github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-26 16:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

x86/bugs: Add attack vector controls for SRSO

Browse Source 
Use attack vector controls to determine if SRSO mitigation is required.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250707183316.1349127-18-david.kaplan@amd.com
This commit is contained in:
David Kaplan 2025-07-07 13:33:12 -05:00 committed by Borislav Petkov (AMD)
parent 2f970a5269
commit eda718fde6
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
arch/x86/kernel/cpu/bugs.c
View File

@ -3123,14 +3123,19 @@ early_param("spec_rstack_overflow", srso_parse_cmdline);
static void __init srso_select_mitigation(void)
{
if (!boot_cpu_has_bug(X86_BUG_SRSO) || cpu_mitigations_off())
if (!boot_cpu_has_bug(X86_BUG_SRSO)) {
srso_mitigation = SRSO_MITIGATION_NONE;
if (srso_mitigation == SRSO_MITIGATION_NONE)
return;
}
if (srso_mitigation == SRSO_MITIGATION_AUTO)
srso_mitigation = SRSO_MITIGATION_SAFE_RET;
if (srso_mitigation == SRSO_MITIGATION_AUTO) {
if (should_mitigate_vuln(X86_BUG_SRSO)) {
srso_mitigation = SRSO_MITIGATION_SAFE_RET;
} else {
srso_mitigation = SRSO_MITIGATION_NONE;
return;
}
}
/* Zen1/2 with SMT off aren't vulnerable to SRSO. */
if (boot_cpu_data.x86 < 0x19 && !cpu_smt_possible()) {