| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z74eaeYm_EgHbmNn@google.com> Date: Tue, 25 Feb 2025 11:47:53 -0800 From: Sean Christopherson <seanjc@...gle.com> To: Yosry Ahmed <yosry.ahmed@...ux.dev> Cc: x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>, Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/6] x86/bugs: Move the X86_FEATURE_USE_IBPB check into callers On Wed, Feb 19, 2025, Yosry Ahmed wrote: > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index 6c56d5235f0f3..729a8ee24037b 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -1478,7 +1478,8 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, > * may switch the active VMCS multiple times). > */ > if (!buddy || WARN_ON_ONCE(buddy->vmcs != prev)) > - indirect_branch_prediction_barrier(); > + if (cpu_feature_enabled(X86_FEATURE_USE_IBPB)) Combine this into a single if-statement, to make it readable and because as-is the outer if would need curly braces. And since this check will stay around in the form of a static_branch, I vote to check it first so that the checks on "buddy" are elided if vcpu_load_ibpb is disabled. That'll mean the WARN_ON_ONCE() won't fire if we have a bug and someone is running with mitigations disabled, but I'm a-ok with that.
Powered by blists - more mailing lists