Commit dfe64890 authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Ingo Molnar
Browse files

x86/bugs: Fix BHI documentation 



Fix up some inaccuracies in the BHI documentation.

Fixes: ec9404e4 ("x86/bhi: Add BHI mitigation knob")
Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
Reviewed-by: default avatarNikolay Borisov <nik.borisov@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/8c84f7451bfe0dd08543c6082a383f390d4aa7e2.1712813475.git.jpoimboe@kernel.org
parent f337a6a2

Documentation/admin-guide/hw-vuln/spectre.rst

+8 −7
Original line number Diff line number Diff line
@@ -439,11 +439,11 @@ The possible values in this file are: 
   - System is protected by retpoline

 * - BHI: BHI_DIS_S

   - System is protected by BHI_DIS_S

 * - BHI: SW loop; KVM SW loop

 * - BHI: SW loop, KVM SW loop

   - System is protected by software clearing sequence

 * - BHI: Syscall hardening

   - Syscalls are hardened against BHI

 * - BHI: Syscall hardening; KVM: SW loop

 * - BHI: Syscall hardening, KVM: SW loop

   - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence



Full mitigation might require a microcode update from the CPU
@@ -666,13 +666,14 @@ kernel command line. 
		of the HW BHI control and the SW BHB clearing sequence.



		on

			unconditionally enable.

			(default) Enable the HW or SW mitigation as

			needed.

		off

			unconditionally disable.

			Disable the mitigation.

		auto

			enable if hardware mitigation

			control(BHI_DIS_S) is available, otherwise

			enable alternate mitigation in KVM.

			Enable the HW mitigation if needed, but

			*don't* enable the SW mitigation except for KVM.

			The system may be vulnerable.



For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt

Documentation/admin-guide/kernel-parameters.txt

+7 −5
Original line number Diff line number Diff line
@@ -3444,6 +3444,7 @@ 
					       retbleed=off [X86]

					       spec_rstack_overflow=off [X86]

					       spec_store_bypass_disable=off [X86,PPC]

					       spectre_bhi=off [X86]

					       spectre_v2_user=off [X86]

					       srbds=off [X86,INTEL]

					       ssbd=force-off [ARM64]
@@ -6069,11 +6070,12 @@ 
			deployment of the HW BHI control and the SW BHB

			clearing sequence.



			on   - unconditionally enable.

			off  - unconditionally disable.

			auto - (default) enable hardware mitigation

			       (BHI_DIS_S) if available, otherwise enable

			       alternate mitigation in KVM.

			on   - (default) Enable the HW or SW mitigation

			       as needed.

			off  - Disable the mitigation.

			auto - Enable the HW mitigation if needed, but

			       *don't* enable the SW mitigation except

			       for KVM.  The system may be vulnerable.



	spectre_v2=	[X86,EARLY] Control mitigation of Spectre variant 2

			(indirect branch speculation) vulnerability.