Re: [PATCH v3 4/6] x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline

From: Nikolay Borisov
Date: Tue Apr 08 2025 - 09:54:57 EST

Next message: Ilpo Järvinen: "Re: [PATCH v8 3/8] platform/x86: asus-armoury: add panel_hd_mode attribute"
Previous message: Herve Codina: "Re: [PATCH 11/16] of: property: Allow fw_devlink device-tree support for x86"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2.04.25 г. 21:19 ч., Josh Poimboeuf wrote:

eIBRS protects against guest->host RSB underflow/poisoning attacks.
Adding retpoline to the mix doesn't change that. Retpoline has a
balanced CALL/RET anyway.

So the current full RSB filling on VMEXIT with eIBRS+retpoline is
overkill. Disable it or do the VMEXIT_LITE mitigation if needed.

Suggested-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
Reviewed-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
Reviewed-by: Amit Shah <amit.shah@xxxxxxx>
Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>

Reviewed-by: Nikolay Borisov <nik.borisov@xxxxxxxx>

Next message: Ilpo Järvinen: "Re: [PATCH v8 3/8] platform/x86: asus-armoury: add panel_hd_mode attribute"
Previous message: Herve Codina: "Re: [PATCH 11/16] of: property: Allow fw_devlink device-tree support for x86"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]