Commit 858073be authored May 16, 2025 by Pawan Gupta Committed by Greg Kroah-Hartman May 22, 2025

x86/its: Add support for ITS-safe indirect thunk



commit 8754e67a upstream.

Due to ITS, indirect branches in the lower half of a cacheline may be
vulnerable to branch target injection attack.

Introduce ITS-safe thunks to patch indirect branches in the lower half of
cacheline with the thunk. Also thunk any eBPF generated indirect branches
in emit_indirect_jump().

Below category of indirect branches are not mitigated:

- Indirect branches in the .init section are not mitigated because they are
  discarded after boot.
- Indirect branches that are explicitly marked retpoline-safe.

Note that retpoline also mitigates the indirect branches against ITS. This
is because the retpoline sequence fills an RSB entry before RET, and it
does not suffer from RSB-underflow part of the ITS.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 34be1a31

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 25a456b5
· Nov 05, 2025

mentioned in commit 25a456b5

mentioned in commit 25a456b541bbd2d159a29c5978b6ed288999429c

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit fa1f78be
· Nov 05, 2025

mentioned in commit fa1f78be

mentioned in commit fa1f78bed39010aae7d9babe527d1b9886554a0a

Toggle commit list

Please to comment