Commit 073fdbe0 authored by Pawan Gupta's avatar Pawan Gupta Committed by Dave Hansen
Browse files

x86/bhi: Do not set BHI_DIS_S in 32-bit mode 



With the possibility of intra-mode BHI via cBPF, complete mitigation for
BHI is to use IBHF (history fence) instruction with BHI_DIS_S set. Since
this new instruction is only available in 64-bit mode, setting BHI_DIS_S in
32-bit mode is only a partial mitigation.

Do not set BHI_DIS_S in 32-bit mode so as to avoid reporting misleading
mitigated status. With this change IBHF won't be used in 32-bit mode, also
remove the CONFIG_X86_64 check from emit_spectre_bhb_barrier().

Suggested-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: default avatarAlexandre Chartre <alexandre.chartre@oracle.com>
parent 9f725eec

arch/x86/kernel/cpu/bugs.c

+3 −3
Original line number Diff line number Diff line
@@ -1697,11 +1697,11 @@ static void __init bhi_select_mitigation(void) 
			return;

	}



	/* Mitigate in hardware if supported */

	if (spec_ctrl_bhi_dis())

	if (!IS_ENABLED(CONFIG_X86_64))

		return;



	if (!IS_ENABLED(CONFIG_X86_64))

	/* Mitigate in hardware if supported */

	if (spec_ctrl_bhi_dis())

		return;



	if (bhi_mitigation == BHI_MITIGATION_VMEXIT_ONLY) {

arch/x86/net/bpf_jit_comp.c

+3 −2
Original line number Diff line number Diff line
@@ -1527,8 +1527,7 @@ static int emit_spectre_bhb_barrier(u8 **pprog, u8 *ip, 
	/* Insert IBHF instruction */

	if ((cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_LOOP) &&

	     cpu_feature_enabled(X86_FEATURE_HYPERVISOR)) ||

	    (cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW) &&

	     IS_ENABLED(CONFIG_X86_64))) {

	    cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW)) {

		/*

		 * Add an Indirect Branch History Fence (IBHF). IBHF acts as a

		 * fence preventing branch history from before the fence from
@@ -1538,6 +1537,8 @@ static int emit_spectre_bhb_barrier(u8 **pprog, u8 *ip, 
		 * hardware that doesn't need or support it.  The REP and REX.W

		 * prefixes are required by the microcode, and they also ensure

		 * that the NOP is unlikely to be used in existing code.

		 *

		 * IBHF is not a valid instruction in 32-bit mode.

		 */

		EMIT5(0xF3, 0x48, 0x0F, 0x1E, 0xF8); /* ibhf */

	}