| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <175771248649.709179.5091056873593838180.tip-bot2@tip-bot2>
Date: Fri, 12 Sep 2025 21:28:06 -0000
From: "tip-bot2 for David Kaplan" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: David Kaplan <david.kaplan@....com>,
"Borislav Petkov (AMD)" <bp@...en8.de>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: [tip: x86/bugs] x86/bugs: Add attack vector controls for VMSCAPE
The following commit has been merged into the x86/bugs branch of tip:
Commit-ID: 5799d5d8a6c877f03ad5b5a640977053be45059a
Gitweb: https://git.kernel.org/tip/5799d5d8a6c877f03ad5b5a640977053be45059a
Author: David Kaplan <david.kaplan@....com>
AuthorDate: Fri, 12 Sep 2025 10:24:28 -05:00
Committer: Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Fri, 12 Sep 2025 23:19:29 +02:00
x86/bugs: Add attack vector controls for VMSCAPE
Use attack vector controls to select whether VMSCAPE requires mitigation,
similar to other bugs.
Signed-off-by: David Kaplan <david.kaplan@....com>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
---
Documentation/admin-guide/hw-vuln/attack_vector_controls.rst | 1 +-
arch/x86/kernel/cpu/bugs.c | 14 +++++--
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
index 5964901..d0bdbd8 100644
--- a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
+++ b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
@@ -218,6 +218,7 @@ SRSO X X X X
SSB X
TAA X X X X * (Note 2)
TSA X X X X
+VMSCAPE X
=============== ============== ============ ============= ============== ============ ========
Notes:
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 36dcfc5..e817bba 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -434,6 +434,9 @@ static bool __init should_mitigate_vuln(unsigned int bug)
case X86_BUG_SPEC_STORE_BYPASS:
return cpu_attack_vector_mitigated(CPU_MITIGATE_USER_USER);
+ case X86_BUG_VMSCAPE:
+ return cpu_attack_vector_mitigated(CPU_MITIGATE_GUEST_HOST);
+
default:
WARN(1, "Unknown bug %x\n", bug);
return false;
@@ -3304,15 +3307,18 @@ early_param("vmscape", vmscape_parse_cmdline);
static void __init vmscape_select_mitigation(void)
{
- if (cpu_mitigations_off() ||
- !boot_cpu_has_bug(X86_BUG_VMSCAPE) ||
+ if (!boot_cpu_has_bug(X86_BUG_VMSCAPE) ||
!boot_cpu_has(X86_FEATURE_IBPB)) {
vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
return;
}
- if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO)
- vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;
+ if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) {
+ if (should_mitigate_vuln(X86_BUG_VMSCAPE))
+ vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;
+ else
+ vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
+ }
}
static void __init vmscape_update_mitigation(void)
Powered by blists - more mailing lists