summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kaplan <david.kaplan@amd.com>2025-09-15 08:47:06 -0500
committerBorislav Petkov (AMD) <bp@alien8.de>2025-09-16 13:32:18 +0200
commit930f2361fe542a00de9ce6070b1b6edb976f1165 (patch)
treebc301b1b020be4725aac5d4321a624dff9eca468
parentd1cc1baef67ac6c09b74629ca053bf3fb812f7dc (diff)
x86/bugs: Report correct retbleed mitigation status
On Intel CPUs, the default retbleed mitigation is IBRS/eIBRS but this requires that a similar spectre_v2 mitigation is applied. If the user selects a different spectre_v2 mitigation (like spectre_v2=retpoline) a warning is printed but sysfs will still report 'Mitigation: IBRS' or 'Mitigation: Enhanced IBRS'. This is incorrect because retbleed is not mitigated, and IBRS is not actually set. Fix this by choosing RETBLEED_MITIGATION_NONE in this scenario so the kernel correctly reports the system as vulnerable to retbleed. Signed-off-by: David Kaplan <david.kaplan@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/20250915134706.3201818-1-david.kaplan@amd.com
-rw-r--r--arch/x86/kernel/cpu/bugs.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 66dbb3bd2791..6a526ae1fe99 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1462,8 +1462,10 @@ static void __init retbleed_update_mitigation(void)
retbleed_mitigation = RETBLEED_MITIGATION_EIBRS;
break;
default:
- if (retbleed_mitigation != RETBLEED_MITIGATION_STUFF)
+ if (retbleed_mitigation != RETBLEED_MITIGATION_STUFF) {
pr_err(RETBLEED_INTEL_MSG);
+ retbleed_mitigation = RETBLEED_MITIGATION_NONE;
+ }
}
}