diff options
| author | Johannes Wikner <kwikner@ethz.ch> | 2024-09-23 20:49:36 +0200 |
|---|---|---|
| committer | Borislav Petkov (AMD) <bp@alien8.de> | 2024-10-10 10:35:27 +0200 |
| commit | 50e4b3b94090babe8d4bb85c95f0d3e6b07ea86e (patch) | |
| tree | 5bf24bfdf5c982ad990378274a5c8330a3c7a2f8 /arch | |
| parent | x86/cpufeatures: Add a IBPB_NO_RET BUG flag (diff) | |
| download | linux-50e4b3b94090babe8d4bb85c95f0d3e6b07ea86e.tar.xz linux-50e4b3b94090babe8d4bb85c95f0d3e6b07ea86e.zip | |
x86/entry: Have entry_ibpb() invalidate return predictions
entry_ibpb() should invalidate all indirect predictions, including return
target predictions. Not all IBPB implementations do this, in which case the
fallback is RSB filling.
Prevent SRSO-style hijacks of return predictions following IBPB, as the return
target predictor can be corrupted before the IBPB completes.
[ bp: Massage. ]
Signed-off-by: Johannes Wikner <kwikner@ethz.ch>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/entry/entry.S | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S index d9feadffa972..324686bca368 100644 --- a/arch/x86/entry/entry.S +++ b/arch/x86/entry/entry.S @@ -9,6 +9,8 @@ #include <asm/unwind_hints.h> #include <asm/segment.h> #include <asm/cache.h> +#include <asm/cpufeatures.h> +#include <asm/nospec-branch.h> #include "calling.h" @@ -19,6 +21,9 @@ SYM_FUNC_START(entry_ibpb) movl $PRED_CMD_IBPB, %eax xorl %edx, %edx wrmsr + + /* Make sure IBPB clears return stack preductions too. */ + FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_BUG_IBPB_NO_RET RET SYM_FUNC_END(entry_ibpb) /* For KVM */ |