Commit 894e2885 authored by Breno Leitao's avatar Breno Leitao Committed by Borislav Petkov (AMD)

x86/bugs: Add a separate config for RETBLEED

Currently, the CONFIG_SPECULATION_MITIGATIONS is halfway populated,
where some mitigations have entries in Kconfig, and they could be
modified, while others mitigations do not have Kconfig entries, and
could not be controlled at build time.

Create an entry for the RETBLEED CPU mitigation under
CONFIG_SPECULATION_MITIGATIONS. This allow users to enable or disable
it at compilation time.
Signed-off-by: default avatarBreno Leitao <leitao@debian.org>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Acked-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/20240729164105.554296-6-leitao@debian.org
parent 3a4ee4ff
...@@ -2692,6 +2692,19 @@ config MITIGATION_L1TF ...@@ -2692,6 +2692,19 @@ config MITIGATION_L1TF
hardware vulnerability which allows unprivileged speculative access to data hardware vulnerability which allows unprivileged speculative access to data
available in the Level 1 Data Cache. available in the Level 1 Data Cache.
See <file:Documentation/admin-guide/hw-vuln/l1tf.rst See <file:Documentation/admin-guide/hw-vuln/l1tf.rst
config MITIGATION_RETBLEED
bool "Mitigate RETBleed hardware bug"
depends on (CPU_SUP_INTEL && MITIGATION_SPECTRE_V2) || MITIGATION_UNRET_ENTRY || MITIGATION_IBPB_ENTRY
default y
help
Enable mitigation for RETBleed (Arbitrary Speculative Code Execution
with Return Instructions) vulnerability. RETBleed is a speculative
execution attack which takes advantage of microarchitectural behavior
in many modern microprocessors, similar to Spectre v2. An
unprivileged attacker can use these flaws to bypass conventional
memory security restrictions to gain read access to privileged memory
that would otherwise be inaccessible.
endif endif
config ARCH_HAS_ADD_PAGES config ARCH_HAS_ADD_PAGES
......
...@@ -989,7 +989,7 @@ static const char * const retbleed_strings[] = { ...@@ -989,7 +989,7 @@ static const char * const retbleed_strings[] = {
static enum retbleed_mitigation retbleed_mitigation __ro_after_init = static enum retbleed_mitigation retbleed_mitigation __ro_after_init =
RETBLEED_MITIGATION_NONE; RETBLEED_MITIGATION_NONE;
static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init = static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init =
RETBLEED_CMD_AUTO; IS_ENABLED(CONFIG_MITIGATION_RETBLEED) ? RETBLEED_CMD_AUTO : RETBLEED_CMD_OFF;
static int __ro_after_init retbleed_nosmt = false; static int __ro_after_init retbleed_nosmt = false;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment