[RFC][PATCH 08/17] x86/cpu: Add IBPB on VMEXIT to retbleed=

From: Peter Zijlstra
Date: Wed Aug 09 2023 - 03:27:25 EST


Since IBPB-on-VMEXIT is an obvious variant of retbleed=ibpb, add it as
an such.

Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -751,6 +751,7 @@ enum retbleed_mitigation {
RETBLEED_MITIGATION_UNRET_SRSO,
RETBLEED_MITIGATION_UNRET_SRSO_ALIAS,
RETBLEED_MITIGATION_IBPB,
+ RETBLEED_MITIGATION_IBPB_VMEXIT,
RETBLEED_MITIGATION_IBRS,
RETBLEED_MITIGATION_EIBRS,
RETBLEED_MITIGATION_STUFF,
@@ -763,6 +764,7 @@ enum retbleed_mitigation_cmd {
RETBLEED_CMD_UNRET_SRSO,
RETBLEED_CMD_UNRET_SRSO_ALIAS,
RETBLEED_CMD_IBPB,
+ RETBLEED_CMD_IBPB_VMEXIT,
RETBLEED_CMD_STUFF,
};

@@ -772,6 +774,7 @@ static const char * const retbleed_strin
[RETBLEED_MITIGATION_UNRET_SRSO] = "Mitigation: srso untrained return thunk",
[RETBLEED_MITIGATION_UNRET_SRSO_ALIAS] = "Mitigation: srso alias untrained return thunk",
[RETBLEED_MITIGATION_IBPB] = "Mitigation: IBPB",
+ [RETBLEED_MITIGATION_IBPB_VMEXIT] = "Mitigation: IBPB on VMEXIT only",
[RETBLEED_MITIGATION_IBRS] = "Mitigation: IBRS",
[RETBLEED_MITIGATION_EIBRS] = "Mitigation: Enhanced IBRS",
[RETBLEED_MITIGATION_STUFF] = "Mitigation: Stuffing",
@@ -808,6 +811,8 @@ static int __init retbleed_parse_cmdline
retbleed_cmd = RETBLEED_CMD_UNRET_SRSO_ALIAS;
} else if (!strcmp(str, "ibpb")) {
retbleed_cmd = RETBLEED_CMD_IBPB;
+ } else if (!strcmp(str, "ibpb_vmexit")) {
+ retbleed_cmd = RETBLEED_CMD_IBPB_VMEXIT;
} else if (!strcmp(str, "stuff")) {
retbleed_cmd = RETBLEED_CMD_STUFF;
} else if (!strcmp(str, "nosmt")) {
@@ -881,13 +886,17 @@ static void __init retbleed_select_mitig
break;

case RETBLEED_CMD_IBPB:
+ case RETBLEED_CMD_IBPB_VMEXIT:
if (!boot_cpu_has(X86_FEATURE_IBPB)) {
pr_err("WARNING: CPU does not support IBPB.\n");
goto do_cmd_auto;
} else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
if (boot_cpu_has_bug(X86_BUG_SRSO) && !has_microcode)
pr_err("IBPB-extending microcode not applied; SRSO NOT mitigated\n");
- retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
+ if (retbleed_cmd == RETBLEED_CMD_IBPB)
+ retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
+ if (retbleed_cmd == RETBLEED_CMD_IBPB_VMEXIT)
+ retbleed_mitigation = RETBLEED_MITIGATION_IBPB_VMEXIT;
} else {
pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
goto do_cmd_auto;
@@ -961,6 +970,12 @@ static void __init retbleed_select_mitig

case RETBLEED_MITIGATION_IBPB:
setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
+ setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
+ mitigate_smt = true;
+ break;
+
+ case RETBLEED_MITIGATION_IBPB_VMEXIT:
+ setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
mitigate_smt = true;
break;