Skip to content

Commit 39053a3

Browse files
jpoimboegregkh
authored andcommitted
x86/bugs: Fix BHI documentation
commit dfe6489 upstream. Fix up some inaccuracies in the BHI documentation. Fixes: ec9404e ("x86/bhi: Add BHI mitigation knob") Signed-off-by: Josh Poimboeuf <[email protected]> Signed-off-by: Ingo Molnar <[email protected]> Reviewed-by: Nikolay Borisov <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Sean Christopherson <[email protected]> Link: https://lore.kernel.org/r/8c84f7451bfe0dd08543c6082a383f390d4aa7e2.1712813475.git.jpoimboe@kernel.org Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent 2d00390 commit 39053a3

File tree

2 files changed

+15
-12
lines changed

2 files changed

+15
-12
lines changed

Documentation/admin-guide/hw-vuln/spectre.rst

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -439,11 +439,11 @@ The possible values in this file are:
439439
- System is protected by retpoline
440440
* - BHI: BHI_DIS_S
441441
- System is protected by BHI_DIS_S
442-
* - BHI: SW loop; KVM SW loop
442+
* - BHI: SW loop, KVM SW loop
443443
- System is protected by software clearing sequence
444444
* - BHI: Syscall hardening
445445
- Syscalls are hardened against BHI
446-
* - BHI: Syscall hardening; KVM: SW loop
446+
* - BHI: Syscall hardening, KVM: SW loop
447447
- System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence
448448

449449
Full mitigation might require a microcode update from the CPU
@@ -666,13 +666,14 @@ kernel command line.
666666
of the HW BHI control and the SW BHB clearing sequence.
667667

668668
on
669-
unconditionally enable.
669+
(default) Enable the HW or SW mitigation as
670+
needed.
670671
off
671-
unconditionally disable.
672+
Disable the mitigation.
672673
auto
673-
enable if hardware mitigation
674-
control(BHI_DIS_S) is available, otherwise
675-
enable alternate mitigation in KVM.
674+
Enable the HW mitigation if needed, but
675+
*don't* enable the SW mitigation except for KVM.
676+
The system may be vulnerable.
676677

677678
For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt
678679

Documentation/admin-guide/kernel-parameters.txt

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3343,6 +3343,7 @@
33433343
reg_file_data_sampling=off [X86]
33443344
retbleed=off [X86]
33453345
spec_store_bypass_disable=off [X86,PPC]
3346+
spectre_bhi=off [X86]
33463347
spectre_v2_user=off [X86]
33473348
srbds=off [X86,INTEL]
33483349
ssbd=force-off [ARM64]
@@ -5926,11 +5927,12 @@
59265927
deployment of the HW BHI control and the SW BHB
59275928
clearing sequence.
59285929

5929-
on - unconditionally enable.
5930-
off - unconditionally disable.
5931-
auto - (default) enable hardware mitigation
5932-
(BHI_DIS_S) if available, otherwise enable
5933-
alternate mitigation in KVM.
5930+
on - (default) Enable the HW or SW mitigation
5931+
as needed.
5932+
off - Disable the mitigation.
5933+
auto - Enable the HW mitigation if needed, but
5934+
*don't* enable the SW mitigation except
5935+
for KVM. The system may be vulnerable.
59345936

59355937
spectre_v2= [X86] Control mitigation of Spectre variant 2
59365938
(indirect branch speculation) vulnerability.

0 commit comments

Comments
 (0)