summaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorPeter Zijlstra <peterz@infradead.org>2023-08-14 13:44:35 +0200
committerBorislav Petkov (AMD) <bp@alien8.de>2023-08-16 21:58:59 +0200
commit864bcaa38ee44ec6c0e43f79c2d2997b977e26b2 (patch)
tree138e657528645336a8f30df0bbfafc8436313cef /tools
parente7c25c441e9e0fa75b4c83e0b26306b702cfe90d (diff)
x86/cpu/kvm: Provide UNTRAIN_RET_VM
Similar to how it doesn't make sense to have UNTRAIN_RET have two untrain calls, it also doesn't make sense for VMEXIT to have an extra IBPB call. This cures VMEXIT doing potentially unret+IBPB or double IBPB. Also, the (SEV) VMEXIT case seems to have been overlooked. Redefine the meaning of the synthetic IBPB flags to: - ENTRY_IBPB -- issue IBPB on entry (was: entry + VMEXIT) - IBPB_ON_VMEXIT -- issue IBPB on VMEXIT And have 'retbleed=ibpb' set *BOTH* feature flags to ensure it retains the previous behaviour and issues IBPB on entry+VMEXIT. The new 'srso=ibpb_vmexit' option only sets IBPB_ON_VMEXIT. Create UNTRAIN_RET_VM specifically for the VMEXIT case, and have that check IBPB_ON_VMEXIT. All this avoids having the VMEXIT case having to check both ENTRY_IBPB and IBPB_ON_VMEXIT and simplifies the alternatives. Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation") Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/20230814121149.109557833@infradead.org
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions