[PATCH v4 33/36] x86/bugs: Add attack vector controls for srso
From: David Kaplan
Date: Mon Mar 10 2025 - 12:48:33 EST
Use attack vector controls to determine if srso mitigation is required.
Signed-off-by: David Kaplan <david.kaplan@xxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index e38529f3022b..4e1fc1468870 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2858,14 +2858,19 @@ static void __init srso_select_mitigation(void)
{
bool has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE);
- if (!boot_cpu_has_bug(X86_BUG_SRSO) || cpu_mitigations_off())
+ if (!boot_cpu_has_bug(X86_BUG_SRSO)) {
srso_mitigation = SRSO_MITIGATION_NONE;
-
- if (srso_mitigation == SRSO_MITIGATION_NONE)
return;
+ }
- if (srso_mitigation == SRSO_MITIGATION_AUTO)
- srso_mitigation = SRSO_MITIGATION_SAFE_RET;
+ if (srso_mitigation == SRSO_MITIGATION_AUTO) {
+ if (should_mitigate_vuln(X86_BUG_SRSO))
+ srso_mitigation = SRSO_MITIGATION_SAFE_RET;
+ else {
+ srso_mitigation = SRSO_MITIGATION_NONE;
+ return;
+ }
+ }
if (has_microcode) {
/*
@@ -2921,7 +2926,7 @@ static void __init srso_update_mitigation(void)
boot_cpu_has(X86_FEATURE_IBPB_BRTYPE))
srso_mitigation = SRSO_MITIGATION_IBPB;
- if (boot_cpu_has_bug(X86_BUG_SRSO) && !cpu_mitigations_off())
+ if (boot_cpu_has_bug(X86_BUG_SRSO))
pr_info("%s\n", srso_strings[srso_mitigation]);
}
--
2.34.1