On Thu, Jul 28, 2022 at 09:26:02AM -0300, Thadeu Lima de Souza Cascardo wrote:
Some cloud hypervisors do not provide IBPB on very recent CPU processors, including AMD processors affected by Retbleed.
That's a bug in the hypervisor.
Fixes: 28a99e95f55c ("x86/amd: Use IBPB for firmware calls")
Fixes^WCreates-a-speculation-hole-in:
Reported-by: Dimitri John Ledkov dimitri.ledkov@canonical.com Signed-off-by: Thadeu Lima de Souza Cascardo cascardo@canonical.com Cc: Peter Zijlstra (Intel) peterz@infradead.org Cc: Borislav Petkov bp@suse.de Cc: stable@vger.kernel.org
arch/x86/kernel/cpu/bugs.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 6454bc767f0f..6761668100b9 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1520,6 +1520,7 @@ static void __init spectre_v2_select_mitigation(void) * enable IBRS around firmware calls. */ if (boot_cpu_has_bug(X86_BUG_RETBLEED) &&
boot_cpu_has(X86_FEATURE_IBPB) && (boot_cpu_data.x86_vendor == X86_VENDOR_AMD || boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)) {
At the very least we need a pr_warn() and something nasty in retbleed_show_state() to warn the user their firmware calls are vulnerable.