x86/srso: Fix vulnerability reporting for missing microcode - user/sven/linux.git

diff options

author	Josh Poimboeuf <jpoimboe@kernel.org>	2023-09-04 22:04:52 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-11-20 11:58:52 +0100
commit	0a958abffa5b3d8a2ef9ee8669146ec45f8d1bcf (patch)
tree	d027184a47517430e2c532d6cd89ef009eb8dd57 /scripts
parent	5b66cf0762ca31d17019d592ae5b06576494faff (diff)

x86/srso: Fix vulnerability reporting for missing microcode

[ Upstream commit dc6306ad5b0dda040baf1fde3cfd458e6abfc4da ] The SRSO default safe-ret mitigation is reported as "mitigated" even if microcode hasn't been updated. That's wrong because userspace may still be vulnerable to SRSO attacks due to IBPB not flushing branch type predictions. Report the safe-ret + !microcode case as vulnerable. Also report the microcode-only case as vulnerable as it leaves the kernel open to attacks. Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation") Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Acked-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/a8a14f97d1b0e03ec255c81637afdf4cf0ae9c99.1693889988.git.jpoimboe@kernel.org Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: