git.baikalelectronics.ru Git - kernel.git/commit

x86/speculation/srbds: Update SRBDS mitigation selection

commit c6d428e074d18b661ea58a5c55986ac949522e8c upstream

Currently, Linux disables SRBDS mitigation on CPUs not affected by
MDS and have the TSX feature disabled. On such CPUs, secrets cannot
be extracted from CPU fill buffers using MDS or TAA. Without SRBDS
mitigation, Processor MMIO Stale Data vulnerabilities can be used to
extract RDRAND, RDSEED, and EGETKEY data.

Do not disable SRBDS mitigation by default when CPU is also affected by
Processor MMIO Stale Data vulnerabilities.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
	Fri, 20 May 2022 03:33:13 +0000 (20:33 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 16 Jun 2022 11:30:34 +0000 (13:30 +0200)
commit	6a8b159ab58a7f8f4765841820b01f060cb3009d
tree	86f0101795c66e1dc6d5694a0fb44752a2b569f0	tree \| snapshot
parent	b0ad198285379e93137606c9fa89754c432e03d1	commit \| diff