mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2025-01-21 22:40:05 +07:00
c995efd5a7
On context switch from a shallow call stack to a deeper one, as the CPU does 'ret' up the deeper side it may encounter RSB entries (predictions for where the 'ret' goes to) which were populated in userspace. This is problematic if neither SMEP nor KPTI (the latter of which marks userspace pages as NX for the kernel) are active, as malicious code in userspace may then be executed speculatively. Overwrite the CPU's return prediction stack with calls which are predicted to return to an infinite loop, to "capture" speculation if this happens. This is required both for retpoline, and also in conjunction with IBRS for !SMEP && !KPTI. On Skylake+ the problem is slightly different, and an *underflow* of the RSB may cause errant branch predictions to occur. So there it's not so much overwrite, as *filling* the RSB to attempt to prevent it getting empty. This is only a partial solution for Skylake+ since there are many other conditions which may result in the RSB becoming empty. The full solution on Skylake+ is to use IBRS, which will prevent the problem even when the RSB becomes empty. With IBRS, the RSB-stuffing will not be required on context switch. [ tglx: Added missing vendor check and slighty massaged comments and changelog ] Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Arjan van de Ven <arjan@linux.intel.com> Cc: gnomes@lxorguk.ukuu.org.uk Cc: Rik van Riel <riel@redhat.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: thomas.lendacky@amd.com Cc: Peter Zijlstra <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Jiri Kosina <jikos@kernel.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Kees Cook <keescook@google.com> Cc: Tim Chen <tim.c.chen@linux.intel.com> Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org> Cc: Paul Turner <pjt@google.com> Link: https://lkml.kernel.org/r/1515779365-9032-1-git-send-email-dwmw@amazon.co.uk |
||
|---|---|---|
| .. | ||
| mcheck | ||
| microcode | ||
| mtrr | ||
| .gitignore | ||
| amd.c | ||
| aperfmperf.c | ||
| bugs.c | ||
| centaur.c | ||
| common.c | ||
| cpu.h | ||
| cpuid-deps.c | ||
| cyrix.c | ||
| hypervisor.c | ||
| intel_cacheinfo.c | ||
| intel_rdt_ctrlmondata.c | ||
| intel_rdt_monitor.c | ||
| intel_rdt_rdtgroup.c | ||
| intel_rdt.c | ||
| intel_rdt.h | ||
| intel.c | ||
| Makefile | ||
| match.c | ||
| mkcapflags.sh | ||
| mshyperv.c | ||
| perfctr-watchdog.c | ||
| powerflags.c | ||
| proc.c | ||
| rdrand.c | ||
| scattered.c | ||
| topology.c | ||
| transmeta.c | ||
| umc.c | ||
| vmware.c | ||