| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <175802726885.709179.3510577496146687695.tip-bot2@tip-bot2>
Date: Tue, 16 Sep 2025 12:54:28 -0000
From: "tip-bot2 for David Kaplan" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: David Kaplan <david.kaplan@....com>,
"Borislav Petkov (AMD)" <bp@...en8.de>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: [tip: x86/bugs] x86/bugs: Fix reporting of LFENCE retpoline
The following commit has been merged into the x86/bugs branch of tip:
Commit-ID: d1cc1baef67ac6c09b74629ca053bf3fb812f7dc
Gitweb: https://git.kernel.org/tip/d1cc1baef67ac6c09b74629ca053bf3fb812f7dc
Author: David Kaplan <david.kaplan@....com>
AuthorDate: Mon, 15 Sep 2025 08:47:05 -05:00
Committer: Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Tue, 16 Sep 2025 13:21:21 +02:00
x86/bugs: Fix reporting of LFENCE retpoline
The LFENCE retpoline mitigation is not secure but the kernel prints
inconsistent messages about this fact. The dmesg log says 'Mitigation:
LFENCE', implying the system is mitigated. But sysfs reports 'Vulnerable:
LFENCE' implying the system (correctly) is not mitigated.
Fix this by printing a consistent 'Vulnerable: LFENCE' string everywhere
when this mitigation is selected.
Signed-off-by: David Kaplan <david.kaplan@....com>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
Link: https://lore.kernel.org/20250915134706.3201818-1-david.kaplan@amd.com
---
arch/x86/kernel/cpu/bugs.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 145f877..66dbb3b 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2032,7 +2032,7 @@ static void __init spectre_v2_user_apply_mitigation(void)
static const char * const spectre_v2_strings[] = {
[SPECTRE_V2_NONE] = "Vulnerable",
[SPECTRE_V2_RETPOLINE] = "Mitigation: Retpolines",
- [SPECTRE_V2_LFENCE] = "Mitigation: LFENCE",
+ [SPECTRE_V2_LFENCE] = "Vulnerable: LFENCE",
[SPECTRE_V2_EIBRS] = "Mitigation: Enhanced / Automatic IBRS",
[SPECTRE_V2_EIBRS_LFENCE] = "Mitigation: Enhanced / Automatic IBRS + LFENCE",
[SPECTRE_V2_EIBRS_RETPOLINE] = "Mitigation: Enhanced / Automatic IBRS + Retpolines",
@@ -3559,9 +3559,6 @@ static const char *spectre_bhi_state(void)
static ssize_t spectre_v2_show_state(char *buf)
{
- if (spectre_v2_enabled == SPECTRE_V2_LFENCE)
- return sysfs_emit(buf, "Vulnerable: LFENCE\n");
-
if (spectre_v2_enabled == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled())
return sysfs_emit(buf, "Vulnerable: eIBRS with unprivileged eBPF\n");
Powered by blists - more mailing lists