x86/bugs: Add attack vector controls for spectre_v1

dkaplan2 · bp3tk0v · commit 19a5f3ea4394 · 2025-07-11T17:56:41.000+02:00
Use attack vector controls to determine if spectre_v1 mitigation is required. Signed-off-by: David Kaplan <david.kaplan@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/20250707183316.1349127-12-david.kaplan@amd.com
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
@@ -1144,13 +1144,16 @@ static bool smap_works_speculatively(void)
 
 static void __init spectre_v1_select_mitigation(void)
 {
-	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off())
+	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))
+		spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE;
+
+	if (!should_mitigate_vuln(X86_BUG_SPECTRE_V1))
 		spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE;
 }
 
 static void __init spectre_v1_apply_mitigation(void)
 {
-	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off())
+	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))
 		return;
 
 	if (spectre_v1_mitigation == SPECTRE_V1_MITIGATION_AUTO) {

Original file line number	Diff line number	Diff line change
`@@ -1144,13 +1144,16 @@ static bool smap_works_speculatively(void)`
`1144`	`1144`
`1145`	`1145`	`static void __init spectre_v1_select_mitigation(void)`
`1146`	`1146`	`{`
`1147`		`- if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) \|\| cpu_mitigations_off())`
	`1147`	`+ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))`
	`1148`	`+ spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE;`
	`1149`	`+`
	`1150`	`+ if (!should_mitigate_vuln(X86_BUG_SPECTRE_V1))`
`1148`	`1151`	`spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE;`
`1149`	`1152`	`}`
`1150`	`1153`
`1151`	`1154`	`static void __init spectre_v1_apply_mitigation(void)`
`1152`	`1155`	`{`
`1153`		`- if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) \|\| cpu_mitigations_off())`
	`1156`	`+ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))`
`1154`	`1157`	`return;`
`1155`	`1158`
`1156`	`1159`	`if (spectre_v1_mitigation == SPECTRE_V1_MITIGATION_AUTO) {`