aOqBBrz4WYljv3EwugOpZ61PQAiSXH1NQnLl+RSzKyBmZLSmuzVTXH1Ia2Kg8Xhr+LVpjglc09Kcp1fVkaC8ZlWRLwrr33/7RQy5RvP0bq9jf2ywDGUxzKPIgJQ8BzI4aUHt8Al1dzjwkTGoY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=m2c0Y80u; arc=none smtp.client-ip=192.198.163.16
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="m2c0Y80u"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1747881863; x=1779417863;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=D+l3fV7MsE14lG/QYMvhUWwstdjtnwDuZHgJmmwW3xc=;
  b=m2c0Y80ukCiFw8uIhKAIl3cU9JWa2FSGJ2UnvYyDxdR1s8WsFlTD+ox3
   +J3mIL0r/xOYo8bJnxQ0bPM6dXAO/bT0jAAEcXJcsW2g90MMcYsBjtOg9
   q6sRXjXgQyKSEimPTAkNc4KhepU0QHDOBTC8ayp0daWEJUCqFAvSrsuZd
   eUpyxU3ku31ThuAiALD6HuyEXIW9mp/dUKFUpuhuzn1aAYuXKHAW2Jh1Q
   nZEP7ngtzYoUISoB5pZaKxX//L+uVBuSP5PisRsQHs4mOaOQkfLXp/xfR
   iUqI/d8G3G9MwIUPgmmv8me10AFiIfCLOgUf02w0iT35+RcOUXCzQAf+p
   w==;
X-CSE-ConnectionGUID: QNPmlhL4R3uEr249M6qWaQ==
X-CSE-MsgGUID: Rw8/yqltQIO7OW/7CNybIg==
X-IronPort-AV: E=McAfee;i="6700,10204,11440"; a="37506676"
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="37506676"
Received: from orviesa010.jf.intel.com ([10.64.159.150])
  by fmvoesa110.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:44:22 -0700
X-CSE-ConnectionGUID: jy40CuH4Qsi14iGZnXLTow==
X-CSE-MsgGUID: EQcN7vjuTQmandV3q7qvkw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="140212693"
Received: from ssuvarig-mobl.amr.corp.intel.com (HELO desk) ([10.125.146.23])
  by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:44:23 -0700
Date: Wed, 21 May 2025 19:44:22 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: x86@kernel.org
Cc: David Kaplan <david.kaplan@amd.com>, linux-kernel@vger.kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>
Subject: [PATCH v2 1/7] x86/retbleed: Check for AUTO in all cases
Message-ID: <20250521-eibrs-fix-v2-1-70e2598e932c@linux.intel.com>
X-Mailer: b4 0.14.2
References: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When none of mitigation option is selected, AUTO gets converted to NONE.
This is currently only being done for Intel. The check is useful in
general, make it common.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
---
 arch/x86/kernel/cpu/bugs.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 7f94e6a5497d9a2d312a76095e48d6b364565777..19ff705b3128eacad5659990ed3=
45d7a19bcb0f4 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1294,15 +1294,15 @@ static void __init retbleed_update_mitigation(void)
 			if (retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF)
 				pr_err(RETBLEED_INTEL_MSG);
 		}
-		/* If nothing has set the mitigation yet, default to NONE. */
-		if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_AUTO)
-			retbleed_mitigation =3D RETBLEED_MITIGATION_NONE;
 	}
+
+	/* If nothing has set the mitigation yet, default to NONE. */
+	if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_AUTO)
+		retbleed_mitigation =3D RETBLEED_MITIGATION_NONE;
 out:
 	pr_info("%s\n", retbleed_strings[retbleed_mitigation]);
 }
=20
-
 static void __init retbleed_apply_mitigation(void)
 {
 	bool mitigate_smt =3D false;

--=20
2.34.1
From nobody Sun Dec 14 12:06:25 2025
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D1301854
