Commit 4fa7d880 authored by David Kaplan's avatar David Kaplan Committed by Borislav Petkov (AMD)
Browse files

x86/bugs: Select best SRSO mitigation 



The SRSO bug can theoretically be used to conduct user->user or guest->guest
attacks and requires a mitigation (namely IBPB instead of SBPB on context
switch) for these.  So mark SRSO as being applicable to the user->user and
guest->guest attack vectors.

Additionally, SRSO supports multiple mitigations which mitigate different
potential attack vectors.  Some CPUs are also immune to SRSO from
certain attack vectors (like user->kernel).

Use the specific attack vectors requiring mitigation to select the best
SRSO mitigation to avoid unnecessary performance hits.

Signed-off-by: default avatarDavid Kaplan <david.kaplan@amd.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250721160310.1804203-1-david.kaplan@amd.com
parent 8f5ae30d

Documentation/admin-guide/hw-vuln/attack_vector_controls.rst

+1 −1
Original line number Diff line number Diff line
@@ -214,7 +214,7 @@ Spectre_v1 X 
Spectre_v2            X                           X

Spectre_v2_user                      X                           X            *       (Note 1)

SRBDS                 X              X            X              X

SRSO                  X                           X

SRSO                  X              X            X              X

SSB                                                                                   (Note 4)

TAA                   X              X            X              X            *       (Note 2)

TSA                   X              X            X              X

arch/x86/kernel/cpu/bugs.c

+11 −2
Original line number Diff line number Diff line
@@ -386,7 +386,6 @@ static bool __init should_mitigate_vuln(unsigned int bug) 


	case X86_BUG_SPECTRE_V2:

	case X86_BUG_RETBLEED:

	case X86_BUG_SRSO:

	case X86_BUG_L1TF:

	case X86_BUG_ITS:

		return cpu_attack_vector_mitigated(CPU_MITIGATE_USER_KERNEL) ||
@@ -3184,8 +3183,18 @@ static void __init srso_select_mitigation(void) 
	}



	if (srso_mitigation == SRSO_MITIGATION_AUTO) {

		if (should_mitigate_vuln(X86_BUG_SRSO)) {

		/*

		 * Use safe-RET if user->kernel or guest->host protection is

		 * required.  Otherwise the 'microcode' mitigation is sufficient

		 * to protect the user->user and guest->guest vectors.

		 */

		if (cpu_attack_vector_mitigated(CPU_MITIGATE_GUEST_HOST) ||

		    (cpu_attack_vector_mitigated(CPU_MITIGATE_USER_KERNEL) &&

		     !boot_cpu_has(X86_FEATURE_SRSO_USER_KERNEL_NO))) {

			srso_mitigation = SRSO_MITIGATION_SAFE_RET;

		} else if (cpu_attack_vector_mitigated(CPU_MITIGATE_USER_USER) ||

			   cpu_attack_vector_mitigated(CPU_MITIGATE_GUEST_GUEST)) {

			srso_mitigation = SRSO_MITIGATION_MICROCODE;

		} else {

			srso_mitigation = SRSO_MITIGATION_NONE;

			return;