review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Josh Poimboeuf <jpoimboe@kernel.org>
	Tue, 5 Sep 2023 05:04:52 +0000 (22:04 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 20 Nov 2023 10:58:52 +0000 (11:58 +0100)
commit	0a958abffa5b3d8a2ef9ee8669146ec45f8d1bcf
tree	d027184a47517430e2c532d6cd89ef009eb8dd57	tree \| snapshot
parent	5b66cf0762ca31d17019d592ae5b06576494faff	commit \| diff

x86/srso: Fix vulnerability reporting for missing microcode

[ Upstream commit dc6306ad5b0dda040baf1fde3cfd458e6abfc4da ]

The SRSO default safe-ret mitigation is reported as "mitigated" even if
microcode hasn't been updated. That's wrong because userspace may still
be vulnerable to SRSO attacks due to IBPB not flushing branch type
predictions.

Report the safe-ret + !microcode case as vulnerable.

Also report the microcode-only case as vulnerable as it leaves the
kernel open to attacks.

Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/a8a14f97d1b0e03ec255c81637afdf4cf0ae9c99.1693889988.git.jpoimboe@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>

Documentation/admin-guide/hw-vuln/srso.rst		diff \| blob \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| history