Commit 61f0a674 authored by Peter Zijlstra's avatar Peter Zijlstra Committed by Zheng Zengkai
Browse files

x86/amd: Use IBPB for firmware calls 

stable inclusion
from stable-v5.10.134
commit b7b9e5cc8b24d6c800b2b7f8bba44c5914bd6c8f
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5ZVR7

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b7b9e5cc8b24d6c800b2b7f8bba44c5914bd6c8f



--------------------------------

commit 28a99e95 upstream.

On AMD IBRS does not prevent Retbleed; as such use IBPB before a
firmware call to flush the branch history state.

And because in order to do an EFI call, the kernel maps a whole lot of
the kernel page table into the EFI page table, do an IBPB just in case
in order to prevent the scenario of poisoning the BTB and causing an EFI
call using the unprotected RET there.

  [ bp: Massage. ]

Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220715194550.793957-1-cascardo@canonical.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>

 Conflicts:
	arch/x86/include/asm/cpufeatures.h
Reviewed-by: default avatarWei Li <liwei391@huawei.com>
parent d4a57a1e
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment