Pawan Gupta 43704e993a x86/bhi: Mitigate KVM by default ... commit 95a6ccbdc7 upstream. BHI mitigation mode spectre_bhi=auto does not deploy the software mitigation by default. In a cloud environment, it is a likely scenario where userspace is trusted but the guests are not trusted. Deploying system wide mitigation in such cases is not desirable. Update the auto mode to unconditionally mitigate against malicious guests. Deploy the software sequence at VMexit in auto mode also, when hardware mitigation is not available. Unlike the force =on mode, software sequence is not deployed at syscalls in auto mode. Suggested-by: Alexandre Chartre <alexandre.chartre@oracle.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com> Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2024-04-10 16:28:35 +02:00
..
ABI
accounting
admin-guide
arc
arm
arm64
block
bpf
cdrom
core-api
cpu-freq
crypto
dev-tools
devicetree
doc-guide
driver-api
fault-injection
fb
features
filesystems
firmware-guide
firmware_class
fpga
gpu
hid
hwmon
i2c
ia64
iio
images
infiniband
input
isdn
kbuild
kernel-hacking
leds
litmus-tests
livepatch
locking
loongarch
m68k
maintainer
mhi
mips
misc-devices
mm
netlabel
networking
nios2
nvdimm
openrisc
parisc
PCI
pcmcia
peci
power
powerpc
process
RCU
riscv
rust
s390
scheduler
scsi
security
sh
sound
sparc
sphinx
sphinx-static
spi
staging
target
timers
tools
trace
translations
usb
userspace-api
virt
w1
watchdog
x86
xtensa
.gitignore
arch.rst
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py
docutils.conf
dontdiff
index.rst
Kconfig
Makefile
memory-barriers.txt
SubmittingPatches
subsystem-apis.rst