x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (00f511d7) · Commits · Mirrors / git.yoctoproject.org / linux-yocto

Commit 00f511d7 authored Jul 20, 2023 by

Kim Phillips Committed by Greg Kroah-Hartman Apr 03, 2024

x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled

commit fd470a8b upstream.

Unlike Intel's Enhanced IBRS feature, AMD's Automatic IBRS does not
provide protection to processes running at CPL3/user mode, see section
"Extended Feature Enable Register (EFER)" in the APM v2 at
https://bugzilla.kernel.org/attachment.cgi?id=304652

Explicitly enable STIBP to protect against cross-thread CPL3
branch target injections on systems with Automatic IBRS enabled.

Also update the relevant documentation.

Fixes: e7862eda

 ("x86/cpu: Support AMD Automatic IBRS")
Reported-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230720194727.67022-1-kim.phillips@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent f30b3ee9

Hide whitespace changes

Inline Side-by-side

Please register or to comment