From: Ben Hutchings Date: Sat, 23 Jul 2022 14:20:34 +0000 (+0200) Subject: x86/speculation: Make all RETbleed mitigations depend on X86_64 X-Git-Tag: archive/raspbian/5.18.16-1+rpi1^2~28 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=582794738a4798e728e3451372235d5c193f708d;p=linux.git x86/speculation: Make all RETbleed mitigations depend on X86_64 Forwarded: https://lore.kernel.org/lkml/YtwSR3NNsWp1ohfV@decadent.org.uk/T/ The mitigations for RETBleed are currently ineffective on x86_32 since entry_32.S does not use the required macros. However, for an x86_32 target, the kconfig symbols for them are still enabled by default and /sys/devices/system/cpu/vulnerabilities/retbleed will wrongly report that mitigations are in place. Make all of these symbols depend on X86_64, and only enable RETHUNK by default on X86_64. Cc: stable@vger.kernel.org Signed-off-by: Ben Hutchings Gbp-Pq: Topic bugfix/x86 Gbp-Pq: Name x86-speculation-make-all-retbleed-mitigations-depend.patch --- diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index f1f35481985..e68900b1248 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2469,7 +2469,7 @@ config RETPOLINE config RETHUNK bool "Enable return-thunks" depends on RETPOLINE && CC_HAS_RETURN_THUNK - default y + default y if X86_64 help Compile the kernel with the return-thunks compiler option to guard against kernel-to-user data leaks by avoiding return speculation. @@ -2478,21 +2478,21 @@ config RETHUNK config CPU_UNRET_ENTRY bool "Enable UNRET on kernel entry" - depends on CPU_SUP_AMD && RETHUNK + depends on CPU_SUP_AMD && RETHUNK && X86_64 default y help Compile the kernel with support for the retbleed=unret mitigation. config CPU_IBPB_ENTRY bool "Enable IBPB on kernel entry" - depends on CPU_SUP_AMD + depends on CPU_SUP_AMD && X86_64 default y help Compile the kernel with support for the retbleed=ibpb mitigation. config CPU_IBRS_ENTRY bool "Enable IBRS on kernel entry" - depends on CPU_SUP_INTEL + depends on CPU_SUP_INTEL && X86_64 default y help Compile the kernel with support for the spectre_v2=ibrs mitigation.