x86/pti: Add attack vector controls for PTI

Disable PTI mitigation if user->kernel attack vector mitigations are disabled. Signed-off-by: David Kaplan <david.kaplan@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/20250707183316.1349127-20-david.kaplan@amd.com
author: David Kaplan <david.kaplan@amd.com> 2025-07-07 13:33:14 -0500
committer: Borislav Petkov (AMD) <bp@alien8.de> 2025-07-11 17:56:41 +0200
commit: 02c7d5b8e0d123185817f533ed12622ed1c695e5 (patch)
tree: dd7aa7daf2a2d4e2a77877995c46eb42277ccdcf
parent: 0cdd2c4f35cf9bb9466b36724b658d11ff453f04 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 190299834011..6dba18f8c715 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -38,6 +38,7 @@
 #include <asm/desc.h>
 #include <asm/sections.h>
 #include <asm/set_memory.h>
+#include <asm/bugs.h>
 
 #undef pr_fmt
 #define pr_fmt(fmt)     "Kernel/User page tables isolation: " fmt
@@ -84,7 +85,8 @@ void __init pti_check_boottime_disable(void)
 		return;
 	}
 
-	if (cpu_mitigations_off())
+	if (pti_mode == PTI_AUTO &&
+	    !cpu_attack_vector_mitigated(CPU_MITIGATE_USER_KERNEL))
 		pti_mode = PTI_FORCE_OFF;
 	if (pti_mode == PTI_FORCE_OFF) {
 		pti_print_if_insecure("disabled on command line.");
author	David Kaplan <david.kaplan@amd.com>	2025-07-07 13:33:14 -0500
committer	Borislav Petkov (AMD) <bp@alien8.de>	2025-07-11 17:56:41 +0200
commit	02c7d5b8e0d123185817f533ed12622ed1c695e5 (patch)
tree	dd7aa7daf2a2d4e2a77877995c46eb42277ccdcf
parent	0cdd2c4f35cf9bb9466b36724b658d11ff453f04 (diff)