	for <linux-kernel@vger.kernel.org>; Thu, 22 May 2025 02:44:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.10
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1747881880; cv=none;
 b=n+z2Pt/5zFasXa/YAk3VI3ihnl0Y0H3visrFXCVy3cXELgKWIH6DrjfUdidqQeyl31ysMoALEBxB1f0B6AF7pBLXMD7mkHwHTu9inBMgrWlJiL3iKzyj4c/wrKxKaW1oQVf6hYkvvfPhrNGX9ojBymc4fYoyD5TEojE7UThBses=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1747881880; c=relaxed/simple;
	bh=gHyfi/x4hhxxOCHpSqek+JEmz54vd0Rcsk+LbxrTN3Y=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To;
 b=XHYViErBhRNjvocAGuzPYeli2/voLL/Bm5/lWbYST4NRpGr5Hw+URzO/Q2AiyHNBre1WojSERcMDiNNrfd+A6nR2be3BksmGiHw+Y/W31xxp2LhFFXazuE9UMo2NkGFt1e3uTQ+vyo25NiQY6cuJmmmq7DZYYJm4oolPSswDQsY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=XZ9JOFgQ; arc=none smtp.client-ip=192.198.163.10
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="XZ9JOFgQ"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1747881879; x=1779417879;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=gHyfi/x4hhxxOCHpSqek+JEmz54vd0Rcsk+LbxrTN3Y=;
  b=XZ9JOFgQKMPSmTt21T380L3UOVO7AWzX7m79vJU+mRXTkNMfBBwqrFaQ
   lfTVbEKE1Gux9YYp3DHYbhZB6ZGeg/dgdmyW7rH1+pSx4LFTeJsSatwDH
   9hev/gKO9yiBa9oS0ZYdl5j1euUUTbfXDcRU1I9FYVTC/C+M2g4U5sRH0
   xAIBKztTPiyq2q4F6rw8qcPnDbb4ES0THzL+9exNAlH8NZnd2RKKlyffz
   i9AZ22y1qh9er9ueHk7gH24Re9Wi3sWF5EGBevktFI61eyQ4FKHEqRwvU
   pKLzPJyCUiqeVARnHJGYDp4xDjcL9nTRrLAFszbAG/gk9Eb0WW83NZY7k
   w==;
X-CSE-ConnectionGUID: vanlLjxMQPO+8vfAJJgyfA==
X-CSE-MsgGUID: U7zjxWkJRHSyXxaTPeuEWQ==
X-IronPort-AV: E=McAfee;i="6700,10204,11440"; a="61233958"
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="61233958"
Received: from orviesa009.jf.intel.com ([10.64.159.149])
  by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:44:38 -0700
X-CSE-ConnectionGUID: I+LagGgbTAGbiRj50qfy9w==
X-CSE-MsgGUID: wi4CQbAOSQ6S4sJsWNK+Ig==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="140136577"
Received: from ssuvarig-mobl.amr.corp.intel.com (HELO desk) ([10.125.146.23])
  by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:44:38 -0700
Date: Wed, 21 May 2025 19:44:37 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: x86@kernel.org
Cc: David Kaplan <david.kaplan@amd.com>, linux-kernel@vger.kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>
Subject: [PATCH v2 2/7] x86/retbleed: Simplify the =stuff checks
Message-ID: <20250521-eibrs-fix-v2-2-70e2598e932c@linux.intel.com>
X-Mailer: b4 0.14.2
References: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Simplify the nested checks, remove redundant print and comment.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
---
 arch/x86/kernel/cpu/bugs.c | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 19ff705b3128eacad5659990ed345d7a19bcb0f4..20d7d14b08298d4f610f2ebc7f1=
3a490ee3d957a 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1258,24 +1258,16 @@ static void __init retbleed_update_mitigation(void)
 	if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_NONE)
 		goto out;
=20
-	/*
-	 * retbleed=3Dstuff is only allowed on Intel.  If stuffing can't be used
-	 * then a different mitigation will be selected below.
-	 *
-	 * its=3Dstuff will also attempt to enable stuffing.
