From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, David Kaplan <david.kaplan@amd.com>,
"Borislav Petkov (AMD)" <bp@alien8.de>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.17 05/35] x86/bugs: Report correct retbleed mitigation status
Date: Fri, 31 Oct 2025 15:01:13 +0100 [thread overview]
Message-ID: <20251031140043.691582535@linuxfoundation.org> (raw)
In-Reply-To: <20251031140043.564670400@linuxfoundation.org>
6.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Kaplan <david.kaplan@amd.com>
[ Upstream commit 930f2361fe542a00de9ce6070b1b6edb976f1165 ]
On Intel CPUs, the default retbleed mitigation is IBRS/eIBRS but this
requires that a similar spectre_v2 mitigation is applied. If the user
selects a different spectre_v2 mitigation (like spectre_v2=retpoline) a
warning is printed but sysfs will still report 'Mitigation: IBRS' or
'Mitigation: Enhanced IBRS'. This is incorrect because retbleed is not
mitigated, and IBRS is not actually set.
Fix this by choosing RETBLEED_MITIGATION_NONE in this scenario so the
kernel correctly reports the system as vulnerable to retbleed.
Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250915134706.3201818-1-david.kaplan@amd.com
Stable-dep-of: 204ced4108f5 ("x86/bugs: Qualify RETBLEED_INTEL_MSG")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/bugs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 36dcfc5105be9..bf79ff6a1f662 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1460,8 +1460,10 @@ static void __init retbleed_update_mitigation(void)
retbleed_mitigation = RETBLEED_MITIGATION_EIBRS;
break;
default:
- if (retbleed_mitigation != RETBLEED_MITIGATION_STUFF)
+ if (retbleed_mitigation != RETBLEED_MITIGATION_STUFF) {
pr_err(RETBLEED_INTEL_MSG);
+ retbleed_mitigation = RETBLEED_MITIGATION_NONE;
+ }
}
}
--
2.51.0
next prev parent reply other threads:[~2025-10-31 14:06 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 14:01 [PATCH 6.17 00/35] 6.17.7-rc1 review Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 01/35] sched_ext: Move internal type and accessor definitions to ext_internal.h Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 02/35] sched_ext: Put event_stats_cpu in struct scx_sched_pcpu Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 03/35] sched_ext: Sync error_irq_work before freeing scx_sched Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 04/35] timekeeping: Fix aux clocks sysfs initialization loop bound Greg Kroah-Hartman
2025-10-31 14:01 ` Greg Kroah-Hartman [this message]
2025-10-31 14:01 ` [PATCH 6.17 06/35] x86/bugs: Qualify RETBLEED_INTEL_MSG Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 07/35] genirq/chip: Add buslock back in to irq_set_handler() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 08/35] genirq/manage: Add buslock back in to __disable_irq_nosync() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 09/35] genirq/manage: Add buslock back in to enable_irq() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 10/35] audit: record fanotify event regardless of presence of rules Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 11/35] EDAC/ie31200: Add two more Intel Alder Lake-S SoCs for EDAC support Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 12/35] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 13/35] perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 14/35] perf: Have get_perf_callchain() return NULL if crosstask and user are set Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 15/35] perf: Skip user unwind if the task is a kernel thread Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 16/35] EDAC: Fix wrong executable file modes for C source files Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 17/35] seccomp: passthrough uprobe systemcall without filtering Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 18/35] sched_ext: Keep bypass on between enable failure and scx_disable_workfn() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 19/35] x86/bugs: Add attack vector controls for VMSCAPE Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 20/35] sched/fair: update_cfs_group() for throttled cfs_rqs Greg Kroah-Hartman
2025-11-02 11:07 ` Aaron Lu
2025-11-02 12:21 ` Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 21/35] x86/bugs: Fix reporting of LFENCE retpoline Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 22/35] EDAC/mc_sysfs: Increase legacy channel support to 16 Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 23/35] cpuset: Use new excpus for nocpu error check when enabling root partition Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 24/35] btrfs: abort transaction on specific error places when walking log tree Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 25/35] btrfs: abort transaction in the process_one_buffer() log tree walk callback Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 26/35] btrfs: zoned: return error from btrfs_zone_finish_endio() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 27/35] btrfs: zoned: refine extent allocator hint selection Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 28/35] btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 29/35] btrfs: always drop log root tree reference in btrfs_replay_log() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 30/35] btrfs: use level argument in log tree walk callback replay_one_buffer() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 31/35] btrfs: abort transaction if we fail to update inode in log replay dir fixup Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 32/35] btrfs: tree-checker: add inode extref checks Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 33/35] btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 34/35] sched_ext: Make qmap dump operation non-destructive Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 35/35] arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Greg Kroah-Hartman
2025-10-31 14:58 ` [PATCH 6.17 00/35] 6.17.7-rc1 review Ronald Warsow
2025-10-31 16:59 ` Peter Schneider
2025-10-31 17:06 ` Dileep malepu
2025-10-31 19:35 ` Jon Hunter
2025-10-31 20:39 ` Pavel Machek
2025-10-31 22:35 ` Shuah Khan
2025-10-31 22:45 ` Achill Gilgenast
2025-10-31 22:58 ` Justin Forbes
2025-11-01 9:10 ` Naresh Kamboju
2025-11-01 9:56 ` Jeffrin Thalakkottoor
2025-11-01 11:37 ` Ron Economos
2025-11-01 19:31 ` Brett A C Sheffield
2025-11-01 21:16 ` Miguel Ojeda
2025-11-02 2:58 ` Takeshi Ogasawara
2025-11-03 16:50 ` Florian Fainelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251031140043.691582535@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@alien8.de \
--cc=david.kaplan@amd.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.