x86/bhi: Do not set BHI_DIS_S in 32-bit mode

commit 073fdbe02c69c43fb7c0d547ec265c7747d4a646 upstream.

With the possibility of intra-mode BHI via cBPF, complete mitigation for
BHI is to use IBHF (history fence) instruction with BHI_DIS_S set. Since
this new instruction is only available in 64-bit mode, setting BHI_DIS_S in
32-bit mode is only a partial mitigation.

Do not set BHI_DIS_S in 32-bit mode so as to avoid reporting misleading
mitigated status. With this change IBHF won't be used in 32-bit mode, also
remove the CONFIG_X86_64 check from emit_spectre_bhb_barrier().

Suggested-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 75cd45f2338dccb9708d07af58173d0be41c9e6e..c10d93d2773b4ba4b89f59c5a49e5012058dcc71 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1656,10 +1656,11 @@ static void __init bhi_select_mitigation(void)
                        return;
        }
 
-       if (spec_ctrl_bhi_dis())
+       if (!IS_ENABLED(CONFIG_X86_64))
                return;
 
-       if (!IS_ENABLED(CONFIG_X86_64))
+       /* Mitigate in hardware if supported */
+       if (spec_ctrl_bhi_dis())
                return;
 
        /* Mitigate KVM by default */

diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index ac7b0bbede9f4c21494a1c26e95fa99234ae76d3..f62ebeee8b14efccb7048b7297232ee25c05e2ce 100644 (file)
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -956,8 +956,7 @@ static int emit_spectre_bhb_barrier(u8 **pprog, u8 *ip,
        /* Insert IBHF instruction */
        if ((cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_LOOP) &&
             cpu_feature_enabled(X86_FEATURE_HYPERVISOR)) ||
-           (cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW) &&
-            IS_ENABLED(CONFIG_X86_64))) {
+           cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW)) {
                /*
                 * Add an Indirect Branch History Fence (IBHF). IBHF acts as a
                 * fence preventing branch history from before the fence from
@@ -967,6 +966,8 @@ static int emit_spectre_bhb_barrier(u8 **pprog, u8 *ip,
                 * hardware that doesn't need or support it.  The REP and REX.W
                 * prefixes are required by the microcode, and they also ensure
                 * that the NOP is unlikely to be used in existing code.
+                *
+                * IBHF is not a valid instruction in 32-bit mode.
                 */
                EMIT5(0xF3, 0x48, 0x0F, 0x1E, 0xF8); /* ibhf */
        }