x86/speculation: Warn about Spectre v2 LFENCE mitigation (50f090e8) · Commits · Summer2022 / 22b970408

Commit 50f090e8 authored 3 years ago by

Josh Poimboeuf Committed by Yongqiang Liu 3 years ago

x86/speculation: Warn about Spectre v2 LFENCE mitigation

stable inclusion
from stable-v4.19.234
commit 8bfdba77595aee5c3e83ed1c9994c35d6d409605
category: bugfix
bugzilla: 186453, https://gitee.com/src-openeuler/kernel/issues/I50WBM


CVE: CVE-2022-0001

--------------------------------

commit eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678 upstream.

With:

  f8a66d608a3e ("x86,bugs: Unconditionally allow spectre_v2=retpoline,amd")

it became possible to enable the LFENCE "retpoline" on Intel. However,
Intel doesn't recommend it, as it has some weaknesses compared to
retpoline.

Now AMD doesn't recommend it either.

It can still be left available as a cmdline option. It's faster than
retpoline but is weaker in certain scenarios -- particularly SMT, but
even non-SMT may be vulnerable in some cases.

So just unconditionally warn if the user requests it on the cmdline.

  [ bp: Massage commit message. ]

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Chen Jiahao <chenjiahao16@huawei.com>
Reviewed-by: Hanjun Guo <guohanjun@huawei.com>
Reviewed-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>

parent de9842d5

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 5 additions and 0 deletions

Please register or to comment