git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
	Mon, 11 Mar 2024 15:57:05 +0000 (08:57 -0700)
committer	Thomas Gleixner <tglx@linutronix.de>
	Mon, 8 Apr 2024 17:27:05 +0000 (19:27 +0200)
commit	ec9404e40e8f36421a2b66ecb76dc2209fe7f3ef
tree	cd708b3c092d7c6809a516cde3f3719c4d8aca06	tree \| snapshot
parent	be482ff9500999f56093738f9219bbabc729d163	commit \| diff

x86/bhi: Add BHI mitigation knob

Branch history clearing software sequences and hardware control
BHI_DIS_S were defined to mitigate Branch History Injection (BHI).

Add cmdline spectre_bhi={on|off|auto} to control BHI mitigation:

auto - Deploy the hardware mitigation BHI_DIS_S, if available.
on   - Deploy the hardware mitigation BHI_DIS_S, if available,
        otherwise deploy the software sequence at syscall entry and
VMexit.
off  - Turn off BHI mitigation.

The default is auto mode which does not deploy the software sequence
mitigation.  This is because of the hardening done in the syscall
dispatch path, which is the likely target of BHI.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>

Documentation/admin-guide/hw-vuln/spectre.rst		diff \| blob \| blame \| history
Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| blame \| history
arch/x86/Kconfig		diff \| blob \| blame \| history
arch/x86/include/asm/cpufeatures.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| blame \| history