-	 */
-	if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_STUFF ||
-	    its_mitigation =3D=3D ITS_MITIGATION_RETPOLINE_STUFF) {
-		if (spectre_v2_enabled !=3D SPECTRE_V2_RETPOLINE) {
-			pr_err("WARNING: retbleed=3Dstuff depends on spectre_v2=3Dretpoline\n");
-			retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO;
-		} else {
-			if (retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF)
-				pr_info("Retbleed mitigation updated to stuffing\n");
+	 /* ITS can also enable stuffing */
+	if (its_mitigation =3D=3D ITS_MITIGATION_RETPOLINE_STUFF)
+		retbleed_mitigation =3D RETBLEED_MITIGATION_STUFF;
=20
-			retbleed_mitigation =3D RETBLEED_MITIGATION_STUFF;
-		}
+	if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_STUFF &&
+	    spectre_v2_enabled !=3D SPECTRE_V2_RETPOLINE) {
+		pr_err("WARNING: retbleed=3Dstuff depends on spectre_v2=3Dretpoline\n");
+		retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO;
 	}
+
 	/*
 	 * Let IBRS trump all on Intel without affecting the effects of the
 	 * retbleed=3D cmdline option except for call depth based stuffing

--=20
2.34.1
From nobody Sun Dec 14 12:06:25 2025
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.20])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9890A1758B
	for <linux-kernel@vger.kernel.org>; Thu, 22 May 2025 02:44:54 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=198.175.65.20
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1747881895; cv=none;
 b=TpYbYdo3EoIY5+qiDnHQjXsCbqJS2zG+Bs18pX/4YWNrh1bSRXMthzNmDp+YYJMImnpxsUfLszyWwOheB+8taDR5++edl3evEIGTMZDf7pEeGontZ0ffY1pte/3B4cukecK94+XTGETZo+PW8TW6Dhb5a8QnDwfJilZ6dhQL3GE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1747881895; c=relaxed/simple;
	bh=Vw7Tw9k4ajtM6S68S20eyuIgMXcXJcfzU1gpOPZG52Q=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To;
 b=h6uMbwQDHuQ3WROFnfJB3psQ1fZsKr4uiD55y/tBOzjUHbqlIfO/SmNa5L/G88guHcFXW0y+4l/rEgpSPrOCOFHaFpx48D3Jbycw7Sg6MA/tqiBI75wtGad0S1Cm7LzAsx2YMQB30yLW2n7SrMEgME+Mxwkh0xM0QJV5dhIog5I=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=IhulYQBo; arc=none smtp.client-ip=198.175.65.20
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="IhulYQBo"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1747881895; x=1779417895;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=Vw7Tw9k4ajtM6S68S20eyuIgMXcXJcfzU1gpOPZG52Q=;
  b=IhulYQBopCqrWtGkPRaZSBK+mPJ3Zsa1SnDpmoaxP8OwigAr9M2CDbUB
   glA2meOesJl1iE+s9Tk70Ufzd2toKuyKHAZPnghN3JNHHBkVzrzYUR1NJ
   BlKCsj3EqEflYinXsSWxQFQ+oqoT8ZV5jaFQeg4mlDQiE72wu+AiNvupG
   l0qSf8OKJA8uJy/YVYtuLjQcvX4i9qNEnPlfO4b7HZzxC5eIA0KO9Xru4
   XdErOlWr4eVwz8G7a1HdtKUxHLMgSm6iXSLEGlJldrhDjoIq6Y4DXQrRw
   TDygselXhZF3LaPanXZVglP0VD8x4HRFlL8m73WMOeextcKXGjZJW/JP/
   w==;
X-CSE-ConnectionGUID: bUKIMcEQR6K6Ho6UI6hA1g==
X-CSE-MsgGUID: ECfSMgjsR6S9GesVgz04eA==
X-IronPort-AV: E=McAfee;i="6700,10204,11440"; a="49592929"
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="49592929"
Received: from fmviesa009.fm.intel.com ([10.60.135.149])
  by orvoesa112.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:44:55 -0700
X-CSE-ConnectionGUID: AJc6cBIyRyeoUosASMyRMA==
X-CSE-MsgGUID: u4mhKX5cQ2mfgUW0ncJ9qA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="141431776"
Received: from ssuvarig-mobl.amr.corp.intel.com (HELO desk) ([10.125.146.23])
  by fmviesa009-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:44:53 -0700
Date: Wed, 21 May 2025 19:44:53 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: x86@kernel.org
Cc: David Kaplan <david.kaplan@amd.com>, linux-kernel@vger.kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>
Subject: [PATCH v2 3/7] x86/bugs: Exit early if return thunk is already set
Message-ID: <20250521-eibrs-fix-v2-3-70e2598e932c@linux.intel.com>
X-Mailer: b4 0.14.2
