]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commit
x86/srso: Add IBPB
authorBorislav Petkov (AMD) <bp@alien8.de>
Thu, 6 Jul 2023 13:04:35 +0000 (15:04 +0200)
committerStefan Bader <stefan.bader@canonical.com>
Mon, 4 Sep 2023 09:19:31 +0000 (11:19 +0200)
commit3ef225ec05ba9fdf481145d6ed6113aa9409bb1c
treed35ce22c53033cabb86d0dfcf814fb8f1254ad86
parenta264e7fda25d18dc54d4a6aadb35f337c399be2e
x86/srso: Add IBPB

Add the option to mitigate using IBPB on a kernel entry. Pull in the
Retbleed alternative so that the IBPB call from there can be used. Also,
if Retbleed mitigation is done using IBPB, the same mitigation can and
must be used here.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
CVE-2023-20569
(backported from commit 233d6f68b98d480a7c42ebe78c38f79d44741ca9)
[cascardo: conflict in ANNOTATE_UNRET_END vs VALIDATE_UNRET_END]
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
arch/x86/include/asm/nospec-branch.h
arch/x86/kernel/cpu/bugs.c