x86/bugs: Add attack vector controls for SRBDS

Use attack vector controls to determine if SRBDS mitigation is required.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250707183316.1349127-10-david.kaplan@amd.com

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index a557d174a7519e3fc8f32572b423c4f28f50905a..de0b5efb0652eaf620830bc238daa6d8268c6da4 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -870,13 +870,19 @@ void update_srbds_msr(void)
 
 static void __init srbds_select_mitigation(void)
 {
-       if (!boot_cpu_has_bug(X86_BUG_SRBDS) || cpu_mitigations_off()) {
+       if (!boot_cpu_has_bug(X86_BUG_SRBDS)) {
                srbds_mitigation = SRBDS_MITIGATION_OFF;
                return;
        }
 
-       if (srbds_mitigation == SRBDS_MITIGATION_AUTO)
-               srbds_mitigation = SRBDS_MITIGATION_FULL;
+       if (srbds_mitigation == SRBDS_MITIGATION_AUTO) {
+               if (should_mitigate_vuln(X86_BUG_SRBDS))
+                       srbds_mitigation = SRBDS_MITIGATION_FULL;
+               else {
+                       srbds_mitigation = SRBDS_MITIGATION_OFF;
+                       return;
+               }
+       }
 
        /*
         * Check to see if this is one of the MDS_NO systems supporting TSX that