git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

x86/speculation/srbds: Update SRBDS mitigation selection

commit 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19 upstream

Currently, Linux disables SRBDS mitigation on CPUs not affected by
MDS and have the TSX feature disabled. On such CPUs, secrets cannot
be extracted from CPU fill buffers using MDS or TAA. Without SRBDS
mitigation, Processor MMIO Stale Data vulnerabilities can be used to
extract RDRAND, RDSEED, and EGETKEY data.

Do not disable SRBDS mitigation by default when CPU is also affected by
Processor MMIO Stale Data vulnerabilities.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2022-21166
CVE-2022-21123
CVE-2022-21125
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
	Fri, 20 May 2022 03:33:13 +0000 (20:33 -0700)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Thu, 9 Jun 2022 14:21:07 +0000 (11:21 -0300)
commit	ee855cd4e7556034a903fa45e3b1a701569a2f72
tree	2f608d00024c3846a930b9c27052e5243edc73ee	tree
parent	01489569a3dc9b05fff3120dffd622d7886904a6	commit \| diff