git.itanic.dy.fi Git - linux-stable/commit

author	Peter Zijlstra <peterz@infradead.org>
	Mon, 18 Jul 2022 11:41:37 +0000 (13:41 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 29 Jul 2022 15:28:17 +0000 (17:28 +0200)
commit	4a15f0d68029ee8a3eb8c784f42a661f7489041b
tree	ba3ca965fd1d926f091fd11b14c87d1bb7ee7c3e	tree \| snapshot
parent	9326a6229994726d3ff06c56c84cdf733c8c892d	commit \| diff

x86/amd: Use IBPB for firmware calls

commit 28a99e95f55c61855983d36a88c05c178d966bb7 upstream.

On AMD IBRS does not prevent Retbleed; as such use IBPB before a
firmware call to flush the branch history state.

And because in order to do an EFI call, the kernel maps a whole lot of
the kernel page table into the EFI page table, do an IBPB just in case
in order to prevent the scenario of poisoning the BTB and causing an EFI
call using the unprotected RET there.

[ bp: Massage. ]

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220715194550.793957-1-cascardo@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/x86/include/asm/cpufeatures.h		diff \| blob \| history
arch/x86/include/asm/nospec-branch.h		diff \| blob \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| history