Commit 42d1c023 authored by Pawan Gupta's avatar Pawan Gupta Committed by Yongqiang Liu
Browse files

x86/speculation/srbds: Update SRBDS mitigation selection 

stable inclusion
from stable-v4.19.248
commit 3ecb6dbad25b448ed8240f0ec2c7a8ff5155b7ea
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5D5RS


CVE: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166

--------------------------------

commit 22cac9c6 upstream

Currently, Linux disables SRBDS mitigation on CPUs not affected by
MDS and have the TSX feature disabled. On such CPUs, secrets cannot
be extracted from CPU fill buffers using MDS or TAA. Without SRBDS
mitigation, Processor MMIO Stale Data vulnerabilities can be used to
extract RDRAND, RDSEED, and EGETKEY data.

Do not disable SRBDS mitigation by default when CPU is also affected by
Processor MMIO Stale Data vulnerabilities.

Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarYipeng Zou <zouyipeng@huawei.com>
Reviewed-by: default avatarZhang Jianhua <chris.zjh@huawei.com>
Reviewed-by: default avatarLiao Chang <liaochang1@huawei.com>
Signed-off-by: default avatarYongqiang Liu <liuyongqiang13@huawei.com>
parent 602cbd94
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment