mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/arch/x86/kernel
History
Pawan Gupta 2bf604dc49 x86/bhi: Mitigate KVM by default 
commit 95a6ccbdc7 upstream.

BHI mitigation mode spectre_bhi=auto does not deploy the software
mitigation by default. In a cloud environment, it is a likely scenario
where userspace is trusted but the guests are not trusted. Deploying
system wide mitigation in such cases is not desirable.

Update the auto mode to unconditionally mitigate against malicious
guests. Deploy the software sequence at VMexit in auto mode also, when
hardware mitigation is not available. Unlike the force =on mode,
software sequence is not deployed at syscalls in auto mode.

Suggested-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-04-10 16:38:24 +02:00
..
acpi ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors 2024-03-26 18:16:51 -04:00
apic x86/cleanups changes for v6.8: 2024-01-08 17:23:32 -08:00
cpu x86/bhi: Mitigate KVM by default 2024-04-10 16:38:24 +02:00
fpu x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD 2024-04-03 15:32:34 +02:00
kprobes kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address 2024-04-03 15:32:34 +02:00
.gitignore
Makefile x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() 2023-10-18 11:11:43 +02:00
alternative.c x86/paravirt: Make BUG_func() usable by non-GPL modules 2024-01-22 15:51:07 +01:00
amd_gart_64.c arch/x86: Fix typos 2024-01-03 11:46:22 +01:00
amd_nb.c X86 core code updates: 2023-10-30 17:37:47 -10:00
aperture_64.c x86/pci: Use PCI_HEADER_TYPE_* instead of literals 2023-12-01 15:00:43 -06:00
apm_32.c x86/asm: Replace magic numbers in GDT descriptors, script-generated change 2023-12-20 10:57:38 +01:00
asm-offsets.c x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL 2023-09-12 16:28:13 -07:00
asm-offsets_32.c
asm-offsets_64.c
audit_64.c x86/audit: Fix -Wmissing-variable-declarations warning for ia32_xyz_class 2023-08-30 10:11:16 +02:00
bootflag.c
callthunks.c x86/paravirt: Switch mixed paravirt/alternative calls to alternatives 2023-12-10 23:33:09 +01:00
cet.c x86/ibt: Convert IBT selftest to asm 2023-08-17 17:07:09 +02:00
cfi.c cfi: Flip headers 2023-12-15 16:25:55 -08:00
check.c
cpuid.c x86/cpuid: make cpuid_class a static const structure 2023-08-05 08:31:41 +02:00
crash.c x86/crash: use SZ_1M macro instead of hardcoded value 2024-01-05 10:45:25 -08:00
crash_core_32.c
crash_core_64.c
crash_dump_32.c
crash_dump_64.c
devicetree.c x86/of: Move the x86_flattree_get_config() call out of x86_dtb_init() 2023-10-02 21:30:09 +02:00
doublefault_32.c x86: Avoid missing-prototype warnings for doublefault code 2023-05-18 11:56:18 -07:00
dumpstack.c x86/show_trace_log_lvl: Ensure stack pointer is aligned, again 2023-05-16 06:31:04 -07:00
dumpstack_32.c
dumpstack_64.c
e820.c x86/e820: Don't reserve SETUP_RNG_SEED in e820 2024-03-01 10:27:20 -08:00
early-quirks.c x86/pci: Use PCI_HEADER_TYPE_* instead of literals 2023-12-01 15:00:43 -06:00
early_printk.c
ebda.c
eisa.c x86/sev: Skip ROM range scans and validation for SEV-SNP guests 2024-04-03 15:32:51 +02:00
espfix_64.c
ftrace.c x86/ftrace: Remove unsued extern declaration ftrace_regs_caller_ret() 2023-07-10 21:38:13 -04:00
ftrace_32.S x86/headers: Replace #include <asm/export.h> with #include <linux/export.h> 2023-10-03 10:38:07 +02:00
ftrace_64.S x86/headers: Replace #include <asm/export.h> with #include <linux/export.h> 2023-10-03 10:38:07 +02:00
head32.c x86/microcode/32: Move early loading after paging enable 2023-10-18 22:15:01 +02:00
head64.c x86/asm: Always set A (accessed) flag in GDT descriptors 2023-12-20 10:57:51 +01:00
head_32.S Major microcode loader restructuring, cleanup and improvements by Thomas 2023-11-04 08:46:37 -10:00
head_64.S x86/cleanups changes for v6.8: 2024-01-08 17:23:32 -08:00
hpet.c RTC for 6.8 2024-01-18 17:25:39 -08:00
hw_breakpoint.c
i8237.c
i8253.c
i8259.c x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility 2023-10-27 20:36:49 +02:00
ibt_selftest.S x86/ibt: Convert IBT selftest to asm 2023-08-17 17:07:09 +02:00
idt.c x86/entry: Convert INT 0x80 emulation to IDTENTRY 2023-12-07 09:51:29 -08:00
io_delay.c
ioport.c
irq.c x86/apic: Nuke ack_APIC_irq() 2023-08-09 11:58:34 -07:00
irq_32.c
irq_64.c
irq_work.c x86/apic: Wrap IPI calls into helper functions 2023-08-09 12:00:55 -07:00
irqflags.S x86/headers: Replace #include <asm/export.h> with #include <linux/export.h> 2023-10-03 10:38:07 +02:00
