| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <174618201022.22196.8778383511604906614.tip-bot2@tip-bot2>
Date: Fri, 02 May 2025 10:33:30 -0000
From: "tip-bot2 for David Kaplan" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: David Kaplan <david.kaplan@....com>,
"Borislav Petkov (AMD)" <bp@...en8.de>, Josh Poimboeuf <jpoimboe@...nel.org>,
x86@...nel.org, linux-kernel@...r.kernel.org
Subject: [tip: x86/bugs] x86/bugs: Restructure SRBDS mitigation
The following commit has been merged into the x86/bugs branch of tip:
Commit-ID: 2178ac58e176d8e1e4529b02647f5e549bb88405
Gitweb: https://git.kernel.org/tip/2178ac58e176d8e1e4529b02647f5e549bb88405
Author: David Kaplan <david.kaplan@....com>
AuthorDate: Fri, 18 Apr 2025 11:17:11 -05:00
Committer: Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Mon, 28 Apr 2025 15:05:41 +02:00
x86/bugs: Restructure SRBDS mitigation
Restructure SRBDS to use select/apply functions to create consistent
vulnerability handling.
Define new AUTO mitigation for SRBDS.
Signed-off-by: David Kaplan <david.kaplan@....com>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@...nel.org>
Link: https://lore.kernel.org/20250418161721.1855190-7-david.kaplan@amd.com
---
arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 98476b8..25b74a7 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -72,6 +72,7 @@ static void __init rfds_select_mitigation(void);
static void __init rfds_update_mitigation(void);
static void __init rfds_apply_mitigation(void);
static void __init srbds_select_mitigation(void);
+static void __init srbds_apply_mitigation(void);
static void __init l1d_flush_select_mitigation(void);
static void __init srso_select_mitigation(void);
static void __init gds_select_mitigation(void);
@@ -225,6 +226,7 @@ void __init cpu_select_mitigations(void)
taa_apply_mitigation();
mmio_apply_mitigation();
rfds_apply_mitigation();
+ srbds_apply_mitigation();
}
/*
@@ -693,6 +695,7 @@ early_param("reg_file_data_sampling", rfds_parse_cmdline);
enum srbds_mitigations {
SRBDS_MITIGATION_OFF,
+ SRBDS_MITIGATION_AUTO,
SRBDS_MITIGATION_UCODE_NEEDED,
SRBDS_MITIGATION_FULL,
SRBDS_MITIGATION_TSX_OFF,
@@ -700,7 +703,7 @@ enum srbds_mitigations {
};
static enum srbds_mitigations srbds_mitigation __ro_after_init =
- IS_ENABLED(CONFIG_MITIGATION_SRBDS) ? SRBDS_MITIGATION_FULL : SRBDS_MITIGATION_OFF;
+ IS_ENABLED(CONFIG_MITIGATION_SRBDS) ? SRBDS_MITIGATION_AUTO : SRBDS_MITIGATION_OFF;
static const char * const srbds_strings[] = {
[SRBDS_MITIGATION_OFF] = "Vulnerable",
@@ -751,8 +754,13 @@ void update_srbds_msr(void)
static void __init srbds_select_mitigation(void)
{
- if (!boot_cpu_has_bug(X86_BUG_SRBDS))
+ if (!boot_cpu_has_bug(X86_BUG_SRBDS) || cpu_mitigations_off()) {
+ srbds_mitigation = SRBDS_MITIGATION_OFF;
return;
+ }
+
+ if (srbds_mitigation == SRBDS_MITIGATION_AUTO)
+ srbds_mitigation = SRBDS_MITIGATION_FULL;
/*
* Check to see if this is one of the MDS_NO systems supporting TSX that
@@ -766,13 +774,17 @@ static void __init srbds_select_mitigation(void)
srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR;
else if (!boot_cpu_has(X86_FEATURE_SRBDS_CTRL))
srbds_mitigation = SRBDS_MITIGATION_UCODE_NEEDED;
- else if (cpu_mitigations_off() || srbds_off)
+ else if (srbds_off)
srbds_mitigation = SRBDS_MITIGATION_OFF;
- update_srbds_msr();
pr_info("%s\n", srbds_strings[srbds_mitigation]);
}
+static void __init srbds_apply_mitigation(void)
+{
+ update_srbds_msr();
+}
+
static int __init srbds_parse_cmdline(char *str)
{
if (!str)
Powered by blists - more mailing lists