x86/bugs: Add attack vector controls for GDS

Use attack vector controls to determine if GDS mitigation is required.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250707183316.1349127-11-david.kaplan@amd.com

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index de0b5efb0652eaf620830bc238daa6d8268c6da4..e9227e4a97732c52709c38f040f0a86ffbdd6e92 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1030,12 +1030,15 @@ static void __init gds_select_mitigation(void)
                return;
        }
 
-       if (cpu_mitigations_off())
-               gds_mitigation = GDS_MITIGATION_OFF;
        /* Will verify below that mitigation _can_ be disabled */
-
-       if (gds_mitigation == GDS_MITIGATION_AUTO)
-               gds_mitigation = GDS_MITIGATION_FULL;
+       if (gds_mitigation == GDS_MITIGATION_AUTO) {
+               if (should_mitigate_vuln(X86_BUG_GDS))
+                       gds_mitigation = GDS_MITIGATION_FULL;
+               else {
+                       gds_mitigation = GDS_MITIGATION_OFF;
+                       return;
+               }
+       }
 
        /* No microcode */
        if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL)) {