[PATCH 00/22] SRSO fixes/cleanups
From: Josh Poimboeuf
Date: Sun Aug 20 2023 - 21:19:31 EST
Here are several SRSO fixes and cleanups, based on tip/x86/urgent.
One of the patches also adds KVM support, though a corresponding patch
is still needed in QEMU. I have a working QEMU patch which I can post
to qemu-devel.
Josh Poimboeuf (22):
x86/srso: Fix srso_show_state() side effect
x86/srso: Set CPUID feature bits independently of bug or mitigation
status
KVM: x86: Support IBPB_BRTYPE and SBPB
x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
x86/srso: Fix SBPB enablement for mitigations=off
x86/srso: Print actual mitigation if requested mitigation isn't
possible
x86/srso: Remove default case in srso_select_mitigation()
x86/srso: Downgrade retbleed IBPB warning to informational message
x86/srso: Simplify exit paths
x86/srso: Print mitigation for retbleed IBPB case
x86/srso: Slight simplification
x86/srso: Remove redundant X86_FEATURE_ENTRY_IBPB check
x86/srso: Fix vulnerability reporting for missing microcode
x86/srso: Fix unret validation dependencies
x86/alternatives: Remove faulty optimization
x86/srso: Unexport untraining functions
x86/srso: Disentangle rethunk-dependent options
x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros
x86/srso: Improve i-cache locality for alias mitigation
x86/retpoline: Remove .text..__x86.return_thunk section
x86/nospec: Refactor UNTRAIN_RET[_*]
x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk()
Documentation/admin-guide/hw-vuln/srso.rst | 22 ++-
arch/x86/include/asm/nospec-branch.h | 69 ++++-----
arch/x86/include/asm/processor.h | 2 -
arch/x86/kernel/alternative.c | 8 -
arch/x86/kernel/cpu/amd.c | 28 ++--
arch/x86/kernel/cpu/bugs.c | 87 +++++------
arch/x86/kernel/vmlinux.lds.S | 10 +-
arch/x86/kvm/cpuid.c | 4 +
arch/x86/kvm/x86.c | 9 +-
arch/x86/lib/retpoline.S | 171 +++++++++++----------
include/linux/objtool.h | 3 +-
scripts/Makefile.vmlinux_o | 3 +-
12 files changed, 199 insertions(+), 217 deletions(-)
--
2.41.0