4f4da08490
For platform that supports RRSBA (Restricted Return Stack Buffer Alternate), using retpoline may not be sufficient to guard against branch history injection or intra-mode branch target injection. RRSBA must be disabled to prevent CPUs from using alternate predictors for RETs. Quoting Intel CVE-2022-0001/CVE-2022-0002: Where software is using retpoline as a mitigation for BHI or intra-mode BTI, and the processor both enumerates RRSBA and enumerates RRSBA_DIS controls, it should disable this behavior. ... Software using retpoline as a mitigation for BHI or intra-mode BTI should use these new indirect predictor controls to disable alternate predictors for RETs. See: https://www.intel.com/content/www/us/en/developer/articles/technical/ software-security-guidance/technical-documentation/branch-history-injection.html Tracked-On: #7907 Signed-off-by: Yifan Liu <yifan1.liu@intel.com> |
||
|---|---|---|
| .. | ||
| x86/asm | ||