www.infradead.org Git - users/hch/misc.git/commit

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
	Sat, 22 Jun 2024 04:17:21 +0000 (21:17 -0700)
committer	Dave Hansen <dave.hansen@linux.intel.com>
	Fri, 9 May 2025 20:22:04 +0000 (13:22 -0700)
commit	8754e67ad4ac692c67ff1f99c0d07156f04ae40c
tree	e5b008534b11b3cdf6ddb72cbf1310ee33f85889	tree
parent	159013a7ca18c271ff64192deb62a689b622d860	commit \| diff

x86/its: Add support for ITS-safe indirect thunk

Due to ITS, indirect branches in the lower half of a cacheline may be
vulnerable to branch target injection attack.

Introduce ITS-safe thunks to patch indirect branches in the lower half of
cacheline with the thunk. Also thunk any eBPF generated indirect branches
in emit_indirect_jump().

Below category of indirect branches are not mitigated:

- Indirect branches in the .init section are not mitigated because they are
discarded after boot.
- Indirect branches that are explicitly marked retpoline-safe.

Note that retpoline also mitigates the indirect branches against ITS. This
is because the retpoline sequence fills an RSB entry before RET, and it
does not suffer from RSB-underflow part of the ITS.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>

arch/x86/Kconfig		diff \| blob \| history
arch/x86/include/asm/cpufeatures.h		diff \| blob \| history
arch/x86/include/asm/nospec-branch.h		diff \| blob \| history
arch/x86/kernel/alternative.c		diff \| blob \| history
arch/x86/kernel/vmlinux.lds.S		diff \| blob \| history
arch/x86/lib/retpoline.S		diff \| blob \| history
arch/x86/net/bpf_jit_comp.c		diff \| blob \| history