This is a note to let you know that I've just added the patch titled
x86/srso: Disable the mitigation on unaffected configurations
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86-srso-disable-the-mitigation-on-unaffected-configurations.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From e9fbc47b818b964ddff5df5b2d5c0f5f32f4a147 Mon Sep 17 00:00:00 2001
From: "Borislav Petkov (AMD)" <bp@xxxxxxxxx>
Date: Sun, 13 Aug 2023 12:39:34 +0200
Subject: x86/srso: Disable the mitigation on unaffected configurations
From: Borislav Petkov (AMD) <bp@xxxxxxxxx>
commit e9fbc47b818b964ddff5df5b2d5c0f5f32f4a147 upstream.
Skip the srso cmd line parsing which is not needed on Zen1/2 with SMT
disabled and with the proper microcode applied (latter should be the
case anyway) as those are not affected.
Fixes: 5a15d8348881 ("x86/srso: Tie SBPB bit setting to microcode patch detection")
Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
Link: https://lore.kernel.org/r/20230813104517.3346-1-bp@xxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2399,8 +2399,10 @@ static void __init srso_select_mitigatio
* IBPB microcode has been applied.
*/
if ((boot_cpu_data.x86 < 0x19) &&
- (!cpu_smt_possible() || (cpu_smt_control == CPU_SMT_DISABLED)))
+ (!cpu_smt_possible() || (cpu_smt_control == CPU_SMT_DISABLED))) {
setup_force_cpu_cap(X86_FEATURE_SRSO_NO);
+ return;
+ }
}
if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
@@ -2686,6 +2688,9 @@ static ssize_t gds_show_state(char *buf)
static ssize_t srso_show_state(char *buf)
{
+ if (boot_cpu_has(X86_FEATURE_SRSO_NO))
+ return sysfs_emit(buf, "Not affected\n");
+
return sysfs_emit(buf, "%s%s\n",
srso_strings[srso_mitigation],
(cpu_has_ibpb_brtype_microcode() ? "" : ", no microcode"));
Patches currently in stable-queue which might be from bp@xxxxxxxxx are
queue-5.15/x86-cpu-fix-up-srso_safe_ret-and-__x86_return_thunk.patch
queue-5.15/x86-cpu-cleanup-the-untrain-mess.patch
queue-5.15/objtool-x86-fixup-frame-pointer-vs-rethunk.patch
queue-5.15/x86-srso-correct-the-mitigation-status-when-smt-is-disabled.patch
queue-5.15/x86-retpoline-don-t-clobber-rflags-during-srso_safe_ret.patch
queue-5.15/x86-retpoline-kprobes-fix-position-of-thunk-sections-with-config_lto_clang.patch
queue-5.15/x86-cpu-amd-fix-the-div-0-initial-fix-attempt.patch
queue-5.15/x86-cpu-rename-srso_-.-_alias-to-srso_alias_-1.patch
queue-5.15/x86-srso-explain-the-untraining-sequences-a-bit-more.patch
queue-5.15/x86-alternative-make-custom-return-thunk-unconditional.patch
queue-5.15/x86-cpu-rename-original-retbleed-methods.patch
queue-5.15/x86-cpu-clean-up-srso-return-thunk-mess.patch
queue-5.15/x86-srso-disable-the-mitigation-on-unaffected-configurations.patch
queue-5.15/x86-cpu-fix-__x86_return_thunk-symbol-type.patch
