linux/Documentation
Peter Zijlstra 3ebc170068 x86/bugs: Add retbleed=ibpb
jmp2ret mitigates the easy-to-attack case at relatively low overhead.
It mitigates the long speculation windows after a mispredicted RET, but
it does not mitigate the short speculation window from arbitrary
instruction boundaries.

On Zen2, there is a chicken bit which needs setting, which mitigates
"arbitrary instruction boundaries" down to just "basic block boundaries".

But there is no fix for the short speculation window on basic block
boundaries, other than to flush the entire BTB to evict all attacker
predictions.

On the spectrum of "fast & blurry" -> "safe", there is (on top of STIBP
or no-SMT):

  1) Nothing		System wide open
  2) jmp2ret		May stop a script kiddy
  3) jmp2ret+chickenbit  Raises the bar rather further
  4) IBPB		Only thing which can count as "safe".

Tentative numbers put IBPB-on-entry at a 2.5x hit on Zen2, and a 10x hit
on Zen1 according to lmbench.

  [ bp: Fixup feature bit comments, document option, 32-bit build fix. ]

Suggested-by: Andrew Cooper <Andrew.Cooper3@citrix.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
2022-06-27 10:34:00 +02:00
..
ABI 1st set of IIO fixes for the 5.19 cycle. 2022-06-20 09:49:52 +02:00
accounting delayacct: track delays from write-protect copy 2022-06-01 15:55:25 -07:00
admin-guide x86/bugs: Add retbleed=ibpb 2022-06-27 10:34:00 +02:00
arc
arm docs: arm: tcm: Fix typo in description of TCM and MMU usage 2022-06-09 12:56:33 -06:00
arm64 arm64/sme: Fix SVE/SME typo in ABI documentation 2022-06-08 18:38:31 +01:00
block
bpf
cdrom It was a moderately busy cycle for documentation; highlights include: 2022-05-25 11:17:41 -07:00
core-api It was a moderately busy cycle for documentation; highlights include: 2022-05-25 11:17:41 -07:00
cpu-freq
crypto
dev-tools Yang Shi has improved the behaviour of khugepaged collapsing of readonly 2022-05-26 12:32:41 -07:00
devicetree USB driver fixes for 5.19-rc4 2022-06-25 10:02:05 -07:00
doc-guide Documentation/process: use scripts/get_maintainer.pl on patches 2022-05-09 16:12:16 -06:00
driver-api docs: driver-api: gpio: Fix filename mismatch 2022-06-13 18:12:24 +02:00
fault-injection
fb
features Documentation/features: Update the arch support status files 2022-06-09 09:35:57 -06:00
filesystems for-5.19-rc3-tag 2022-06-26 10:11:36 -07:00
firmware_class
firmware-guide TTY / Serial driver changes for 5.19-rc1 2022-06-03 11:08:40 -07:00
fpga Documentation: fpga: dfl: add link address of feature id table 2022-05-10 16:05:27 +08:00
gpu
hid
hwmon hwmon: Make chip parameter for with_info API mandatory 2022-05-22 11:32:31 -07:00
i2c
ia64
iio
images docs: add SVG version of the Linux logo 2022-06-01 09:32:45 -06:00
infiniband
input documentation: Format button_dev as a pointer. 2022-06-01 09:34:28 -06:00
isdn
kbuild Documentation/llvm: Update Supported Arch table 2022-06-20 08:21:29 +09:00
kernel-hacking
leds leds: qcom-lpg: Require pattern to follow documentation 2022-05-24 22:08:10 +02:00
litmus-tests
livepatch
locking
loongarch docs/LoongArch: Fix notes rendering by using reST directives 2022-06-17 22:09:05 +08:00
m68k
maintainer
mhi
mips
misc-devices Documentation: Wire Oxford Semiconductor PCIe (Tornado) 950 2022-05-19 18:24:22 +02:00
netlabel
networking docs: networking: phy: Fix a typo 2022-06-13 23:12:44 -07:00
nios2
nvdimm
openrisc
parisc
PCI
pcmcia
peci
power
powerpc powerpc: Enable the DAWR on POWER9 DD2.3 and above 2022-05-22 15:59:53 +10:00
process scripts/check-local-export: avoid 'wait $!' for process substitution 2022-06-10 03:47:13 +09:00
RCU Merge branch 'exp.2022.05.11a' into HEAD 2022-05-11 11:49:35 -07:00
riscv Documentation: riscv: Add sv48 description to VM layout 2022-06-01 20:38:34 -07:00
s390
scheduler
scsi
security integrity-v5.19 2022-05-24 13:50:39 -07:00
sh
sound
sparc
sphinx docs: pdfdocs: Add space for chapter counts >= 100 in TOC 2022-05-17 13:41:26 -06:00
sphinx-static
spi
staging
target
timers
tools Updates to Real Time Linux Analysis tool for 5.19: 2022-05-29 10:48:58 -07:00
trace tracing/timerlat: Print stacktrace in the IRQ handler if needed 2022-05-26 21:13:00 -04:00
translations docs/zh_CN/LoongArch: Fix notes rendering by using reST directives 2022-06-17 22:09:05 +08:00
usb docs: usb: fix literal block marker in usbmon verification example 2022-06-09 09:50:03 -06:00
userspace-api media: lirc: add missing exceptions for lirc uapi header file 2022-05-26 14:30:17 -07:00
virt S390: 2022-05-26 14:20:14 -07:00
vm mm/memory-failure: disable unpoison once hw error happens 2022-06-16 19:11:32 -07:00
w1
watchdog
x86 It was a moderately busy cycle for documentation; highlights include: 2022-05-25 11:17:41 -07:00
xtensa
.gitignore
arch.rst Documentation: LoongArch: Add basic documentations 2022-06-03 20:09:27 +08:00
asm-annotations.rst
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 2022-06-01 09:26:05 -06:00
docutils.conf
dontdiff randstruct: Move seed generation into scripts/basic/ 2022-05-08 01:33:07 -07:00
index.rst docs: Move the HTE documentation to driver-api/ 2022-06-09 10:02:47 -06:00
Kconfig
Makefile
memory-barriers.txt
SubmittingPatches