git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	David Kaplan <david.kaplan@amd.com>
	Mon, 7 Jul 2025 18:32:57 +0000 (13:32 -0500)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Fri, 11 Jul 2025 15:55:16 +0000 (17:55 +0200)
commit	19c24f7ee39af503b9731067b91add627b70ecb6
tree	756a246bace04dbe9156afa291ec62b4b72bfe2c	tree
parent	1caa1b0509eaec2ea111b875da4eddb44edc9ea5	commit \| diff

cpu: Define attack vectors

Define 4 new attack vectors that are used for controlling CPU speculation
mitigations. These may be individually disabled as part of the
mitigations= command line. Attack vector controls are combined with global
options like 'auto' or 'auto,nosmt' like 'mitigations=auto,no_user_kernel'.
The global options come first in the mitigations= string.

Cross-thread mitigations can either remain enabled fully, including
potentially disabling SMT ('auto,nosmt'), remain enabled except for
disabling SMT ('auto'), or entirely disabled through the new
'no_cross_thread' attack vector option.

The default settings for these attack vectors are consistent with existing
kernel defaults, other than the automatic disabling of VM-based attack
vectors if KVM support is not present.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250707183316.1349127-3-david.kaplan@amd.com

include/linux/cpu.h		diff \| blob \| blame \| history
kernel/cpu.c		diff \| blob \| blame \| history