From nobody Fri Dec 19 20:39:54 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2088.outbound.protection.outlook.com [40.107.244.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C09432080FE for ; Wed, 8 Jan 2025 20:26:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367970; cv=fail; b=tlz+Yz8wGjO5/sb3e4MufhyawGDl+TCBtgddNDq8ETgCmDa4FNAhmQd4liVmEhm2TFrf+q7wbifwMJwheqCW++bxuper3tiSLr9sSfqZQlYfJmSjWPLEzjAqCbpWfmjXlhqRrckYZTj/mOY0RPlZNbq31X4NF2WHTFV/KJtWCgM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367970; c=relaxed/simple; bh=DyDzhhkeDfRFeIL9PqCrvna1wByaTdRWfAKUaXbuPC4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ruYbPOSG39MnfcEqoQAPfZYL6NLJImtEsx8/Kvp0zTIeEa8QehbboWWtk0Uj1ily/KlnxyLrpx93LuScCiPL0AFbnfw5iroLXopg9y/Frrx20kiwlS0+LXMCU/NHE0DW9VnUxBlf3jR8zxyOZj1up6TlKRDwK6HutOH1uS0buww= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=XCkCjCGi; arc=fail smtp.client-ip=40.107.244.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="XCkCjCGi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fF0HpKNVJyiTY5GtY0LPCZK46uvvgWUKWwPTVEQ68Bqz0uPBxZrOGP3XJZpMI89w5VoSNdUPbxBNfb3TJ8C0bqX36+LswHzJv0Jmq0Rjw8oiFXYu8Mq+QwTwH1BxGKbc30mBiBNZbpZ3IbwqEzDSkpVrVMcuTOxs9zsed31SMY/UG7J/iSXaIVefbZetKmkPSSiWzHZDvuXlynwdVf6nZRxu0tAIoDSy8n0ym3PpeEOSFEcIxI0Knm6o64bV4ME3oDsZBAReHdBlkJYX2myB3gF2ntkC2vPRr6WJZ3g9+PZfB1xQRy+4DUWt13+B3GjiHYzAQPybxUdodJTmI7FMhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BdVa4MpyoHhP+ux4jt1AzZCZLwbP2SkTjl7R2hQfRSE=; b=tAslxEPAuqMz8R8YegQaX/NIDJWRgXzr8ZQUBiR9sYsJXKdx9R7KXzATSFsOezn86Kmv7qrddcIJhmwjeo/uMzCAvgjRCW9TOz6WaAFG6Rkha70OL4SQzGIau2oobwPz8oaesKkfH5XR1cq9Ka/2NUxEunGDzfxf35j4nYNNohXzmJPvOv5f+ILKZVGiM1CIKsZDSqxhLkCIEk/lAYsX57nA5uPBUKYKp2OJD+t8ME52gOZj0Hi2W/WmC+q3lyHEfjMD0Bdm5nFrBl4vFDFvneQnyQUkAMhh+IbU2nnE5ygjfIT9b0qdmEIQ2muAQ/AOxayXtSnRUt1lsdyDuq2JCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BdVa4MpyoHhP+ux4jt1AzZCZLwbP2SkTjl7R2hQfRSE=; b=XCkCjCGivdu1SZpZ80CfsTNAO9gN7LUrkuuFwRM625rHHAxxLc7AjP3wCLjryh4sMddcxx3Z1hZWJyHtOh8XVeNmVfQLGSv9GmzZ9DzVVgyG0QZKsZ7mTLEx9nP313mABzlkEa7sg9isNi4rmlRRPjMRKbJXH4QzueGLI5U4NIw= Received: from MN2PR01CA0031.prod.exchangelabs.com (2603:10b6:208:10c::44) by SJ2PR12MB9191.namprd12.prod.outlook.com (2603:10b6:a03:55a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Wed, 8 Jan 2025 20:26:01 +0000 Received: from DS3PEPF000099DC.namprd04.prod.outlook.com (2603:10b6:208:10c:cafe::2e) by MN2PR01CA0031.outlook.office365.com (2603:10b6:208:10c::44) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.12 via Frontend Transport; Wed, 8 Jan 2025 20:25:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DC.mail.protection.outlook.com (10.167.17.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:59 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:54 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 34/35] x86/bugs: Add attack vector controls for srso Date: Wed, 8 Jan 2025 14:25:14 -0600 Message-ID: <20250108202515.385902-35-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DC:EE_|SJ2PR12MB9191:EE_ X-MS-Office365-Filtering-Correlation-Id: b1c15eeb-69cf-4165-82ab-08dd3022aa3d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|7416014|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?SH0B0iD7GTJyEVwftvIRBtRZCPalsQuP+wXIl+etCWBHH0xp2aBZ49Z0uLqt?