Commit 5ece59a2 authored by David Kaplan's avatar David Kaplan Committed by Borislav Petkov (AMD)
Browse files

x86/bugs: Restructure SSB mitigation 



Restructure SSB to use select/apply functions to create consistent
vulnerability handling.

Remove __ssb_select_mitigation() and split the functionality between the
select/apply functions.

Signed-off-by: default avatarDavid Kaplan <david.kaplan@amd.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/20250418161721.1855190-15-david.kaplan@amd.com
parent 480e803d

arch/x86/kernel/cpu/bugs.c

+17 −19
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ static void __init spectre_v2_user_select_mitigation(void); 
static void __init spectre_v2_user_update_mitigation(void);

static void __init spectre_v2_user_apply_mitigation(void);

static void __init ssb_select_mitigation(void);

static void __init ssb_apply_mitigation(void);

static void __init l1tf_select_mitigation(void);

static void __init mds_select_mitigation(void);

static void __init mds_update_mitigation(void);
@@ -243,6 +244,7 @@ void __init cpu_select_mitigations(void) 
	spectre_v2_apply_mitigation();

	retbleed_apply_mitigation();

	spectre_v2_user_apply_mitigation();

	ssb_apply_mitigation();

	mds_apply_mitigation();

	taa_apply_mitigation();

	mmio_apply_mitigation();
@@ -2219,19 +2221,18 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) 
	return cmd;

}



static enum ssb_mitigation __init __ssb_select_mitigation(void)

static void __init ssb_select_mitigation(void)

{

	enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE;

	enum ssb_mitigation_cmd cmd;



	if (!boot_cpu_has(X86_FEATURE_SSBD))

		return mode;

		goto out;



	cmd = ssb_parse_cmdline();

	if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) &&

	    (cmd == SPEC_STORE_BYPASS_CMD_NONE ||

	     cmd == SPEC_STORE_BYPASS_CMD_AUTO))

		return mode;

		return;



	switch (cmd) {

	case SPEC_STORE_BYPASS_CMD_SECCOMP:
@@ -2240,28 +2241,35 @@ static enum ssb_mitigation __init __ssb_select_mitigation(void) 
		 * enabled.

		 */

		if (IS_ENABLED(CONFIG_SECCOMP))

			mode = SPEC_STORE_BYPASS_SECCOMP;

			ssb_mode = SPEC_STORE_BYPASS_SECCOMP;

		else

			mode = SPEC_STORE_BYPASS_PRCTL;

			ssb_mode = SPEC_STORE_BYPASS_PRCTL;

		break;

	case SPEC_STORE_BYPASS_CMD_ON:

		mode = SPEC_STORE_BYPASS_DISABLE;

		ssb_mode = SPEC_STORE_BYPASS_DISABLE;

		break;

	case SPEC_STORE_BYPASS_CMD_AUTO:

	case SPEC_STORE_BYPASS_CMD_PRCTL:

		mode = SPEC_STORE_BYPASS_PRCTL;

		ssb_mode = SPEC_STORE_BYPASS_PRCTL;

		break;

	case SPEC_STORE_BYPASS_CMD_NONE:

		break;

	}



out:

	if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))

		pr_info("%s\n", ssb_strings[ssb_mode]);

}



static void __init ssb_apply_mitigation(void)

{

	/*

	 * We have three CPU feature flags that are in play here:

	 *  - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible.

	 *  - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass

	 *  - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation

	 */

	if (mode == SPEC_STORE_BYPASS_DISABLE) {

	if (ssb_mode == SPEC_STORE_BYPASS_DISABLE) {

		setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE);

		/*

		 * Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD may
@@ -2275,16 +2283,6 @@ static enum ssb_mitigation __init __ssb_select_mitigation(void) 
			update_spec_ctrl(x86_spec_ctrl_base);

		}

	}



	return mode;

}



static void ssb_select_mitigation(void)

{

	ssb_mode = __ssb_select_mitigation();



	if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))

		pr_info("%s\n", ssb_strings[ssb_mode]);

}



#undef pr_fmt