diff options
| author | Johannes Wikner <kwikner@ethz.ch> | 2024-09-23 20:49:36 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-10-22 15:39:26 +0200 |
| commit | 0ab77a47e3ff18889ebdb377b7ce9857008d9e80 (patch) | |
| tree | 2e093f4fa6768c35b3c6d5e55d749d9986792411 /arch | |
| parent | c5e57863d79053067a6bdb0aaf800513e6eb40b7 (diff) | |
| download | linux-0ab77a47e3ff18889ebdb377b7ce9857008d9e80.tar.gz linux-0ab77a47e3ff18889ebdb377b7ce9857008d9e80.tar.bz2 linux-0ab77a47e3ff18889ebdb377b7ce9857008d9e80.zip | |
x86/entry: Have entry_ibpb() invalidate return predictions
commit 50e4b3b94090babe8d4bb85c95f0d3e6b07ea86e upstream.
entry_ibpb() should invalidate all indirect predictions, including return
target predictions. Not all IBPB implementations do this, in which case the
fallback is RSB filling.
Prevent SRSO-style hijacks of return predictions following IBPB, as the return
target predictor can be corrupted before the IBPB completes.
[ bp: Massage. ]
Signed-off-by: Johannes Wikner <kwikner@ethz.ch>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/entry/entry.S | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S index 09e99d13fc0b..f4419afc7147 100644 --- a/arch/x86/entry/entry.S +++ b/arch/x86/entry/entry.S @@ -9,6 +9,8 @@ #include <asm/unwind_hints.h> #include <asm/segment.h> #include <asm/cache.h> +#include <asm/cpufeatures.h> +#include <asm/nospec-branch.h> .pushsection .noinstr.text, "ax" @@ -17,6 +19,9 @@ SYM_FUNC_START(entry_ibpb) movl $PRED_CMD_IBPB, %eax xorl %edx, %edx wrmsr + + /* Make sure IBPB clears return stack preductions too. */ + FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_BUG_IBPB_NO_RET RET SYM_FUNC_END(entry_ibpb) /* For KVM */ |