References: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

ITS and retbleed can both set CDT return thunk. If the exact same return
thunk is already set, avoid the warning and exit early.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
 arch/x86/kernel/cpu/bugs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 20d7d14b08298d4f610f2ebc7f13a490ee3d957a..a088302b320cf68344e28be7710=
b5a3582bba9ea 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -113,6 +113,9 @@ void (*x86_return_thunk)(void) __ro_after_init =3D __x8=
6_return_thunk;
=20
 static void __init set_return_thunk(void *thunk)
 {
+	if (thunk =3D=3D x86_return_thunk)
+		return;
+
 	if (x86_return_thunk !=3D __x86_return_thunk)
 		pr_warn("x86/bugs: return thunk changed\n");
=20

--=20
2.34.1
From nobody Sun Dec 14 12:06:25 2025
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B9624086A
	for <linux-kernel@vger.kernel.org>; Thu, 22 May 2025 02:45:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.15
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1747881916; cv=none;
 b=u+fxKQK3vV501rAmlKxpC9Zz+clLi09xN9zMUCe2EtCqjD78b0xPeHbPANrTf2z0TyPO3ORjqq6zCvGNtnEL+7eMWWZBuSiCijdJAbBZczeJ8MTEZgmjZTIm5TB6mh2kpAnOAClgc0CJPFqZmVb9K5dpJ0B3EXJQH1fXrmU+HJ0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1747881916; c=relaxed/simple;
	bh=nquVPncXX39k9Guyv3btazppR+HflSexO+EgPb58o/8=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To;
 b=N4iROl0DxWUeEExcl78ze9lE/BLgjMVLQI7LhNgj6o3v/1Od1yquJq1sfvXm/TGeAkJYZumRYTOsOxEFzrD6nFpFILOo4fYmWz0AB+wbbsAuc3rCb7mOGkqL+4z7oLVpYpWNXaIMmJEcWhNUoWOYD3m0p+8j9CwrIbiyhKYgVmU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=WGz8X0O6; arc=none smtp.client-ip=192.198.163.15
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="WGz8X0O6"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1747881915; x=1779417915;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=nquVPncXX39k9Guyv3btazppR+HflSexO+EgPb58o/8=;
  b=WGz8X0O6b3wzTKnV0jFcRd8jwUKl39RyIXx1sEUL9NddXtk1IGXGNEPw
   GXhHVYzh6VIBGRzW893eMvB6IWchM8duXcrvT4nIsnBGwxuqFRxf6UmR1
   KBaD/nX9wFP9Hp7eliyO9xEt39Nti0qQ0aLtbkMtu9ygBoiugUDw0l8/o
   7L4YW30EgAzdmYI072pAWVDCtxtsxV/AuAneG0XvtCMYHZ8afLFr7D4WF
   IQZvA+ohfFnn6PYHaa1CrogSWTrxZ2Gv7N6VMeZDaxp8V9N7KtuN2c3g0
   tyQuHS1nyhcyH11F+ID5MxO9Qp2y+VWu+em+zFF+BvgA+Pwscrav/GZ8z
   g==;
X-CSE-ConnectionGUID: uZYRHm6WSuyJe+iRjrkCEg==
X-CSE-MsgGUID: FhC5iwJ2SGOPy04W9cd2Cw==
X-IronPort-AV: E=McAfee;i="6700,10204,11440"; a="50027072"
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="50027072"
Received: from fmviesa010.fm.intel.com ([10.60.135.150])
  by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:45:14 -0700
X-CSE-ConnectionGUID: +kq5HQXvR1GEl6YwmwxKUw==
X-CSE-MsgGUID: XVSeH6KGQI+p3W30HFiU/A==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="140889366"
Received: from ssuvarig-mobl.amr.corp.intel.com (HELO desk) ([10.125.146.23])
  by fmviesa010-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:45:09 -0700
Date: Wed, 21 May 2025 19:45:08 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: x86@kernel.org
Cc: David Kaplan <david.kaplan@amd.com>, linux-kernel@vger.kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>
Subject: [PATCH v2 4/7] x86/its: Use switch/case to apply mitigation
Message-ID: <20250521-eibrs-fix-v2-4-70e2598e932c@linux.intel.com>
X-Mailer: b4 0.14.2
References: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Prepare to apply stuffing mitigation in its_apply_mitigation(). This is
currently only done via retbleed mitigation. Also using switch/case makes
it evident that mitigation mode like VMEXIT_ONLY doesn't need any special
handling.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
---
 arch/x86/kernel/cpu/bugs.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index a088302b320cf68344e28be7710b5a3582bba9ea..fbfc08f5f9f652beb677a1b5310=
