···42424343The possible values in this file are:44444545- - 'Not affected' The processor is not vulnerable4545+ * 'Not affected':46464747- - 'Vulnerable: no microcode' The processor is vulnerable, no4848- microcode extending IBPB functionality4949- to address the vulnerability has been5050- applied.4747+ The processor is not vulnerable51485252- - 'Mitigation: microcode' Extended IBPB functionality microcode5353- patch has been applied. It does not5454- address User->Kernel and Guest->Host5555- transitions protection but it does5656- address User->User and VM->VM attack5757- vectors.4949+ * 'Vulnerable: no microcode':58505959- (spec_rstack_overflow=microcode)5151+ The processor is vulnerable, no microcode extending IBPB5252+ functionality to address the vulnerability has been applied.60536161- - 'Mitigation: safe RET' Software-only mitigation. It complements6262- the extended IBPB microcode patch6363- functionality by addressing User->Kernel 6464- and Guest->Host transitions protection.5454+ * 'Mitigation: microcode':65556666- Selected by default or by6767- spec_rstack_overflow=safe-ret5656+ Extended IBPB functionality microcode patch has been applied. It does5757+ not address User->Kernel and Guest->Host transitions protection but it5858+ does address User->User and VM->VM attack vectors.68596969- - 'Mitigation: IBPB' Similar protection as "safe RET" above7070- but employs an IBPB barrier on privilege7171- domain crossings (User->Kernel,7272- Guest->Host).6060+ Note that User->User mitigation is controlled by how the IBPB aspect in6161+ the Spectre v2 mitigation is selected:73627474- (spec_rstack_overflow=ibpb)6363+ * conditional IBPB:75647676- - 'Mitigation: IBPB on VMEXIT' Mitigation addressing the cloud provider7777- scenario - the Guest->Host transitions7878- only.6565+ where each process can select whether it needs an IBPB issued6666+ around it PR_SPEC_DISABLE/_ENABLE etc, see :doc:`spectre`79678080- (spec_rstack_overflow=ibpb-vmexit)6868+ * strict:6969+7070+ i.e., always on - by supplying spectre_v2_user=on on the kernel7171+ command line7272+7373+ (spec_rstack_overflow=microcode)7474+7575+ * 'Mitigation: safe RET':7676+7777+ Software-only mitigation. It complements the extended IBPB microcode7878+ patch functionality by addressing User->Kernel and Guest->Host7979+ transitions protection.8080+8181+ Selected by default or by spec_rstack_overflow=safe-ret8282+8383+ * 'Mitigation: IBPB':8484+8585+ Similar protection as "safe RET" above but employs an IBPB barrier on8686+ privilege domain crossings (User->Kernel, Guest->Host).8787+8888+ (spec_rstack_overflow=ibpb)8989+9090+ * 'Mitigation: IBPB on VMEXIT':9191+9292+ Mitigation addressing the cloud provider scenario - the Guest->Host9393+ transitions only.9494+9595+ (spec_rstack_overflow=ibpb-vmexit)9696+9797+81988299In order to exploit vulnerability, an attacker needs to:83100
···529529530530#ifdef CONFIG_CPU_SRSO531531/*532532- * GNU ld cannot do XOR so do: (A | B) - (A & B) in order to compute the XOR532532+ * GNU ld cannot do XOR until 2.41.533533+ * https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f6f78318fca803c4907fb8d7f6ded8295f1947b1534534+ *535535+ * LLVM lld cannot do XOR until lld-17.536536+ * https://github.com/llvm/llvm-project/commit/fae96104d4378166cbe5c875ef8ed808a356f3fb537537+ *538538+ * Instead do: (A | B) - (A & B) in order to compute the XOR533539 * of the two function addresses:534540 */535535-. = ASSERT(((srso_untrain_ret_alias | srso_safe_ret_alias) -536536- (srso_untrain_ret_alias & srso_safe_ret_alias)) == ((1 << 2) | (1 << 8) | (1 << 14) | (1 << 20)),541541+. = ASSERT(((ABSOLUTE(srso_untrain_ret_alias) | srso_safe_ret_alias) -542542+ (ABSOLUTE(srso_untrain_ret_alias) & srso_safe_ret_alias)) == ((1 << 2) | (1 << 8) | (1 << 14) | (1 << 20)),537543 "SRSO function pair won't alias");538544#endif539545
-2
arch/x86/kvm/x86.c
···314314315315static struct kmem_cache *x86_emulator_cache;316316317317-extern bool gds_ucode_mitigated(void);318318-319317/*320318 * When called, it means the previous get/set msr reached an invalid msr.321319 * Return true if we want to ignore/silent this failed msr access.