x86/bugs: Fix BHI documentation

Fix up some inaccuracies in the BHI documentation.

Fixes: ec9404e40e ("x86/bhi: Add BHI mitigation knob")
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/8c84f7451bfe0dd08543c6082a383f390d4aa7e2.1712813475.git.jpoimboe@kernel.org
This commit is contained in:
Josh Poimboeuf 2024-04-10 22:40:45 -07:00 committed by Ingo Molnar
parent f337a6a21e
commit dfe648903f
2 changed files with 15 additions and 12 deletions

View File

@ -439,11 +439,11 @@ The possible values in this file are:
- System is protected by retpoline
* - BHI: BHI_DIS_S
- System is protected by BHI_DIS_S
* - BHI: SW loop; KVM SW loop
* - BHI: SW loop, KVM SW loop
- System is protected by software clearing sequence
* - BHI: Syscall hardening
- Syscalls are hardened against BHI
* - BHI: Syscall hardening; KVM: SW loop
* - BHI: Syscall hardening, KVM: SW loop
- System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence
Full mitigation might require a microcode update from the CPU
@ -666,13 +666,14 @@ kernel command line.
of the HW BHI control and the SW BHB clearing sequence.
on
unconditionally enable.
(default) Enable the HW or SW mitigation as
needed.
off
unconditionally disable.
Disable the mitigation.
auto
enable if hardware mitigation
control(BHI_DIS_S) is available, otherwise
enable alternate mitigation in KVM.
Enable the HW mitigation if needed, but
*don't* enable the SW mitigation except for KVM.
The system may be vulnerable.
For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt

View File

@ -3444,6 +3444,7 @@
retbleed=off [X86]
spec_rstack_overflow=off [X86]
spec_store_bypass_disable=off [X86,PPC]
spectre_bhi=off [X86]
spectre_v2_user=off [X86]
srbds=off [X86,INTEL]
ssbd=force-off [ARM64]
@ -6069,11 +6070,12 @@
deployment of the HW BHI control and the SW BHB
clearing sequence.
on - unconditionally enable.
off - unconditionally disable.
auto - (default) enable hardware mitigation
(BHI_DIS_S) if available, otherwise enable
alternate mitigation in KVM.
on - (default) Enable the HW or SW mitigation
as needed.
off - Disable the mitigation.
auto - Enable the HW mitigation if needed, but
*don't* enable the SW mitigation except
for KVM. The system may be vulnerable.
spectre_v2= [X86,EARLY] Control mitigation of Spectre variant 2
(indirect branch speculation) vulnerability.