x86/bugs: Do IBPB fallback check only once

commit 0fe4aeea9c01baabecc8c3afc7889c809d939bc2 upstream.

When booting with retbleed=auto, if the kernel wasn't built with
CONFIG_CC_HAS_RETURN_THUNK, the mitigation falls back to IBPB.  Make
sure a warning is printed in that case.  The IBPB fallback check is done
twice, but it really only needs to be done once.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
CVE-2022-29900
CVE-2022-29901
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index f61f1612378fcde02a01aab0cb3602e8afc05e9d..a8e0b1ad7d9991a13f5e931b1999f4902b404c03 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -884,18 +884,13 @@ static void __init retbleed_select_mitigation(void)
        case RETBLEED_CMD_AUTO:
        default:
                if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
-                   boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) {
-
-                       if (IS_ENABLED(CONFIG_RETPOLINE) &&
-                           IS_ENABLED(CONFIG_CC_HAS_RETURN_THUNK))
-                               retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
-                       else
-                               retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
-               }
+                   boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)
+                       retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
 
                /*
-                * The Intel mitigation (IBRS) was already selected in
-                * spectre_v2_select_mitigation().
+                * The Intel mitigation (IBRS or eIBRS) was already selected in
+                * spectre_v2_select_mitigation().  'retbleed_mitigation' will
+                * be set accordingly below.
                 */
 
                break;