Commit d9b06db1 authored Feb 28, 2023 by Rodrigo Branco Committed by Jialin Zhang Feb 28, 2023

x86/bugs: Flush IBP in ib_prctl_set()

stable inclusion
from stable-v5.10.163
commit 67e39c4f4cb318cfbbf8982ab016c649ed97edaf
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6CU98
CVE: CVE-2023-0045

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=67e39c4f4cb318cfbbf8982ab016c649ed97edaf



--------------------------------

commit a664ec91 upstream.

We missed the window between the TIF flag update and the next reschedule.

Signed-off-by: Rodrigo Branco <bsdaemon@google.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yuyao Lin <linyuyao1@huawei.com>
Reviewed-by: Wang Weiyang <wangweiyang2@huawei.com>
Reviewed-by: Wei Li <liwei391@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

parent 18c12569

arch/x86/kernel/cpu/bugs.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1889,6 +1889,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
		if (ctrl == PR_SPEC_FORCE_DISABLE)
		task_set_spec_ib_force_disable(task);
		task_update_spec_tif(task);
		if (task == current)
		indirect_branch_prediction_barrier();
		break;
		default:
		return -ERANGE;