e4322600082ac 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1471,15 +1471,21 @@ static void __init its_update_mitigation(void)
=20
 static void __init its_apply_mitigation(void)
 {
+	switch (its_mitigation) {
+	case ITS_MITIGATION_OFF:
+	case ITS_MITIGATION_AUTO:
+	case ITS_MITIGATION_VMEXIT_ONLY:
 	/* its=3Dstuff forces retbleed stuffing and is enabled there. */
-	if (its_mitigation !=3D ITS_MITIGATION_ALIGNED_THUNKS)
-		return;
-
-	if (!boot_cpu_has(X86_FEATURE_RETPOLINE))
-		setup_force_cpu_cap(X86_FEATURE_INDIRECT_THUNK_ITS);
+	case ITS_MITIGATION_RETPOLINE_STUFF:
+		break;
+	case ITS_MITIGATION_ALIGNED_THUNKS:
+		if (!boot_cpu_has(X86_FEATURE_RETPOLINE))
+			setup_force_cpu_cap(X86_FEATURE_INDIRECT_THUNK_ITS);
=20
-	setup_force_cpu_cap(X86_FEATURE_RETHUNK);
-	set_return_thunk(its_return_thunk);
+		setup_force_cpu_cap(X86_FEATURE_RETHUNK);
+		set_return_thunk(its_return_thunk);
+		break;
+	}
 }
=20
 #undef pr_fmt

--=20
2.34.1
From nobody Sun Dec 14 12:06:25 2025
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1ECC03A1B6
	for <linux-kernel@vger.kernel.org>; Thu, 22 May 2025 02:45:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.11
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1747881927; cv=none;
 b=QiGMlZAB6PWJXPv3LpNw0mcGBg+f9/o37g4Sr4fcZNyxrPlNmZE209C9cgXbM+K4V1cUAHX3DEitmkVYsW7gz8bdRiCFjlcfcBVvjjpm7JUj+F2XqkJVoxn+sNXjDU9yRkiKxHxRRpTyDJ5s6xlMLvUuVUklM4bY3H36gINRwV4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1747881927; c=relaxed/simple;
	bh=z5J5+SWTzT7NrmMuX+fwbe0cvVwewDsWN4R+8UB22HY=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To;
 b=t+8QeGmN0pgFxPXDUWjBb/CP6b0OtrWFGMa1szhlZmCVMwFHM6TKPQxh7OdiG+S55yX/FMbseG2i7ory0bc97AfuyuRyNRdUMt92VdRGxS+AX+SSHmTxazjeiC1BDvQX+rTjC3DS49UfsnuF3gKNpJeCsKmQKbsRjdLWlfwlJx4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=V/pfpLGc; arc=none smtp.client-ip=192.198.163.11
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="V/pfpLGc"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1747881926; x=1779417926;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=z5J5+SWTzT7NrmMuX+fwbe0cvVwewDsWN4R+8UB22HY=;
  b=V/pfpLGcALvC+soaWg6tNCjwa4vW2e7jPDZiyZke3fw+BoeAMcSNxfA2
   0zy8BtCukO++FlL8nrCIPkwjJUMMzCOWLd7gt5SCR7uPmnVgh9v7UbRav
   AVdxJXW3iinOWdJkjLxLamQxA0YAn3+jnnllhtooxLh0CFQAwUHUYIYI1
   HWtuClCIXsiOynrst9h9reqjCjmIfEQzrUdkVCxB02TE6i+V0nw46gj4U
   AdJCs8GnYmJiSufbQVO51DKaG/ZCvdth0NTzCwE+z1mFPXg590LtGXs3O
   BvspWlFJ150lDvdgCDAld2IIgMQdv+WxK3vS8tM5SCwSxGFSp657R8+uD
   A==;
X-CSE-ConnectionGUID: +KAp5gqoTNGBE6dRUP0/Og==
X-CSE-MsgGUID: xo3fKMJxTeq3Vqf8fSrTbw==
X-IronPort-AV: E=McAfee;i="6700,10204,11440"; a="60524420"
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="60524420"
Received: from orviesa008.jf.intel.com ([10.64.159.148])
  by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:45:25 -0700
X-CSE-ConnectionGUID: 7qevmbKARF667KSnjjsneg==
X-CSE-MsgGUID: GR0IB1VsSjiQWEBTfVmidg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="141289716"
Received: from ssuvarig-mobl.amr.corp.intel.com (HELO desk) ([10.125.146.23])
  by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:45:25 -0700
Date: Wed, 21 May 2025 19:45:24 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: x86@kernel.org
Cc: David Kaplan <david.kaplan@amd.com>, linux-kernel@vger.kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>
Subject: [PATCH v2 5/7] x86/retbleed: Introduce cdt_possible()
Message-ID: <20250521-eibrs-fix-v2-5-70e2598e932c@linux.intel.com>
X-Mailer: b4 0.14.2
References: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

In preparation to allow ITS to also enable stuffing a.k.a. Call Depth
Tracking(CDT) independently of retbleed, introduce a helper cdt_possible().

