Commit 5799d5d8 authored by David Kaplan's avatar David Kaplan Committed by Borislav Petkov (AMD)
Browse files

x86/bugs: Add attack vector controls for VMSCAPE 



Use attack vector controls to select whether VMSCAPE requires mitigation,
similar to other bugs.

Signed-off-by: default avatarDavid Kaplan <david.kaplan@amd.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
parent 41bab90b

Documentation/admin-guide/hw-vuln/attack_vector_controls.rst

+1 −0
Original line number Diff line number Diff line
@@ -218,6 +218,7 @@ SRSO X X X X 
SSB                                  X

TAA                   X              X            X              X            *       (Note 2)

TSA                   X              X            X              X

VMSCAPE                                           X

=============== ============== ============ ============= ============== ============ ========



Notes:

arch/x86/kernel/cpu/bugs.c

+10 −4
Original line number Diff line number Diff line
@@ -434,6 +434,9 @@ static bool __init should_mitigate_vuln(unsigned int bug) 
	case X86_BUG_SPEC_STORE_BYPASS:

		return cpu_attack_vector_mitigated(CPU_MITIGATE_USER_USER);



	case X86_BUG_VMSCAPE:

		return cpu_attack_vector_mitigated(CPU_MITIGATE_GUEST_HOST);



	default:

		WARN(1, "Unknown bug %x\n", bug);

		return false;
@@ -3304,15 +3307,18 @@ early_param("vmscape", vmscape_parse_cmdline); 


static void __init vmscape_select_mitigation(void)

{

	if (cpu_mitigations_off() ||

	    !boot_cpu_has_bug(X86_BUG_VMSCAPE) ||

	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE) ||

	    !boot_cpu_has(X86_FEATURE_IBPB)) {

		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;

		return;

	}



	if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO)

	if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) {

		if (should_mitigate_vuln(X86_BUG_VMSCAPE))

			vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;

		else

			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;

	}

}



static void __init vmscape_update_mitigation(void)