From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, David Kaplan <david.kaplan@amd.com>,
"Borislav Petkov (AMD)" <bp@alien8.de>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.17 19/35] x86/bugs: Add attack vector controls for VMSCAPE
Date: Fri, 31 Oct 2025 15:01:27 +0100 [thread overview]
Message-ID: <20251031140044.023887631@linuxfoundation.org> (raw)
In-Reply-To: <20251031140043.564670400@linuxfoundation.org>
6.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Kaplan <david.kaplan@amd.com>
[ Upstream commit 5799d5d8a6c877f03ad5b5a640977053be45059a ]
Use attack vector controls to select whether VMSCAPE requires mitigation,
similar to other bugs.
Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../admin-guide/hw-vuln/attack_vector_controls.rst | 1 +
arch/x86/kernel/cpu/bugs.c | 14 ++++++++++----
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
index 5964901d66e31..d0bdbd81dcf9f 100644
--- a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
+++ b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
@@ -218,6 +218,7 @@ SRSO X X X X
SSB X
TAA X X X X * (Note 2)
TSA X X X X
+VMSCAPE X
=============== ============== ============ ============= ============== ============ ========
Notes:
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 9750ce448e626..c6bb8e76eb984 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -434,6 +434,9 @@ static bool __init should_mitigate_vuln(unsigned int bug)
case X86_BUG_SPEC_STORE_BYPASS:
return cpu_attack_vector_mitigated(CPU_MITIGATE_USER_USER);
+ case X86_BUG_VMSCAPE:
+ return cpu_attack_vector_mitigated(CPU_MITIGATE_GUEST_HOST);
+
default:
WARN(1, "Unknown bug %x\n", bug);
return false;
@@ -3308,15 +3311,18 @@ early_param("vmscape", vmscape_parse_cmdline);
static void __init vmscape_select_mitigation(void)
{
- if (cpu_mitigations_off() ||
- !boot_cpu_has_bug(X86_BUG_VMSCAPE) ||
+ if (!boot_cpu_has_bug(X86_BUG_VMSCAPE) ||
!boot_cpu_has(X86_FEATURE_IBPB)) {
vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
return;
}
- if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO)
- vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;
+ if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) {
+ if (should_mitigate_vuln(X86_BUG_VMSCAPE))
+ vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;
+ else
+ vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
+ }
}
static void __init vmscape_update_mitigation(void)
--
2.51.0
next prev parent reply other threads:[~2025-10-31 14:05 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 14:01 [PATCH 6.17 00/35] 6.17.7-rc1 review Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 01/35] sched_ext: Move internal type and accessor definitions to ext_internal.h Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 02/35] sched_ext: Put event_stats_cpu in struct scx_sched_pcpu Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 03/35] sched_ext: Sync error_irq_work before freeing scx_sched Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 04/35] timekeeping: Fix aux clocks sysfs initialization loop bound Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 05/35] x86/bugs: Report correct retbleed mitigation status Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 06/35] x86/bugs: Qualify RETBLEED_INTEL_MSG Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 07/35] genirq/chip: Add buslock back in to irq_set_handler() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 08/35] genirq/manage: Add buslock back in to __disable_irq_nosync() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 09/35] genirq/manage: Add buslock back in to enable_irq() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 10/35] audit: record fanotify event regardless of presence of rules Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 11/35] EDAC/ie31200: Add two more Intel Alder Lake-S SoCs for EDAC support Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 12/35] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 13/35] perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 14/35] perf: Have get_perf_callchain() return NULL if crosstask and user are set Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 15/35] perf: Skip user unwind if the task is a kernel thread Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 16/35] EDAC: Fix wrong executable file modes for C source files Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 17/35] seccomp: passthrough uprobe systemcall without filtering Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 18/35] sched_ext: Keep bypass on between enable failure and scx_disable_workfn() Greg Kroah-Hartman
2025-10-31 14:01 ` Greg Kroah-Hartman [this message]
2025-10-31 14:01 ` [PATCH 6.17 20/35] sched/fair: update_cfs_group() for throttled cfs_rqs Greg Kroah-Hartman
2025-11-02 11:07 ` Aaron Lu
2025-11-02 12:21 ` Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 21/35] x86/bugs: Fix reporting of LFENCE retpoline Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 22/35] EDAC/mc_sysfs: Increase legacy channel support to 16 Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 23/35] cpuset: Use new excpus for nocpu error check when enabling root partition Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 24/35] btrfs: abort transaction on specific error places when walking log tree Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 25/35] btrfs: abort transaction in the process_one_buffer() log tree walk callback Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 26/35] btrfs: zoned: return error from btrfs_zone_finish_endio() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 27/35] btrfs: zoned: refine extent allocator hint selection Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 28/35] btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 29/35] btrfs: always drop log root tree reference in btrfs_replay_log() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 30/35] btrfs: use level argument in log tree walk callback replay_one_buffer() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 31/35] btrfs: abort transaction if we fail to update inode in log replay dir fixup Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 32/35] btrfs: tree-checker: add inode extref checks Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 33/35] btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 34/35] sched_ext: Make qmap dump operation non-destructive Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.17 35/35] arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Greg Kroah-Hartman
2025-10-31 14:58 ` [PATCH 6.17 00/35] 6.17.7-rc1 review Ronald Warsow
2025-10-31 16:59 ` Peter Schneider
2025-10-31 17:06 ` Dileep malepu
2025-10-31 19:35 ` Jon Hunter
2025-10-31 20:39 ` Pavel Machek
2025-10-31 22:35 ` Shuah Khan
2025-10-31 22:45 ` Achill Gilgenast
2025-10-31 22:58 ` Justin Forbes
2025-11-01 9:10 ` Naresh Kamboju
2025-11-01 9:56 ` Jeffrin Thalakkottoor
2025-11-01 11:37 ` Ron Economos
2025-11-01 19:31 ` Brett A C Sheffield
2025-11-01 21:16 ` Miguel Ojeda
2025-11-02 2:58 ` Takeshi Ogasawara
2025-11-03 16:50 ` Florian Fainelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251031140044.023887631@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@alien8.de \
--cc=david.kaplan@amd.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.