git.ipfire.org Git - thirdparty/linux.git/commit

author	Borislav Petkov (AMD) <bp@alien8.de>
	Mon, 11 Nov 2024 16:22:08 +0000 (17:22 +0100)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Mon, 30 Dec 2024 16:48:33 +0000 (17:48 +0100)
commit	877818802c3e970f67ccb53012facc78bef5f97a
tree	6e733248c5eb3f438a964bf520411d3be5624658	tree
parent	fc033cf25e612e840e545f8d5ad2edd6ba613ed5	commit \| diff

x86/bugs: Add SRSO_USER_KERNEL_NO support

If the machine has:

  CPUID Fn8000_0021_EAX[30] (SRSO_USER_KERNEL_NO) -- If this bit is 1,
  it indicates the CPU is not subject to the SRSO vulnerability across
  user/kernel boundaries.

have it fall back to IBPB on VMEXIT only, in the case it is going to run
VMs:

  Speculative Return Stack Overflow: Mitigation: IBPB on VMEXIT only

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
Link: https://lore.kernel.org/r/20241202120416.6054-2-bp@kernel.org

arch/x86/include/asm/cpufeatures.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/common.c		diff \| blob \| blame \| history