This is boot code, we run this _way_ before userspace comes along to
poison our branch predictor.
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Borislav Petkov <b...@suse.de>
Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org>
---
arch/x86/mm/mem_encrypt_boot.S | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/x86/mm/mem_encrypt_boot.S
+++ b/arch/x86/mm/mem_encrypt_boot.S
@@ -15,6 +15,7 @@
#include <asm/page.h>
#include <asm/processor-flags.h>
#include <asm/msr-index.h>
+#include <asm/nospec-branch.h>
.text
.code64
@@ -59,6 +60,7 @@ ENTRY(sme_encrypt_execute)
movq %rax, %r8 /* Workarea encryption routine */
addq $PAGE_SIZE, %r8 /* Workarea intermediate copy buffer */
+ ANNOTATE_RETPOLINE_SAFE
call *%rax /* Call the encryption routine */
pop %r12
