diff options
| author | David Kaplan <david.kaplan@amd.com> | 2025-09-12 10:24:28 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-11-02 22:18:03 +0900 |
| commit | 28621b2b0a8c8cd5f12399bb124bcb1a5b7f08d1 (patch) | |
| tree | 2d36eb1168808a00c5ea22eaa49184f4831dd7af | |
| parent | 09a75f371298a7142ad2eb0af04a571d4cf57e50 (diff) | |
| download | linux-28621b2b0a8c8cd5f12399bb124bcb1a5b7f08d1.tar.gz linux-28621b2b0a8c8cd5f12399bb124bcb1a5b7f08d1.tar.bz2 linux-28621b2b0a8c8cd5f12399bb124bcb1a5b7f08d1.zip | |
x86/bugs: Add attack vector controls for VMSCAPE
[ Upstream commit 5799d5d8a6c877f03ad5b5a640977053be45059a ]
Use attack vector controls to select whether VMSCAPE requires mitigation,
similar to other bugs.
Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | Documentation/admin-guide/hw-vuln/attack_vector_controls.rst | 1 | ||||
| -rw-r--r-- | arch/x86/kernel/cpu/bugs.c | 14 |
2 files changed, 11 insertions, 4 deletions
diff --git a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst index 5964901d66e3..d0bdbd81dcf9 100644 --- a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst +++ b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst @@ -218,6 +218,7 @@ SRSO X X X X SSB X TAA X X X X * (Note 2) TSA X X X X +VMSCAPE X =============== ============== ============ ============= ============== ============ ======== Notes: diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 9750ce448e62..c6bb8e76eb98 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -434,6 +434,9 @@ static bool __init should_mitigate_vuln(unsigned int bug) case X86_BUG_SPEC_STORE_BYPASS: return cpu_attack_vector_mitigated(CPU_MITIGATE_USER_USER); + case X86_BUG_VMSCAPE: + return cpu_attack_vector_mitigated(CPU_MITIGATE_GUEST_HOST); + default: WARN(1, "Unknown bug %x\n", bug); return false; @@ -3308,15 +3311,18 @@ early_param("vmscape", vmscape_parse_cmdline); static void __init vmscape_select_mitigation(void) { - if (cpu_mitigations_off() || - !boot_cpu_has_bug(X86_BUG_VMSCAPE) || + if (!boot_cpu_has_bug(X86_BUG_VMSCAPE) || !boot_cpu_has(X86_FEATURE_IBPB)) { vmscape_mitigation = VMSCAPE_MITIGATION_NONE; return; } - if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) - vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER; + if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_VMSCAPE)) + vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER; + else + vmscape_mitigation = VMSCAPE_MITIGATION_NONE; + } } static void __init vmscape_update_mitigation(void) |