mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/Documentation
History
Pawan Gupta c2b9e03889 x86/bhi: Mitigate KVM by default 
commit 95a6ccbdc7 upstream.

BHI mitigation mode spectre_bhi=auto does not deploy the software
mitigation by default. In a cloud environment, it is a likely scenario
where userspace is trusted but the guests are not trusted. Deploying
system wide mitigation in such cases is not desirable.

Update the auto mode to unconditionally mitigate against malicious
guests. Deploy the software sequence at VMexit in auto mode also, when
hardware mitigation is not available. Unlike the force =on mode,
software sequence is not deployed at syscalls in auto mode.

Suggested-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-04-10 16:19:44 +02:00
..
ABI x86/rfds: Mitigate Register File Data Sampling (RFDS) 2024-04-10 16:18:48 +02:00
PCI pci-v5.15-changes 2021-09-07 19:13:42 -07:00
RCU doc: Update stallwarn.rst with recent changes 2021-07-20 13:36:33 -07:00
accounting sched/psi: report zeroes for CPU full at the system level 2022-06-09 10:22:48 +02:00
admin-guide x86/bhi: Mitigate KVM by default 2024-04-10 16:19:44 +02:00
arm Documentation: arm: marvell: Add 88F6825 model into list 2021-08-24 13:26:32 -06:00
arm64 arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata 2024-02-23 08:55:14 +01:00
block Documentation: block: blk-mq: Fix small typo in multi-queue docs 2021-08-24 13:30:00 -06:00
bpf libbpf: Rename libbpf documentation index file 2021-08-18 08:45:25 -07:00
cdrom docs: cdrom-standard.rst: get rid of uneeded UTF-8 chars 2021-05-11 11:00:17 -06:00
core-api dma-mapping: add dma_opt_mapping_size() 2024-04-10 16:18:47 +02:00
cpu-freq cpufreq: Remove ready() callback 2021-09-02 18:04:17 +02:00
crypto
dev-tools docs/scripts/gdb: add necessary make scripts_gdb step 2023-03-10 09:39:53 +01:00
devicetree dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp 2024-01-05 15:13:34 +01:00
doc-guide docs: doc-guide: avoid using ReST :doc:`foo` markup 2021-06-17 13:24:37 -06:00
driver-api counter: fix docum. build problems after filename change 2023-04-20 12:13:57 +02:00
fault-injection debugfs: fix error when writing negative value to atomic_t debugfs file 2022-12-31 13:14:03 +01:00
fb
features RISC-V Patches for the 5.15 Merge Window, Part 2 2021-09-11 14:29:42 -07:00
filesystems lockd: introduce safe async lock op 2024-04-10 16:19:29 +02:00
firmware-guide Documentation: ACPI: EINJ: Fix obsolete example 2022-08-25 11:40:01 +02:00
firmware_class
fpga fpga: fix spelling mistakes 2021-07-21 19:54:21 -07:00
gpu drm/i915/display: Move DRRS code its own file 2022-03-08 19:12:40 +01:00
hid
hwmon hwmon: (ftsteutates) Fix scaling of measurements 2023-03-10 09:39:21 +01:00
i2c Documentation: i2c: add i2c-sysfs into index 2021-08-10 22:58:32 +02:00
ia64
ide
iio
infiniband
input Input: iforce - add support for Boeder Force Feedback Wheel 2022-09-20 12:39:45 +02:00
isdn
kbuild Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
kernel-hacking docs: futex: Fix kernel-doc references after code split-up preparation 2023-04-26 13:51:53 +02:00
leds Documentation: leds: standartizing LED names 2021-08-20 10:26:24 +02:00
litmus-tests
livepatch
locking Documentation/locking/locktypes: Update migrate_disable() bits. 2021-12-14 10:57:18 +01:00
m68k
maintainer
mhi
mips
misc-devices dw-xdata-pcie: Update outdated info and improve text format 2021-04-14 19:47:28 +02:00
netlabel
networking net: change accept_ra_min_rtr_lft to affect all RA lifetimes 2023-10-19 23:05:35 +02:00
nios2
nvdimm
openrisc
parisc
pcmcia
power Documentation: power: include kernel-doc in Energy Model doc 2021-09-07 21:17:28 +02:00
powerpc powerpc/doc: Fix htmldocs errors 2021-08-27 00:56:34 +10:00
process docs/process/howto: Replace C89 with C11 2023-12-13 18:36:46 +01:00
riscv riscv: Move early dtb mapping into the fixmap region 2023-05-01 08:23:24 +09:00
s390 vfio/mdev: Remove CONFIG_VFIO_MDEV_DEVICE 2021-06-21 15:29:25 -06:00
scheduler This was a reasonably active cycle for documentation; this pull includes: 2021-06-28 16:53:05 -07:00
scsi scsi: core: Fix the scsi_set_resid() documentation 2023-09-19 12:22:50 +02:00
security KEYS: trusted: allow use of kernel RNG for key material 2023-10-19 23:05:33 +02:00
sh
sound ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument 2024-02-23 08:54:46 +01:00
sparc
sphinx docs: Fix the docs build with Sphinx 6.0 2023-01-18 11:48:48 +01:00
sphinx-static
spi spi: pxa2xx: Update documentation to point out that it's outdated 2021-05-18 14:05:36 +01:00
staging
target
timers Documentation: drop optional BOMs 2021-05-10 15:17:34 -06:00
trace tracing/probes: Add symstr type for dynamic events 2023-08-03 10:22:30 +02:00
translations docs/process/howto: Replace C89 with C11 2023-12-13 18:36:46 +01:00
tty/device_drivers serial: 8250: Add proper clock handling for OxSemi PCIe devices 2022-08-17 14:24:23 +02:00
usb docs: usb: fix malformed table 2021-08-05 12:31:51 +02:00
userspace-api Remove DECnet support from kernel 2023-06-21 15:59:15 +02:00
virt KVM: s390: disable migration mode when dirty tracking is disabled 2023-03-10 09:40:01 +01:00
vm Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
w1 w1: fix build warning in w1_ds2438.rst 2021-05-26 09:11:24 +02:00
watchdog
x86 x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key 2024-04-10 16:18:48 +02:00
xtensa
.gitignore
COPYING-logo
Changes
CodingStyle
Kconfig
Makefile docs: Makefile: Use CONFIG_SHELL not SHELL 2021-06-18 11:26:08 -06:00
SubmittingPatches
arch.rst
asm-annotations.rst
atomic_bitops.txt locking/atomic: Make test_and_*_bit() ordered on failure 2022-08-25 11:39:54 +02:00
atomic_t.txt Documentation/atomic_t: Document forward progress expectations 2021-08-04 15:16:47 +02:00
conf.py docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 2022-06-09 10:23:30 +02:00
docutils.conf
dontdiff kbuild: generate Module.symvers only when vmlinux exists 2021-04-25 05:17:02 +09:00
index.rst
logo.gif
memory-barriers.txt
watch_queue.rst