x86/bhi: Add BHI mitigation knob
Branch history clearing software sequences and hardware control
BHI_DIS_S were defined to mitigate Branch History Injection (BHI).
Add cmdline spectre_bhi={on|off|auto} to control BHI mitigation:
auto - Deploy the hardware mitigation BHI_DIS_S, if available.
on - Deploy the hardware mitigation BHI_DIS_S, if available,
otherwise deploy the software sequence at syscall entry and
VMexit.
off - Turn off BHI mitigation.
The default is auto mode which does not deploy the software sequence
mitigation. This is because of the hardening done in the syscall
dispatch path, which is the likely target of BHI.
Signed-off-by: 
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Showing
- Documentation/admin-guide/hw-vuln/spectre.rst 39 additions, 6 deletionsDocumentation/admin-guide/hw-vuln/spectre.rst
- Documentation/admin-guide/kernel-parameters.txt 11 additions, 0 deletionsDocumentation/admin-guide/kernel-parameters.txt
- arch/x86/Kconfig 25 additions, 0 deletionsarch/x86/Kconfig
- arch/x86/include/asm/cpufeatures.h 1 addition, 0 deletionsarch/x86/include/asm/cpufeatures.h
- arch/x86/kernel/cpu/bugs.c 89 additions, 1 deletionarch/x86/kernel/cpu/bugs.c
Loading
Please register or sign in to comment