= =?us-ascii?Q?F0kbj/PFSrvhlokkZInJVt+rnyGeYLHX/tYAccaikr4IqeYWWDbxJRHiNfxn?= =?us-ascii?Q?zo8RJCIMnXgr7yF4RiCck+USkYvavQZlboVWJAPknyU5Pqt05vpms0vpEt3m?= =?us-ascii?Q?x7DSPwWqFwEPMS+lTdKbcY9saD9u7D1THy12zmlwgkFh8ovmsEhlyNICN5+W?= =?us-ascii?Q?o9q5erAfWftR1RGcVNH653ax+zL64mk/OmcdjNUSsR5at5fqUhKabYxs3IYJ?= =?us-ascii?Q?+0bQbrgq8S0S+tMVMJwnNPZJXEnO1KkXifP0ydaDm08NnpDIUF8XuxybxA5w?= =?us-ascii?Q?6kmAqTyrCMcU4b4Qh/9Dbi+nHJHCohAUZ3OKUmircthT46vsgQiheUmrn6gd?= =?us-ascii?Q?wYX4NS3XDpd+CafH4zF9qUXw/xvxdb1doi9fhibX7VJ4onZ0NQwErE14PyS+?= =?us-ascii?Q?qUx6KNzIOcP/31KkEoSHQSG3iAKBJ5gC1Yc9ubswLgImq7EQLne6PF6+FtYO?= =?us-ascii?Q?i92d5hMp0UdcBYp5QftYi0DA9T2+ijhnhX0iBZw3tZOrdaGNm/jiE76ylF83?= =?us-ascii?Q?SR/ub1cf+u7W/s+h0UuzGNCJYuLVKPtdqcaekvNwWzB0LOOF6sHYgZtUzqUi?= =?us-ascii?Q?JpDp1Zq2XOinR6fwFcQKrQHmTvLl02zX+GbNJqoxLb5iA5R0PBlQlql/E55S?= =?us-ascii?Q?17E6P9sdOfmtgg37hP5eJ1Bt0OVb2cSvUZhgr4NapTbD1I40OfsF6MdLjdJg?= =?us-ascii?Q?Xx50jaTTvEKloBQjFcVmDAbpInP80tFA1wiAc1b8uCeRiE3D0sgp5qLwklYO?= =?us-ascii?Q?SbgsP8T9VC4GtFFBJmCbxO47QmhwoQKbrqINhXothtryC0p4fDih2nU2fQvm?= =?us-ascii?Q?432HToQVw7s0uvMfm4+2xXE5jxqBHtnQyML3eT5A4zVBCliKd5Sfvwz/it0+?= =?us-ascii?Q?uW9jsFHg+DWvtSSS1otbn/ZWS8UKlB5Qg8IWplf1PUJN1piDKzbLzJrfJaC4?= =?us-ascii?Q?DNdfXCsmF/OQ03pMdWl43pKfTQwOGSWhbC21IxZ5nGbij1Sg1Kl61+wEgy19?= =?us-ascii?Q?U48pI0q2zP5457P6OfpZdDJ/M5syC2WSmKN+7MhSdfQu0wwVFCCorft40O+o?= =?us-ascii?Q?YIJ+zgaoHJndhS4c0wjKVnyq7f50XUoqFfDNsBlo7uAYk+9WIm4KFsRybppZ?= =?us-ascii?Q?vS6mMawwDWsdBsYUgNngb5jiDBS9SwXS+GD1GTF+mlVpKKDf6mDbtMm5u+oX?= =?us-ascii?Q?+HuvjzrF/Q604qWPu8O25yAnBGWqVMhM4ZGk+rg0B6sk9lmcqIXFcKv6juu6?= =?us-ascii?Q?+d+fuSZ6bDf5FTt170rt8bRSFhk9T0YG5YiEhHpIPaQTu2SQ2He8lB24FZGc?= =?us-ascii?Q?Re3UUKmZAZ8XTbVm9jxl+4qmqDJ2JbJRi/xtSc9HqLGJvOnq9SLVe08ZMkp2?= =?us-ascii?Q?b7/nASzV6WkIom1VxRF8rz3zgb2yp3b/A9JnwTDO8zbOZNLsFuBsmWPpB/ct?= =?us-ascii?Q?tnu98EKhZINxsDU=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(7416014)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:59.8563 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b1c15eeb-69cf-4165-82ab-08dd3022aa3d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB9191 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if srso mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 2e3b4d768d6b..91e00d4de8df 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2922,8 +2922,14 @@ static void __init srso_select_mitigation(void) if (srso_mitigation =3D=3D SRSO_MITIGATION_NONE) return; =20 - if (srso_mitigation =3D=3D SRSO_MITIGATION_AUTO) - srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; + if (srso_mitigation =3D=3D SRSO_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_SRSO)) + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; + else { + srso_mitigation =3D SRSO_MITIGATION_NONE; + return; + } + } =20 if (has_microcode) { /* --=20 2.34.1