Commit 50e4b3b9 authored Sep 23, 2024 by Johannes Wikner Committed by Borislav Petkov (AMD) Oct 10, 2024

x86/entry: Have entry_ibpb() invalidate return predictions



entry_ibpb() should invalidate all indirect predictions, including return
target predictions. Not all IBPB implementations do this, in which case the
fallback is RSB filling.

Prevent SRSO-style hijacks of return predictions following IBPB, as the return
target predictor can be corrupted before the IBPB completes.

  [ bp: Massage. ]

Signed-off-by: Johannes Wikner <kwikner@ethz.ch>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>

parent 3ea87dfa

arch/x86/entry/entry.S

+5 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,8 @@
		#include <asm/unwind_hints.h>
		#include <asm/segment.h>
		#include <asm/cache.h>
		#include <asm/cpufeatures.h>
		#include <asm/nospec-branch.h>

		#include "calling.h"

		@@ -19,6 +21,9 @@ SYM_FUNC_START(entry_ibpb)
		movl $PRED_CMD_IBPB, %eax
		xorl %edx, %edx
		wrmsr

		/* Make sure IBPB clears return stack preductions too. */
		FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_BUG_IBPB_NO_RET
		RET
		SYM_FUNC_END(entry_ibpb)
		/* For KVM */