• David Woodhouse's avatar
    x86/spectre: Add boot time option to select Spectre v2 mitigation · da285121
    David Woodhouse authored
    Add a spectre_v2= option to select the mitigation used for the indirect
    branch speculation vulnerability.
    
    Currently, the only option available is retpoline, in its various forms.
    This will be expanded to cover the new IBRS/IBPB microcode features.
    
    The RETPOLINE_AMD feature relies on a serializing LFENCE for speculation
    control. For AMD hardware, only set RETPOLINE_AMD if LFENCE is a
    serializing instruction, which is indicated by the LFENCE_RDTSC feature.
    
    [ tglx: Folded back the LFENCE/AMD fixes and reworked it so IBRS
      	integration becomes simple ]
    Signed-off-by: default avatarDavid Woodhouse <dwmw@amazon.co.uk>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Cc: gnomes@lxorguk.ukuu.org.uk
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Andi Kleen <ak@linux.intel.com>
    Cc: Josh Poimboeuf <jpoimboe@redhat.com>
    Cc: thomas.lendacky@amd.com
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Jiri Kosina <jikos@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Dave Hansen <dave.hansen@intel.com>
    Cc: Kees Cook <keescook@google.com>
    Cc: Tim Chen <tim.c.chen@linux.intel.com>
    Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
    Cc: Paul Turner <pjt@google.com>
    Link: https://lkml.kernel.org/r/1515707194-20531-5-git-send-email-dwmw@amazon.co.uk
    da285121
nospec-branch.h 3.51 KB