mirror of
https://github.com/torvalds/linux.git
synced 2024-09-21 15:33:19 +00:00
4ad3278df6
Some Intel processors may use alternate predictors for RETs on RSB-underflow. This condition may be vulnerable to Branch History Injection (BHI) and intramode-BTI. Kernel earlier added spectre_v2 mitigation modes (eIBRS+Retpolines, eIBRS+LFENCE, Retpolines) which protect indirect CALLs and JMPs against such attacks. However, on RSB-underflow, RET target prediction may fallback to alternate predictors. As a result, RET's predicted target may get influenced by branch history. A new MSR_IA32_SPEC_CTRL bit (RRSBA_DIS_S) controls this fallback behavior when in kernel mode. When set, RETs will not take predictions from alternate predictors, hence mitigating RETs as well. Support for this is enumerated by CPUID.7.2.EDX[RRSBA_CTRL] (bit2). For spectre v2 mitigation, when a user selects a mitigation that protects indirect CALLs and JMPs against BHI and intramode-BTI, set RRSBA_DIS_S also to protect RETs for RSB-underflow case. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Borislav Petkov <bp@suse.de> |
||
---|---|---|
.. | ||
accounting | ||
arch | ||
bootconfig | ||
bpf | ||
build | ||
certs | ||
cgroup | ||
counter | ||
debugging | ||
edid | ||
firewire | ||
firmware | ||
gpio | ||
hv | ||
iio | ||
include | ||
io_uring | ||
kvm/kvm_stat | ||
laptop | ||
leds | ||
lib | ||
memory-model | ||
objtool | ||
pci | ||
pcmcia | ||
perf | ||
power | ||
rcu | ||
scripts | ||
spi | ||
testing | ||
thermal | ||
time | ||
tracing | ||
usb | ||
virtio | ||
vm | ||
wmi | ||
Makefile |