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
 arch/x86/kernel/cpu/bugs.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index fbfc08f5f9f652beb677a1b5310e4322600082ac..59a1f59bf6e2ceda624b6567c5b=
09ebc524cb9a2 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1123,6 +1123,19 @@ early_param("nospectre_v1", nospectre_v1_cmdline);
=20
 enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =3D SPECTRE_=
V2_NONE;
=20
+/* Depends on spectre_v2 mitigation selected already */
+static inline bool cdt_possible(enum spectre_v2_mitigation mode)
+{
+	if (!IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) ||
+	    !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE))
+		return false;
+
+	if (mode =3D=3D SPECTRE_V2_RETPOLINE)
+		return true;
+
+	return false;
+}
+
 #undef pr_fmt
 #define pr_fmt(fmt)     "RETBleed: " fmt
=20
@@ -1266,7 +1279,7 @@ static void __init retbleed_update_mitigation(void)
 		retbleed_mitigation =3D RETBLEED_MITIGATION_STUFF;
=20
 	if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_STUFF &&
-	    spectre_v2_enabled !=3D SPECTRE_V2_RETPOLINE) {
+	    !cdt_possible(spectre_v2_enabled)) {
 		pr_err("WARNING: retbleed=3Dstuff depends on spectre_v2=3Dretpoline\n");
 		retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO;
 	}

--=20
2.34.1
From nobody Sun Dec 14 12:06:25 2025
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35ED1EED7
	for <linux-kernel@vger.kernel.org>; Thu, 22 May 2025 02:45:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.11
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1747881942; cv=none;
 b=jQSOb2vpo21TGE3YM/3oNO6vzQaZlKniv7unsdPLRRfdf59IJ+ABbR4VQS7ZNJmPcBF48hmd7kaKcWIDwMzv9P81gneNEo4sBEkEGvbLXl3kEwkxctuelqna+8qZLP5QL+YwvCfn9Pk+nM6kk/sADbVf1Cx/U8k5pJVPQf2LH9M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1747881942; c=relaxed/simple;
	bh=AzwgqYH4O83LKm2csj9Kj5EkndNBU6z3Sf7FIPsCCbc=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To;
 b=iYqa1KOKjVV9ImMnzgQFxLjwpT9LWJdW8fuBbic7m/o0NtL3iOFzWCX7H09hHYKc8g3vqIaBzaSS+MgBfQ1bjzGJTqCxu0ohPkGiDbJx8dDwRbYFvR8mIO56JT9gUcMnu1UW+dtZlf+/UOmyGssdfVdAysvWViMiwFr3srLBTFM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=e4hRQ8gP; arc=none smtp.client-ip=192.198.163.11
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="e4hRQ8gP"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1747881941; x=1779417941;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=AzwgqYH4O83LKm2csj9Kj5EkndNBU6z3Sf7FIPsCCbc=;
  b=e4hRQ8gPi8rwjO+8grPc1vSVtZ93GhMZKd4KekCH9TGbkDVBjtvvSoJC
   7zzl5iYn4ADWXkfNqHnM/UgbQQNEuYXyWoBFkq3SAkbnrUCFrvauXZj/0
   fWvPDut0CSa/FWsp88zAnZIX4G1hWZd1+sXLcdccNNtl1ZjCxt3KDa5Zl
   SYkAswNVr5G2+r+ZMN/CnWPOyASYX/uoLHfnsoLox041kuugiGT6uefvZ
   besUzATJ0qwSB03s/364l1rc82B3JmDQCYgwJkkfxX9s9D1RFmd2JVQ6a
   LtlwWj7T774LvIzcXqXiSJZ3Orn5uSJ5NLSXK4iZtbW8SoG5eoHWdqBJJ
   w==;
X-CSE-ConnectionGUID: jhsgjZh/QIue1Lw2wCKt8g==
X-CSE-MsgGUID: lX3CoI0XSqSofSmP4Vb/sQ==
X-IronPort-AV: E=McAfee;i="6700,10204,11440"; a="60524437"
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="60524437"
Received: from orviesa008.jf.intel.com ([10.64.159.148])
  by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:45:40 -0700
X-CSE-ConnectionGUID: W8VxJMaDRN2jYBEnzGmtlw==
X-CSE-MsgGUID: 37p21kuIR/WXD/F0ga1u8w==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="141289735"
Received: from ssuvarig-mobl.amr.corp.intel.com (HELO desk) ([10.125.146.23])
  by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:45:40 -0700
Date: Wed, 21 May 2025 19:45:40 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: x86@kernel.org
Cc: David Kaplan <david.kaplan@amd.com>, linux-kernel@vger.kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>
Subject: [PATCH v2 6/7] x86/its: Remove =stuff dependency on retbleed
Message-ID: <20250521-eibrs-fix-v2-6-70e2598e932c@linux.intel.com>
X-Mailer: b4 0.14.2
References: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Allow ITS to enable stuffing independent of retbleed. The dependency is
only on retpoline. It is a valid case for retbleed to be mitigated by eIBRS
while ITS deploys stuffing at the same time.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
 arch/x86/kernel/cpu/bugs.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 59a1f59bf6e2ceda624b6567c5b09ebc524cb9a2..043da9eaf99c5e1f92ae6c56cb7=
f779bbceae0e0 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1470,13 +1470,8 @@ static void __init its_update_mitigation(void)
 		break;
 	}
=20
-	/*
-	 * retbleed_update_mitigation() will try to do stuffing if its=3Dstuff.
