The following commit has been merged into the x86/bugs branch of tip:
Commit-ID: eda718fde6159b2e64978637ebb3f1ae98180555
Gitweb: https://git.kernel.org/tip/eda718fde6159b2e64978637ebb3f1ae98180555
Author: David Kaplan <david.kaplan@amd.com>
AuthorDate: Mon, 07 Jul 2025 13:33:12 -05:00
Committer: Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Fri, 11 Jul 2025 17:56:41 +02:00
x86/bugs: Add attack vector controls for SRSO
Use attack vector controls to determine if SRSO mitigation is required.
Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250707183316.1349127-18-david.kaplan@amd.com
---
arch/x86/kernel/cpu/bugs.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 2128623..eef6ccd 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -3123,14 +3123,19 @@ early_param("spec_rstack_overflow", srso_parse_cmdline);
static void __init srso_select_mitigation(void)
{
- if (!boot_cpu_has_bug(X86_BUG_SRSO) || cpu_mitigations_off())
+ if (!boot_cpu_has_bug(X86_BUG_SRSO)) {
srso_mitigation = SRSO_MITIGATION_NONE;
-
- if (srso_mitigation == SRSO_MITIGATION_NONE)
return;
+ }
- if (srso_mitigation == SRSO_MITIGATION_AUTO)
- srso_mitigation = SRSO_MITIGATION_SAFE_RET;
+ if (srso_mitigation == SRSO_MITIGATION_AUTO) {
+ if (should_mitigate_vuln(X86_BUG_SRSO)) {
+ srso_mitigation = SRSO_MITIGATION_SAFE_RET;
+ } else {
+ srso_mitigation = SRSO_MITIGATION_NONE;
+ return;
+ }
+ }
/* Zen1/2 with SMT off aren't vulnerable to SRSO. */
if (boot_cpu_data.x86 < 0x19 && !cpu_smt_possible()) {