From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Johannes Wikner <kwikner@ethz.ch>,
"Borislav Petkov (AMD)" <bp@alien8.de>,
stable@kernel.org
Subject: [PATCH 5.10 19/52] x86/entry: Have entry_ibpb() invalidate return predictions
Date: Mon, 21 Oct 2024 12:25:40 +0200 [thread overview]
Message-ID: <20241021102242.378149241@linuxfoundation.org> (raw)
In-Reply-To: <20241021102241.624153108@linuxfoundation.org>
5.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Wikner <kwikner@ethz.ch>
commit 50e4b3b94090babe8d4bb85c95f0d3e6b07ea86e upstream.
entry_ibpb() should invalidate all indirect predictions, including return
target predictions. Not all IBPB implementations do this, in which case the
fallback is RSB filling.
Prevent SRSO-style hijacks of return predictions following IBPB, as the return
target predictor can be corrupted before the IBPB completes.
[ bp: Massage. ]
Signed-off-by: Johannes Wikner <kwikner@ethz.ch>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/entry/entry.S | 5 +++++
1 file changed, 5 insertions(+)
--- a/arch/x86/entry/entry.S
+++ b/arch/x86/entry/entry.S
@@ -9,6 +9,8 @@
#include <asm/unwind_hints.h>
#include <asm/segment.h>
#include <asm/cache.h>
+#include <asm/cpufeatures.h>
+#include <asm/nospec-branch.h>
.pushsection .noinstr.text, "ax"
@@ -17,6 +19,9 @@ SYM_FUNC_START(entry_ibpb)
movl $PRED_CMD_IBPB, %eax
xorl %edx, %edx
wrmsr
+
+ /* Make sure IBPB clears return stack preductions too. */
+ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_BUG_IBPB_NO_RET
RET
SYM_FUNC_END(entry_ibpb)
/* For KVM */
next prev parent reply other threads:[~2024-10-21 10:49 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-21 10:25 [PATCH 5.10 00/52] 5.10.228-rc1 review Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 01/52] ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 02/52] net: enetc: add missing static descriptor and inline keyword Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 03/52] posix-clock: Fix missing timespec64 check in pc_clock_settime() Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 04/52] arm64: probes: Remove broken LDR (literal) uprobe support Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 05/52] arm64: probes: Fix simulate_ldr*_literal() Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 06/52] net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 07/52] irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 08/52] fat: fix uninitialized variable Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 09/52] mm/swapfile: skip HugeTLB pages for unuse_vma Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 10/52] wifi: mac80211: fix potential key use-after-free Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 11/52] KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 12/52] io_uring/sqpoll: do not allow pinning outside of cpuset Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 13/52] io_uring/sqpoll: retain test for whether the CPU is valid Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 14/52] io_uring/sqpoll: do not put cpumask on stack Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 15/52] s390/sclp_vt220: Convert newlines to CRLF instead of LFCR Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 16/52] KVM: s390: Change virtual to physical address access in diag 0x258 handler Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 17/52] x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 18/52] x86/cpufeatures: Add a IBPB_NO_RET BUG flag Greg Kroah-Hartman
2024-10-21 10:25 ` Greg Kroah-Hartman [this message]
2024-10-21 10:25 ` [PATCH 5.10 20/52] x86/bugs: Skip RSB fill at VMEXIT Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 21/52] x86/bugs: Do not use UNTRAIN_RET with IBPB on entry Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 22/52] blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 23/52] io_uring/sqpoll: close race on waiting for sqring entries Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 24/52] drm/radeon: Fix encoder->possible_clones Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 25/52] drm/vmwgfx: Handle surface check failure correctly Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 26/52] iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 27/52] iio: dac: ltc1660: " Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 28/52] iio: dac: stm32-dac-core: add missing select REGMAP_MMIO " Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 29/52] iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER " Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 30/52] iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 31/52] iio: light: veml6030: fix ALS sensor resolution Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 32/52] iio: light: veml6030: fix IIO device retrieval from embedded device Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 33/52] iio: light: opt3001: add missing full-scale range value Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 34/52] iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 35/52] iio: adc: ti-ads124s08: " Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 36/52] Bluetooth: Remove debugfs directory on module init failure Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 37/52] Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 Greg Kroah-Hartman
2024-10-21 10:25 ` [PATCH 5.10 38/52] xhci: Fix incorrect stream context type macro Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 39/52] USB: serial: option: add support for Quectel EG916Q-GL Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 40/52] USB: serial: option: add Telit FN920C04 MBIM compositions Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 41/52] parport: Proper fix for array out-of-bounds access Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 42/52] x86/resctrl: Annotate get_mem_config() functions as __init Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 43/52] x86/apic: Always explicitly disarm TSC-deadline timer Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 44/52] x86/entry_32: Do not clobber user EFLAGS.ZF Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 45/52] x86/entry_32: Clear CPU buffers after register restore in NMI return Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 46/52] irqchip/gic-v4: Dont allow a VMOVP on a dying VPE Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 47/52] mptcp: track and update contiguous data status Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 48/52] mptcp: handle consistently DSS corruption Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 49/52] tcp: fix mptcp DSS corruption due to large pmtu xmit Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 50/52] nilfs2: propagate directory read errors from nilfs_find_entry() Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 51/52] powerpc/mm: Always update max/min_low_pfn in mem_topology_setup() Greg Kroah-Hartman
2024-10-21 10:26 ` [PATCH 5.10 52/52] ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 Greg Kroah-Hartman
2024-10-21 17:46 ` [PATCH 5.10 00/52] 5.10.228-rc1 review Florian Fainelli
2024-10-22 6:46 ` Naresh Kamboju
2024-10-22 9:59 ` Pavel Machek
2024-10-22 13:00 ` Mark Brown
2024-10-22 17:55 ` Jon Hunter
2024-10-23 7:27 ` Muhammad Usama Anjum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241021102242.378149241@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@alien8.de \
--cc=kwikner@ethz.ch \
--cc=patches@lists.linux.dev \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox