git.baikalelectronics.ru Git - kernel.git/commit

author	Peter Zijlstra <peterz@infradead.org>
	Mon, 18 Jul 2022 11:41:37 +0000 (13:41 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 29 Jul 2022 15:25:31 +0000 (17:25 +0200)
commit	bd262a099061f6493be2f91e4e9b5d1f72c2b81b
tree	ad1588f4e008150fbddf2488615426a3e663fc4d	tree \| snapshot
parent	8bbe6e7c71d2625a5b9cb7f841d6da265506661f	commit \| diff

x86/amd: Use IBPB for firmware calls

commit e3abb3ac20c026872da1bea6bab37dcd334fde1e upstream.

On AMD IBRS does not prevent Retbleed; as such use IBPB before a
firmware call to flush the branch history state.

And because in order to do an EFI call, the kernel maps a whole lot of
the kernel page table into the EFI page table, do an IBPB just in case
in order to prevent the scenario of poisoning the BTB and causing an EFI
call using the unprotected RET there.

[ bp: Massage. ]

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220715194550.793957-1-cascardo@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/x86/include/asm/cpufeatures.h		diff \| blob \| history
arch/x86/include/asm/nospec-branch.h		diff \| blob \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| history