| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <175075955023.406.17412527665448494816.tip-bot2@tip-bot2>
Date: Tue, 24 Jun 2025 10:05:50 -0000
From: "tip-bot2 for Pawan Gupta" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Borislav Petkov <bp@...en8.de>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: [tip: x86/bugs] x86/bugs: Avoid AUTO after the select step in the
retbleed mitigation
The following commit has been merged into the x86/bugs branch of tip:
Commit-ID: 98ff5c071d1cde9426b0bfa449c43d49ec58f1c4
Gitweb: https://git.kernel.org/tip/98ff5c071d1cde9426b0bfa449c43d49ec58f1c4
Author: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
AuthorDate: Wed, 11 Jun 2025 10:29:00 -07:00
Committer: Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Mon, 23 Jun 2025 12:16:23 +02:00
x86/bugs: Avoid AUTO after the select step in the retbleed mitigation
The retbleed select function leaves the mitigation to AUTO in some cases.
Moreover, the update function can also set the mitigation to AUTO. This
is inconsistent with other mitigations and requires explicit handling of
AUTO at the end of update step.
Make sure a mitigation gets selected in the select step, and do not change
it to AUTO in the update step. When no mitigation can be selected leave it
to NONE, which is what AUTO was getting changed to in the end.
Suggested-by: Borislav Petkov <bp@...en8.de>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
Acked-by: Borislav Petkov (AMD) <bp@...en8.de>
Link: https://lore.kernel.org/20250611-eibrs-fix-v4-1-5ff86cac6c61@linux.intel.com
---
arch/x86/kernel/cpu/bugs.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 7f94e6a..53649df 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1247,6 +1247,14 @@ static void __init retbleed_select_mitigation(void)
retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
else
retbleed_mitigation = RETBLEED_MITIGATION_NONE;
+ } else if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) {
+ /* Final mitigation depends on spectre-v2 selection */
+ if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED))
+ retbleed_mitigation = RETBLEED_MITIGATION_EIBRS;
+ else if (boot_cpu_has(X86_FEATURE_IBRS))
+ retbleed_mitigation = RETBLEED_MITIGATION_IBRS;
+ else
+ retbleed_mitigation = RETBLEED_MITIGATION_NONE;
}
}
@@ -1255,9 +1263,6 @@ static void __init retbleed_update_mitigation(void)
if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off())
return;
- if (retbleed_mitigation == RETBLEED_MITIGATION_NONE)
- goto out;
-
/*
* retbleed=stuff is only allowed on Intel. If stuffing can't be used
* then a different mitigation will be selected below.
@@ -1268,7 +1273,7 @@ static void __init retbleed_update_mitigation(void)
its_mitigation == ITS_MITIGATION_RETPOLINE_STUFF) {
if (spectre_v2_enabled != SPECTRE_V2_RETPOLINE) {
pr_err("WARNING: retbleed=stuff depends on spectre_v2=retpoline\n");
- retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
+ retbleed_mitigation = RETBLEED_MITIGATION_NONE;
} else {
if (retbleed_mitigation != RETBLEED_MITIGATION_STUFF)
pr_info("Retbleed mitigation updated to stuffing\n");
@@ -1294,15 +1299,11 @@ static void __init retbleed_update_mitigation(void)
if (retbleed_mitigation != RETBLEED_MITIGATION_STUFF)
pr_err(RETBLEED_INTEL_MSG);
}
- /* If nothing has set the mitigation yet, default to NONE. */
- if (retbleed_mitigation == RETBLEED_MITIGATION_AUTO)
- retbleed_mitigation = RETBLEED_MITIGATION_NONE;
}
-out:
+
pr_info("%s\n", retbleed_strings[retbleed_mitigation]);
}
-
static void __init retbleed_apply_mitigation(void)
{
bool mitigate_smt = false;
Powered by blists - more mailing lists