From 3e96fdd9ccb6268403d6c4f9a061c4a33e6f6dd2 Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Tue, 17 Dec 2024 11:44:11 +0000
Subject: [PATCH] Enable `kvm.mitigate_smt_rsb=1`

---
 etc/default/grub.d/40_cpu_mitigations.cfg | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index 8236c99..b7984c5 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -134,6 +134,14 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mmio_stale_data=full,nosmt"
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt"
 
+## Cross-Thread Return Address Predictions:
+## Mitigate the vulnerability for certain KVM hypervisor configurations.
+## Currently affects AMD Zen 1-2 CPUs.
+##
+## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/cross-thread-rsb.html
+##
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.mitigate_smt_rsb=1"
+
 ## Speculative Return Stack Overflow (SRSO):
 ## Mitigate the vulnerability by ensureing all RET instructions speculate to a controlled location.
 ## Currently affects AMD Zen 1-4 CPUs.