git.ipfire.org Git - thirdparty/kernel/stable.git/commit

x86/speculation/srbds: Update SRBDS mitigation selection

commit 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19 upstream

Currently, Linux disables SRBDS mitigation on CPUs not affected by
MDS and have the TSX feature disabled. On such CPUs, secrets cannot
be extracted from CPU fill buffers using MDS or TAA. Without SRBDS
mitigation, Processor MMIO Stale Data vulnerabilities can be used to
extract RDRAND, RDSEED, and EGETKEY data.

Do not disable SRBDS mitigation by default when CPU is also affected by
Processor MMIO Stale Data vulnerabilities.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
	Fri, 20 May 2022 03:33:13 +0000 (20:33 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 16 Jun 2022 11:01:55 +0000 (13:01 +0200)
commit	ed4fa7697ca4039eed5142c983c5905e46039c36
tree	4f69813b8ff32eceb574b33c3336dfb7d67fec78	tree
parent	ae620928044d93e1ab9b785e931854ee033e52c7	commit \| diff