diff options
author | David Kaplan <david.kaplan@amd.com> | 2025-09-15 08:47:06 -0500 |
---|---|---|
committer | Borislav Petkov (AMD) <bp@alien8.de> | 2025-09-16 13:32:18 +0200 |
commit | 930f2361fe542a00de9ce6070b1b6edb976f1165 (patch) | |
tree | bc301b1b020be4725aac5d4321a624dff9eca468 | |
parent | d1cc1baef67ac6c09b74629ca053bf3fb812f7dc (diff) |
x86/bugs: Report correct retbleed mitigation status
On Intel CPUs, the default retbleed mitigation is IBRS/eIBRS but this
requires that a similar spectre_v2 mitigation is applied. If the user
selects a different spectre_v2 mitigation (like spectre_v2=retpoline) a
warning is printed but sysfs will still report 'Mitigation: IBRS' or
'Mitigation: Enhanced IBRS'. This is incorrect because retbleed is not
mitigated, and IBRS is not actually set.
Fix this by choosing RETBLEED_MITIGATION_NONE in this scenario so the
kernel correctly reports the system as vulnerable to retbleed.
Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250915134706.3201818-1-david.kaplan@amd.com
-rw-r--r-- | arch/x86/kernel/cpu/bugs.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 66dbb3bd2791..6a526ae1fe99 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1462,8 +1462,10 @@ static void __init retbleed_update_mitigation(void) retbleed_mitigation = RETBLEED_MITIGATION_EIBRS; break; default: - if (retbleed_mitigation != RETBLEED_MITIGATION_STUFF) + if (retbleed_mitigation != RETBLEED_MITIGATION_STUFF) { pr_err(RETBLEED_INTEL_MSG); + retbleed_mitigation = RETBLEED_MITIGATION_NONE; + } } } |