x86/bugs: Fix BHI documentation

PlaidCat · PlaidCat · commit a399925388fc · 2024-11-01T14:16:18.000-04:00
jira LE-2015 cve CVE-2024-2201 Rebuild_History Non-Buildable kernel-5.14.0-427.42.1.el9_4 commit-author Josh Poimboeuf <jpoimboe@kernel.org> commit dfe6489 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-5.14.0-427.42.1.el9_4/dfe64890.failed Fix up some inaccuracies in the BHI documentation. Fixes: ec9404e ("x86/bhi: Add BHI mitigation knob") Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Nikolay Borisov <nik.borisov@suse.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Sean Christopherson <seanjc@google.com> Link: https://lore.kernel.org/r/8c84f7451bfe0dd08543c6082a383f390d4aa7e2.1712813475.git.jpoimboe@kernel.org (cherry picked from commit dfe6489) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # Documentation/admin-guide/hw-vuln/spectre.rst # Documentation/admin-guide/kernel-parameters.txt
diff --git a/ciq/ciq_backports/kernel-5.14.0-427.42.1.el9_4/dfe64890.failed b/ciq/ciq_backports/kernel-5.14.0-427.42.1.el9_4/dfe64890.failed
@@ -0,0 +1,115 @@
+x86/bugs: Fix BHI documentation
+
+jira LE-2015
+cve CVE-2024-2201
+Rebuild_History Non-Buildable kernel-5.14.0-427.42.1.el9_4
+commit-author Josh Poimboeuf <jpoimboe@kernel.org>
+commit dfe648903f42296866d79f10d03f8c85c9dfba30
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-5.14.0-427.42.1.el9_4/dfe64890.failed
+
+Fix up some inaccuracies in the BHI documentation.
+
+Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob")
+	Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
+	Signed-off-by: Ingo Molnar <mingo@kernel.org>
+	Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
+	Cc: Linus Torvalds <torvalds@linux-foundation.org>
+	Cc: Sean Christopherson <seanjc@google.com>
+Link: https://lore.kernel.org/r/8c84f7451bfe0dd08543c6082a383f390d4aa7e2.1712813475.git.jpoimboe@kernel.org
+(cherry picked from commit dfe648903f42296866d79f10d03f8c85c9dfba30)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	Documentation/admin-guide/hw-vuln/spectre.rst
+#	Documentation/admin-guide/kernel-parameters.txt
+diff --cc Documentation/admin-guide/hw-vuln/spectre.rst
+index 166facdabe9f,3cf18e4a1d9a..000000000000
+--- a/Documentation/admin-guide/hw-vuln/spectre.rst
++++ b/Documentation/admin-guide/hw-vuln/spectre.rst
+@@@ -430,6 -429,23 +430,26 @@@ The possible values in this file are
+    'PBRSB-eIBRS: Not affected'  CPU is not affected by PBRSB
+    ===========================  =======================================================
+  
+++<<<<<<< HEAD
+++=======
++   - Branch History Injection (BHI) protection status:
++ 
++ .. list-table::
++ 
++  * - BHI: Not affected
++    - System is not affected
++  * - BHI: Retpoline
++    - System is protected by retpoline
++  * - BHI: BHI_DIS_S
++    - System is protected by BHI_DIS_S
++  * - BHI: SW loop, KVM SW loop
++    - System is protected by software clearing sequence
++  * - BHI: Syscall hardening
++    - Syscalls are hardened against BHI
++  * - BHI: Syscall hardening, KVM: SW loop
++    - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence
++ 
+++>>>>>>> dfe648903f42 (x86/bugs: Fix BHI documentation)
+  Full mitigation might require a microcode update from the CPU
+  vendor. When the necessary microcode is not available, the kernel will
+  report vulnerability.
+@@@ -638,6 -658,23 +658,26 @@@ kernel command line
+  		spectre_v2=off. Spectre variant 1 mitigations
+  		cannot be disabled.
+  
+++<<<<<<< HEAD
+++=======
++ 	spectre_bhi=
++ 
++ 		[X86] Control mitigation of Branch History Injection
++ 		(BHI) vulnerability. Syscalls are hardened against BHI
++ 		regardless of this setting. This setting affects the deployment
++ 		of the HW BHI control and the SW BHB clearing sequence.
++ 
++ 		on
++ 			(default) Enable the HW or SW mitigation as
++ 			needed.
++ 		off
++ 			Disable the mitigation.
++ 		auto
++ 			Enable the HW mitigation if needed, but
++ 			*don't* enable the SW mitigation except for KVM.
++ 			The system may be vulnerable.
++ 
+++>>>>>>> dfe648903f42 (x86/bugs: Fix BHI documentation)
+  For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt
+  
+  Mitigation selection guide
+diff --cc Documentation/admin-guide/kernel-parameters.txt
+index f74f25f00a14,a029ad6c4963..000000000000
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@@ -5722,7 -6064,20 +5723,24 @@@
+  	sonypi.*=	[HW] Sony Programmable I/O Control Device driver
+  			See Documentation/admin-guide/laptops/sonypi.rst
+  
+++<<<<<<< HEAD
+ +	spectre_v2=	[X86] Control mitigation of Spectre variant 2
+++=======
++ 	spectre_bhi=	[X86] Control mitigation of Branch History Injection
++ 			(BHI) vulnerability. Syscalls are hardened against BHI
++ 			reglardless of this setting. This setting affects the
++ 			deployment of the HW BHI control and the SW BHB
++ 			clearing sequence.
++ 
++ 			on   - (default) Enable the HW or SW mitigation
++ 			       as needed.
++ 			off  - Disable the mitigation.
++ 			auto - Enable the HW mitigation if needed, but
++ 			       *don't* enable the SW mitigation except
++ 			       for KVM.  The system may be vulnerable.
++ 
++ 	spectre_v2=	[X86,EARLY] Control mitigation of Spectre variant 2
+++>>>>>>> dfe648903f42 (x86/bugs: Fix BHI documentation)
+  			(indirect branch speculation) vulnerability.
+  			The default operation protects the kernel from
+  			user space attacks.
+* Unmerged path Documentation/admin-guide/hw-vuln/spectre.rst
+* Unmerged path Documentation/admin-guide/kernel-parameters.txt