-	 * If it can't, such as if spectre_v2!=3Dretpoline, then fall back to
-	 * aligned thunks.
-	 */
 	if (its_mitigation =3D=3D ITS_MITIGATION_RETPOLINE_STUFF &&
-	    retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF)
+	    !cdt_possible(spectre_v2_enabled))
 		its_mitigation =3D ITS_MITIGATION_ALIGNED_THUNKS;
=20
 	pr_info("%s\n", its_strings[its_mitigation]);
@@ -1488,8 +1483,6 @@ static void __init its_apply_mitigation(void)
 	case ITS_MITIGATION_OFF:
 	case ITS_MITIGATION_AUTO:
 	case ITS_MITIGATION_VMEXIT_ONLY:
-	/* its=3Dstuff forces retbleed stuffing and is enabled there. */
-	case ITS_MITIGATION_RETPOLINE_STUFF:
 		break;
 	case ITS_MITIGATION_ALIGNED_THUNKS:
 		if (!boot_cpu_has(X86_FEATURE_RETPOLINE))
@@ -1498,6 +1491,11 @@ static void __init its_apply_mitigation(void)
 		setup_force_cpu_cap(X86_FEATURE_RETHUNK);
 		set_return_thunk(its_return_thunk);
 		break;
+	case ITS_MITIGATION_RETPOLINE_STUFF:
+		setup_force_cpu_cap(X86_FEATURE_RETHUNK);
+		setup_force_cpu_cap(X86_FEATURE_CALL_DEPTH);
+		set_return_thunk(call_depth_return_thunk);
+		break;
 	}
 }
=20

--=20
2.34.1
From nobody Sun Dec 14 12:06:25 2025
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.14])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 125FE12E5B
	for <linux-kernel@vger.kernel.org>; Thu, 22 May 2025 02:45:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.14
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1747881958; cv=none;
 b=dPXMQT1TZL2IF7OY8Dmd8VXvcmlIFiyVxEZ6mPc26I4rU2lWHf1bBsqHkvv0Z4nLUPjNAs7t3qvOjcMVh5z+z7NeIoIKXk/9gBwKUMPRCmUFLIrE1uVRkZDLPCf9oPXCj/DA46oOpp/QQTLku+BD3mdA1kWsinfwMA8AeDVIV14=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1747881958; c=relaxed/simple;
	bh=gC9BADa8gs/PRrlJxAFRDjonfuQ7ZS0JubkzIetUW2M=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To;
 b=TvBA2VwbRYti3SWPZz+C9tArnsAukuSSM654Dlk563UpdHityUz9GwHcYRkRsp5FyQwojRo9Q0pmwCFyTyQasxAo2Jb1TrDOgCxyuJImcTqpGQxZBuMuz2LmVqxPmjBChY1qqjty5Khd/CoKuGgMq7iMl/NfBkBXwfcliw8L3hE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=Pk25gA9W; arc=none smtp.client-ip=192.198.163.14
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="Pk25gA9W"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1747881956; x=1779417956;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=gC9BADa8gs/PRrlJxAFRDjonfuQ7ZS0JubkzIetUW2M=;
  b=Pk25gA9WPeVf1NJVZRjuPoNn/HR6ta118tNBha1bdLhN9Z3SbhYeRyKk
   pC25dQ4XOjIAYwec/HtXI9lQljeZf6W4AkaE9JdwtmKZH7G0eUcVP4Oef
   3uY8iOFEOPTmylmf8v5uoCmk/z1M9Xj2fgYAOjLmrrsJlKh6aOtFeW/wr
   j24AXF7uEjaUilFnxdsnIYj5Yierg/1O9cY0IDMMK3W3nxRGIX4nAxlW1
   9FnAmqHZ06xjnSX0LpVd/NsSozvvI5yc9ZqP7eS/6ualAnPcM7aA48SNM
   reA2iQ6CZ6FHdoh2q89ZN8fRJw2Py3piZc6KIE89lOxv5gjg9h0g7xq2k
   Q==;
X-CSE-ConnectionGUID: 0NmtlJs8TyuZoA3psMrutA==
X-CSE-MsgGUID: 3/fgL2cCQYCNsjDY69vgXw==
X-IronPort-AV: E=McAfee;i="6700,10204,11440"; a="49990565"
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="49990565"
Received: from fmviesa004.fm.intel.com ([10.60.135.144])
