linux

mirror of https://github.com/torvalds/linux.git synced 2024-12-15 07:33:56 +00:00

History

Pawan Gupta ba6e31af2b x86/speculation: Add LFENCE to RSB fill sequence RSB fill sequence does not have any protection for miss-prediction of conditional branch at the end of the sequence. CPU can speculatively execute code immediately after the sequence, while RSB filling hasn't completed yet. #define __FILL_RETURN_BUFFER(reg, nr, sp) \ mov $(nr/2), reg; \ 771: \ ANNOTATE_INTRA_FUNCTION_CALL; \ call 772f; \ 773: /* speculation trap / \ UNWIND_HINT_EMPTY; \ pause; \ lfence; \ jmp 773b; \ 772: \ ANNOTATE_INTRA_FUNCTION_CALL; \ call 774f; \ 775: / speculation trap / \ UNWIND_HINT_EMPTY; \ pause; \ lfence; \ jmp 775b; \ 774: \ add $(BITS_PER_LONG/8) 2, sp; \ dec reg; \ jnz 771b; <----- CPU can miss-predict here. Before RSB is filled, RETs that come in program order after this macro can be executed speculatively, making them vulnerable to RSB-based attacks. Mitigate it by adding an LFENCE after the conditional branch to prevent speculation while RSB is being filled. Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Borislav Petkov <bp@suse.de>		2022-08-03 14:12:18 +02:00
..
boot	x86/compressed/64: Add identity mappings for setup_data entries	2022-07-06 11:23:39 +02:00
coco	x86/tdx: Handle load_unaligned_zeropad() page-cross to a shared page	2022-06-17 15:37:33 -07:00
configs	x86/config: Make the x86 defconfigs a bit more usable	2022-03-27 20:58:35 +02:00
crypto	crypto: x86 - eliminate anonymous module_init & module_exit	2022-04-08 16:13:31 +08:00
entry	x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt	2022-07-14 09:45:12 +02:00
events	perf/x86/intel/lbr: Fix unchecked MSR access error on HSW	2022-07-20 19:24:55 +02:00
hyperv	x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM	2022-06-15 18:27:40 +00:00
ia32	x86: Remove a.out support	2022-04-11 18:04:27 +02:00
include	x86/speculation: Add LFENCE to RSB fill sequence	2022-08-03 14:12:18 +02:00
kernel	x86/speculation: Add RSB VM Exit protections	2022-08-03 11:23:52 +02:00
kvm	x86/speculation: Add RSB VM Exit protections	2022-08-03 11:23:52 +02:00
lib	x86/retbleed: Add fine grained Kconfig knobs	2022-06-29 17:43:41 +02:00
math-emu	x86/32: Remove lazy GS macros	2022-04-14 14:09:43 +02:00
mm	x86/pat: Fix x86_has_pat_wp()	2022-07-13 12:44:04 +02:00
net	x86/bpf: Use alternative RET encoding	2022-06-27 10:33:58 +02:00
pci	x86/PCI: Revert "x86/PCI: Clip only host bridge windows for E820 regions"	2022-06-17 14:24:14 -05:00
platform	efi/x86: use naked RET on mixed mode call wrapper	2022-07-16 09:51:24 -07:00
power	x86/cpu: Load microcode during restore_processor_state()	2022-04-19 19:37:05 +02:00
purgatory
ras
realmode	Intel Trust Domain Extensions	2022-05-23 17:51:12 -07:00
tools
um	um: Fix out-of-bounds read in LDT setup	2022-05-27 09:03:41 +02:00
video
virt/vmx/tdx	x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappers	2022-04-07 08:27:50 -07:00
xen	Just when you thought that all the speculation bugs were addressed and	2022-07-11 18:15:25 -07:00
.gitignore
Kbuild	x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c}	2022-02-23 18:25:58 +01:00
Kconfig	- Make retbleed mitigations 64-bit only (32-bit will need a bit more	2022-07-24 09:40:17 -07:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug	x86/Kconfig: Fix indentation of arch/x86/Kconfig.debug	2022-05-25 15:39:27 +02:00
Makefile	lkdtm: Disable return thunks in rodata.c	2022-07-20 19:24:53 +02:00
Makefile_32.cpu
Makefile.um