x86/bhi: Enumerate Branch History Injection (BHI) bug (be482ff9) · Commits · git / linux-net

arch/x86/include/asm/cpufeatures.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -517,4 +517,5 @@
		#define X86_BUG_SRSO X86_BUG(132 + 0) / AMD SRSO bug */
		#define X86_BUG_DIV0 X86_BUG(132 + 1) / AMD DIV0 speculation bug */
		#define X86_BUG_RFDS X86_BUG(132 + 2) / CPU is vulnerable to Register File Data Sampling */
		#define X86_BUG_BHI X86_BUG(132 + 3) / CPU is affected by Branch History Injection */
		#endif /* _ASM_X86_CPUFEATURES_H */

arch/x86/include/asm/msr-index.h

+4 −0

Original line number	Diff line number	Diff line
		@@ -166,6 +166,10 @@
		* are restricted to targets in
		* kernel.
		*/
		#define ARCH_CAP_BHI_NO BIT(20) /*
		* CPU is not affected by Branch
		* History Injection.
		*/
		#define ARCH_CAP_PBRSB_NO BIT(24) /*
		* Not susceptible to Post-Barrier
		* Return Stack Buffer Predictions.

arch/x86/kernel/cpu/common.c

+16 −8

Original line number	Diff line number	Diff line
		@@ -1120,6 +1120,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
		#define NO_SPECTRE_V2 BIT(8)
		#define NO_MMIO BIT(9)
		#define NO_EIBRS_PBRSB BIT(10)
		#define NO_BHI BIT(11)

		#define VULNWL(vendor, family, model, whitelist) \
		X86_MATCH_VENDOR_FAM_MODEL(vendor, family, model, whitelist)
		@@ -1182,18 +1183,18 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
		VULNWL_INTEL(ATOM_TREMONT_D, NO_ITLB_MULTIHIT \| NO_EIBRS_PBRSB),

		/* AMD Family 0xf - 0x12 */
		VULNWL_AMD(0x0f, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO),
		VULNWL_AMD(0x10, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO),
		VULNWL_AMD(0x11, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO),
		VULNWL_AMD(0x12, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO),
		VULNWL_AMD(0x0f, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_BHI),
		VULNWL_AMD(0x10, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_BHI),
		VULNWL_AMD(0x11, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_BHI),
		VULNWL_AMD(0x12, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_BHI),

		/* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
		VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_EIBRS_PBRSB),
		VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_EIBRS_PBRSB),
		VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_EIBRS_PBRSB \| NO_BHI),
		VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_EIBRS_PBRSB \| NO_BHI),

		/* Zhaoxin Family 7 */
		VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 \| NO_SWAPGS \| NO_MMIO),
		VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2 \| NO_SWAPGS \| NO_MMIO),
		VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 \| NO_SWAPGS \| NO_MMIO \| NO_BHI),
		VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2 \| NO_SWAPGS \| NO_MMIO \| NO_BHI),
		{}
		};

		@@ -1435,6 +1436,13 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
		if (vulnerable_to_rfds(ia32_cap))
		setup_force_cpu_bug(X86_BUG_RFDS);

		/* When virtualized, eIBRS could be hidden, assume vulnerable */
		if (!(ia32_cap & ARCH_CAP_BHI_NO) &&
		!cpu_matches(cpu_vuln_whitelist, NO_BHI) &&
		(boot_cpu_has(X86_FEATURE_IBRS_ENHANCED) \|\|
		boot_cpu_has(X86_FEATURE_HYPERVISOR)))
		setup_force_cpu_bug(X86_BUG_BHI);

		if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN))
		return;