Google Git
Sign in
cos / third_party / kernel / f9c6aec2a6dd0d5651d421592463c74aeaa54a8c
commitf9c6aec2a6dd0d5651d421592463c74aeaa54a8c[log] [tgz]
authorBorislav Petkov (AMD) <bp@alien8.de>Mon Nov 11 17:22:08 2024 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Sep 25 11:13:49 2025 +0200
tree825cccf0326e98e39a74e7980e65fcd38a6b65c0
parent0a3ac13d8686d24fb96994269e4338fa8fa211b8 [diff]
x86/bugs: Add SRSO_USER_KERNEL_NO support

commit 877818802c3e970f67ccb53012facc78bef5f97a upstream.

If the machine has:

  CPUID Fn8000_0021_EAX[30] (SRSO_USER_KERNEL_NO) -- If this bit is 1,
  it indicates the CPU is not subject to the SRSO vulnerability across
  user/kernel boundaries.

have it fall back to IBPB on VMEXIT only, in the case it is going to run
VMs:

  Speculative Return Stack Overflow: Mitigation: IBPB on VMEXIT only

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
Link: https://lore.kernel.org/r/20241202120416.6054-2-bp@kernel.org
[ Harshit: Conflicts resolved as this commit: 7c62c442b6eb ("x86/vmscape:
  Enumerate VMSCAPE bug") has been applied already to 6.12.y ]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2 files changed
tree: 825cccf0326e98e39a74e7980e65fcd38a6b65c0
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .clippy.toml
  27. .cocciconfig
  28. .editorconfig
  29. .get_maintainer.ignore
  30. .gitattributes
  31. .gitignore
  32. .mailmap
  33. .rustfmt.toml
  34. COPYING
  35. CREDITS
  36. Kbuild
  37. Kconfig
  38. MAINTAINERS
  39. Makefile
  40. README