Merge tag 'x86_bugs_for_v6.14_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 CPU speculation update from Borislav Petkov: - Add support for AMD hardware which is not affected by SRSO on the user/kernel attack vector and advertise it to guest userspace * tag 'x86_bugs_for_v6.14_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace x86/bugs: Add SRSO_USER_KERNEL_NO support
author: Linus Torvalds <torvalds@linux-foundation.org> 2025-01-21 08:22:40 -0800
committer: Linus Torvalds <torvalds@linux-foundation.org> 2025-01-21 08:22:40 -0800
commit: d80825ee4a34a1b108aee51cd0302be0ab7943fa (patch)
tree: a9fedf8b4d0489da4ad19b4fda0c6b108f7b48e0 /arch/x86/kernel/cpu/bugs.c
parent: 0763dd892855aca05c4b45bc3a5da439d5f009ae (diff)
parent: 716f86b523d8ec3c17015ee0b03135c7aa6f2f08 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 47a01d4028f6..5a505aa65489 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2615,6 +2615,9 @@ static void __init srso_select_mitigation(void)
 		break;
 
 	case SRSO_CMD_SAFE_RET:
+		if (boot_cpu_has(X86_FEATURE_SRSO_USER_KERNEL_NO))
+			goto ibpb_on_vmexit;
+
 		if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) {
 			/*
 			 * Enable the return thunk for generated code
@@ -2658,6 +2661,7 @@ static void __init srso_select_mitigation(void)
 		}
 		break;
 
+ibpb_on_vmexit:
 	case SRSO_CMD_IBPB_ON_VMEXIT:
 		if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) {
 			if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) {
author	Linus Torvalds <torvalds@linux-foundation.org>	2025-01-21 08:22:40 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	2025-01-21 08:22:40 -0800
commit	d80825ee4a34a1b108aee51cd0302be0ab7943fa (patch)
tree	a9fedf8b4d0489da4ad19b4fda0c6b108f7b48e0 /arch/x86/kernel/cpu/bugs.c
parent	0763dd892855aca05c4b45bc3a5da439d5f009ae (diff)
parent	716f86b523d8ec3c17015ee0b03135c7aa6f2f08 (diff)