diff options
| author | Pawan Gupta <[email protected]> | 2024-06-22 04:17:21 +0000 |
|---|---|---|
| committer | Dave Hansen <[email protected]> | 2025-05-09 20:22:04 +0000 |
| commit | 8754e67ad4ac692c67ff1f99c0d07156f04ae40c (patch) | |
| tree | e5b008534b11b3cdf6ddb72cbf1310ee33f85889 /drivers/base/cpu.c | |
| parent | x86/its: Enumerate Indirect Target Selection (ITS) bug (diff) | |
| download | kernel-8754e67ad4ac692c67ff1f99c0d07156f04ae40c.tar.gz kernel-8754e67ad4ac692c67ff1f99c0d07156f04ae40c.zip | |
x86/its: Add support for ITS-safe indirect thunk
Due to ITS, indirect branches in the lower half of a cacheline may be
vulnerable to branch target injection attack.
Introduce ITS-safe thunks to patch indirect branches in the lower half of
cacheline with the thunk. Also thunk any eBPF generated indirect branches
in emit_indirect_jump().
Below category of indirect branches are not mitigated:
- Indirect branches in the .init section are not mitigated because they are
discarded after boot.
- Indirect branches that are explicitly marked retpoline-safe.
Note that retpoline also mitigates the indirect branches against ITS. This
is because the retpoline sequence fills an RSB entry before RET, and it
does not suffer from RSB-underflow part of the ITS.
Signed-off-by: Pawan Gupta <[email protected]>
Signed-off-by: Dave Hansen <[email protected]>
Reviewed-by: Josh Poimboeuf <[email protected]>
Reviewed-by: Alexandre Chartre <[email protected]>
Diffstat (limited to 'drivers/base/cpu.c')
0 files changed, 0 insertions, 0 deletions