  by fmvoesa108.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:45:55 -0700
X-CSE-ConnectionGUID: SP9NWN2NTIeYQpfnr5XjFQ==
X-CSE-MsgGUID: A5juF8e+Q3CXI7ByAIVyWw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.15,305,1739865600";
   d="scan'208";a="145609800"
Received: from ssuvarig-mobl.amr.corp.intel.com (HELO desk) ([10.125.146.23])
  by fmviesa004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2025 19:45:56 -0700
Date: Wed, 21 May 2025 19:45:55 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: x86@kernel.org
Cc: David Kaplan <david.kaplan@amd.com>, linux-kernel@vger.kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>
Subject: [PATCH v2 7/7] x86/its: Allow stuffing in eIBRS+retpoline mode also
Message-ID: <20250521-eibrs-fix-v2-7-70e2598e932c@linux.intel.com>
X-Mailer: b4 0.14.2
References: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20250521-eibrs-fix-v2-0-70e2598e932c@linux.intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

After a recent restructuring of ITS mitigation, RSB stuffing can no
longer be enabled in eIBRS+Retpoline mode. Before ITS, retbleed
mitigation only allowed stuffing when eIBRS was not enabled. This was
perfectly fine since eIBRS mitigates retbleed.

However, RSB stuffing mitigation for ITS is still needed with eIBRS. The
restructuring solely relies on retbleed to deploy stuffing, and does not
allow it when eIBRS is enabled. This behavior is different from what was
before the restructuring. Fix it by allowing stuffing in eIBRS+retpoline
mode also.

Fixes: 8c57ca583ebf ("x86/bugs: Restructure ITS mitigation")
Closes: https://lore.kernel.org/lkml/20250519235101.2vm6sc5txyoykb2r@desk/
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
 arch/x86/kernel/cpu/bugs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 043da9eaf99c5e1f92ae6c56cb7f779bbceae0e0..ad04da8711b24f2d070e84275a7=
7a4e561fe4d2a 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1130,7 +1130,8 @@ static inline bool cdt_possible(enum spectre_v2_mitig=
ation mode)
 	    !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE))
 		return false;
=20
-	if (mode =3D=3D SPECTRE_V2_RETPOLINE)
+	if (mode =3D=3D SPECTRE_V2_RETPOLINE ||
+	    mode =3D=3D SPECTRE_V2_EIBRS_RETPOLINE)
 		return true;
=20
 	return false;
@@ -1280,7 +1281,7 @@ static void __init retbleed_update_mitigation(void)
=20
 	if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_STUFF &&
 	    !cdt_possible(spectre_v2_enabled)) {
-		pr_err("WARNING: retbleed=3Dstuff depends on spectre_v2=3Dretpoline\n");
+		pr_err("WARNING: retbleed=3Dstuff depends on retpoline\n");
 		retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO;
 	}
=20
@@ -1457,6 +1458,7 @@ static void __init its_update_mitigation(void)
 		its_mitigation =3D ITS_MITIGATION_OFF;
 		break;
 	case SPECTRE_V2_RETPOLINE:
+	case SPECTRE_V2_EIBRS_RETPOLINE:
 		/* Retpoline+CDT mitigates ITS */
 		if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_STUFF)
 			its_mitigation =3D ITS_MITIGATION_RETPOLINE_STUFF;

--=20
2.34.1