irqinit.c
itmt.c arch/x86: Remove now superfluous sentinel elem from ctl_table arrays 2023-10-10 15:22:02 -07:00
jailhouse.c x86/apic: Remove the pointless APIC version check 2023-08-09 11:58:19 -07:00
jump_label.c
kdebugfs.c
kexec-bzimage64.c x86/kexec: fix incorrect argument passed to kexec_dprintk() 2023-12-29 12:22:28 -08:00
kgdb.c x86/kgdb: Fix a kerneldoc warning when build with W=1 2023-09-24 11:00:13 +02:00
ksysfs.c
kvm.c x86/kvm: Fix SEV check in sev_map_percpu_data() 2024-01-31 16:21:01 -05:00
kvmclock.c Generic: 2024-01-17 13:03:37 -08:00
ldt.c arch/x86: Fix typos 2024-01-03 11:46:22 +01:00
machine_kexec_32.c
machine_kexec_64.c x86/kexec: fix incorrect end address passed to kernel_ident_mapping_init() 2023-12-29 12:22:29 -08:00
mmconf-fam10h_64.c
module.c x86/paravirt: Switch mixed paravirt/alternative calls to alternatives 2023-12-10 23:33:09 +01:00
mpparse.c Revert "x86/mpparse: Register APIC address only once" 2024-04-10 16:38:23 +02:00
msr.c x86/MSR: make msr_class a static const structure 2023-08-05 08:31:42 +02:00
nmi.c x86/nmi: Fix the inverse "in NMI handler" check 2024-04-03 15:32:07 +02:00
nmi_selftest.c x86/apic: Wrap IPI calls into helper functions 2023-08-09 12:00:55 -07:00
paravirt-spinlocks.c
paravirt.c x86/paravirt: Remove no longer needed paravirt patching code 2023-12-10 23:34:37 +01:00
pci-dma.c x86: always initialize xen-swiotlb when xen-pcifront is enabling 2023-07-31 17:54:27 +02:00
pcspeaker.c
perf_regs.c
platform-quirks.c x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() 2023-05-18 11:56:18 -07:00
pmem.c
probe_roms.c x86/sev: Skip ROM range scans and validation for SEV-SNP guests 2024-04-03 15:32:51 +02:00
process.c arch/x86: Fix typos 2024-01-03 11:46:22 +01:00
process.h
process_32.c x86/resctl: fix scheduler confusion with 'current' 2023-03-08 11:48:11 -08:00
process_64.c x86/shstk: Add ARCH_SHSTK_STATUS 2023-08-02 15:01:51 -07:00
ptrace.c x86: Add PTRACE interface for shadow stack 2023-08-02 15:01:51 -07:00
pvclock.c locking/atomic: treewide: use raw_atomic*_<op>() 2023-06-05 09:57:20 +02:00
quirks.c
reboot.c x86/reboot: Expose VMCS crash hooks if and only if KVM_{INTEL,AMD} is enabled 2023-08-03 15:37:14 -07:00
reboot_fixups_32.c
relocate_kernel_32.S
relocate_kernel_64.S x86,objtool: Split UNWIND_HINT_EMPTY in two 2023-03-23 23:18:58 +01:00
resource.c
rethook.c
rtc.c rtc: Extend timeout for waiting for UIP to clear to 1s 2023-12-17 22:33:55 +01:00
setup.c x86/coco: Require seeding RNG with RDRAND on CoCo systems 2024-04-10 16:38:19 +02:00
setup_percpu.c x86/asm: Add DB flag to 32-bit percpu GDT entry 2023-12-20 10:57:51 +01:00
sev-shared.c x86/sev: Move early startup code into .head.text section 2024-04-10 16:38:23 +02:00
sev.c x86/sev: Move early startup code into .head.text section 2024-04-10 16:38:23 +02:00
sev_verify_cbit.S
shstk.c x86/shstk: Add warning for shadow stack double unmap 2023-09-19 09:18:34 -07:00
signal.c rseq: Split out rseq.h from sched.h 2023-12-27 11:49:56 -05:00
signal_32.c x86/shstk: Add user control-protection fault handler 2023-08-02 15:01:50 -07:00
signal_64.c x86/shstk: Delay signal entry SSP write until after user accesses 2023-11-08 08:55:37 -08:00
smp.c Revert "x86/smp: Put CPUs into INIT on shutdown if possible" 2023-10-15 12:02:02 -07:00
smpboot.c x86/smp: Export symbol cpu_clustergroup_mask() 2023-11-17 10:54:52 +01:00
stacktrace.c
static_call.c x86/static_call: Fix __static_call_fixup() 2023-08-17 13:24:09 +02:00
step.c
sys_ia32.c
sys_x86_64.c x86/mm: Introduce MAP_ABOVE4G 2023-07-11 14:12:19 -07:00
tboot.c
time.c
tls.c
tls.h
topology.c x86/topology: convert to use arch_cpu_is_hotpluggable() 2023-12-06 12:41:49 +09:00
trace.c
trace_clock.c
tracepoint.c
traps.c IOMMU Updates for Linux v6.8 2024-01-18 15:16:57 -08:00
tsc.c x86/tsc: Extend watchdog check exemption to 4-Sockets platform 2023-07-14 15:17:09 -07:00
tsc_msr.c
tsc_sync.c x86/tsc: Defer marking TSC unstable to a worker 2023-10-27 20:36:57 +02:00
umip.c
unwind_frame.c
unwind_guess.c
unwind_orc.c x86/unwind/orc: Remove redundant initialization of 'mid' pointer in __orc_find() 2023-09-21 08:41:23 +02:00
uprobes.c
verify_cpu.S
vm86_32.c
vmlinux.lds.S x86/paravirt: Remove no longer needed paravirt patching code 2023-12-10 23:34:37 +01:00
vsmp_64.c x86/apic: Use u32 for phys_pkg_id() 2023-10-10 14:38:19 +02:00
x86_init.c x86/sev: Skip ROM range scans and validation for SEV-SNP guests 2024-04-03 15:32:51 +02:00