Commit 5f882f3b authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Ingo Molnar
Browse files

x86/bugs: Clarify that syscall hardening isn't a BHI mitigation 



While syscall hardening helps prevent some BHI attacks, there's still
other low-hanging fruit remaining.  Don't classify it as a mitigation
and make it clear that the system may still be vulnerable if it doesn't
have a HW or SW mitigation enabled.

Fixes: ec9404e4 ("x86/bhi: Add BHI mitigation knob")
Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/b5951dae3fdee7f1520d5136a27be3bdfe95f88b.1712813475.git.jpoimboe@kernel.org
parent 1cea8a28

Documentation/admin-guide/hw-vuln/spectre.rst

+5 −6
Original line number Diff line number Diff line
@@ -441,10 +441,10 @@ The possible values in this file are: 
   - System is protected by BHI_DIS_S

 * - BHI: SW loop, KVM SW loop

   - System is protected by software clearing sequence

 * - BHI: Syscall hardening

   - Syscalls are hardened against BHI

 * - BHI: Syscall hardening, KVM: SW loop

   - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence

 * - BHI: Vulnerable

   - System is vulnerable to BHI

 * - BHI: Vulnerable, KVM: SW loop

   - System is vulnerable; KVM is protected by software clearing sequence



Full mitigation might require a microcode update from the CPU

vendor. When the necessary microcode is not available, the kernel will
@@ -661,8 +661,7 @@ kernel command line. 
	spectre_bhi=



		[X86] Control mitigation of Branch History Injection

		(BHI) vulnerability. Syscalls are hardened against BHI

		regardless of this setting. This setting affects the deployment

		(BHI) vulnerability.  This setting affects the deployment

		of the HW BHI control and the SW BHB clearing sequence.



		on

Documentation/admin-guide/kernel-parameters.txt

+1 −2
Original line number Diff line number Diff line
@@ -6065,8 +6065,7 @@ 
			See Documentation/admin-guide/laptops/sonypi.rst



	spectre_bhi=	[X86] Control mitigation of Branch History Injection

			(BHI) vulnerability. Syscalls are hardened against BHI

			reglardless of this setting. This setting affects the

			(BHI) vulnerability.  This setting affects the

			deployment of the HW BHI control and the SW BHB

			clearing sequence.

arch/x86/kernel/cpu/bugs.c

+3 −3
Original line number Diff line number Diff line
@@ -2819,9 +2819,9 @@ static const char *spectre_bhi_state(void) 
	else if (boot_cpu_has(X86_FEATURE_RETPOLINE) && rrsba_disabled)

		return "; BHI: Retpoline";

	else if (boot_cpu_has(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT))

		return "; BHI: Syscall hardening, KVM: SW loop";

		return "; BHI: Vulnerable, KVM: SW loop";



	return "; BHI: Vulnerable (Syscall hardening enabled)";

	return "; BHI: Vulnerable";

}



static ssize_t spectre_v2_show_state(char *buf)