Public bug reported:
SRU Justification:
[Impact]
Noble upstream stable patchset 2025-10-29 (LP :#210277) included the
following patch from upstream stable branch linux-6.12.y:
* 68d59e9ba3842 ("x86/its: Enable Indirect Target Selection mitigation")
The patch disables ITS mitigation if CONFIG_MITIGATION_RETPOLINE or
CONFIG_MITIGATION_RETHUNK are not available:
+ if (!IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) ||
+ !IS_ENABLED(CONFIG_MITIGATION_RETHUNK)) {
+ pr_err("WARNING: ITS mitigation depends on retpoline and
rethunk support\n");
+ its_mitigation = ITS_MITIGATION_OFF;
+ goto out;
+ }
However, while linux-6.12.y contains the following two commits, Noble
does not:
* aefb2f2e619b6 ("x86/bugs: Rename CONFIG_RETPOLINE =>
CONFIG_MITIGATION_RETPOLINE")
* 0911b8c52c4d6 ("x86/bugs: Rename CONFIG_RETHUNK =>
CONFIG_MITIGATION_RETHUNK")
This discrepancy will cause the runtime check from above to always fail
in Noble, since the config options have not been renamed and therefore
are undefined, even though we have both CONFIG_RETPOLINE and
CONFIG_RETHUNK enabled through annotations. Consequently, ITS mitigation
will not be enabled when it should be.
On affected CPUs this will cause the kernel to warn about missing ITS
mitigation:
[ 0.966659] ITS: WARNING: ITS mitigation depends on retpoline and rethunk
support
[ 0.966851] ITS: Vulnerable
[Fix]
Backport the patches that rename CONFIG_RETPOLINE and CONFIG_RETHUNK to
Noble:
* aefb2f2e619b6 ("x86/bugs: Rename CONFIG_RETPOLINE =>
CONFIG_MITIGATION_RETPOLINE")
* 0911b8c52c4d6 ("x86/bugs: Rename CONFIG_RETHUNK =>
CONFIG_MITIGATION_RETHUNK")
[Test Plan]
Boot on an affected CPU and check that ITS mitigation is enabled as
expected:
[ 3.642521] active return thunk: its_return_thunk
[ 3.643523] ITS: Mitigation: Aligned branch/return thunks
[Where problems could occur]
Any present or future patch that relies on the old naming scheme for the
two options will behave as if the features are unavailable which could
cause critical mitigations to be either less effective or disabled
completely.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Noble)
Importance: Undecided
Assignee: Manuel Diewald (diewald)
Status: In Progress
** Also affects: linux (Ubuntu Noble)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Noble)
Assignee: (unassigned) => Manuel Diewald (diewald)
** Changed in: linux (Ubuntu Noble)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2144730
Title:
ITS mitigation is not enabled on affected CPUs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2144730/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
