From: Peter Zijlstra <peterz@infradead.org>
To: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Cc: Jonathan Corbet <corbet@lwn.net>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>,
pawan.kumar.gupta@linux.intel.com,
antonio.gomez.iglesias@linux.intel.com,
"H. Peter Anvin" <hpa@zytor.com>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/speculation: Add BHI_DIS support
Date: Thu, 14 Jul 2022 22:04:20 +0200 [thread overview]
Message-ID: <YtB2xJdsOHSJV7Py@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20220714195236.9311-1-daniel.sneddon@linux.intel.com>
On Thu, Jul 14, 2022 at 12:52:35PM -0700, Daniel Sneddon wrote:
> Branch History Injection (BHI) attacks can be mitigated using the
> BHI_DIS_S indirect predictor control bit located in MSR_IA32_SPEC_CTRL
> register. Set BHI_DIS in MSR_IA32_SPC_CTRL to prevent predicted
> targets of indirect branches executed in CPL0, CPL1, or CPL2 from
> being selected based on branch history from branches executed in CPL3.
> Support for this feature is enumerated by CPUID.7.2.EDX[BHI_CTRL] (bit 4).
What actual hardware will have this?
> Users wanting BHI protection can specify spectre_v2=eibrs,bhi_dis to
> enable hardware BHI protections. On platforms where BHI protections
> are not available in the hardware revert to eibrs,retpoline
> mitigations.
AFAICT this doesn't get auto-selected; how bad is performance for this
to not be so?
prev parent reply other threads:[~2022-07-14 20:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 19:52 [PATCH] x86/speculation: Add BHI_DIS support Daniel Sneddon
2022-07-14 19:58 ` Boris Petkov
2022-07-14 20:04 ` Peter Zijlstra [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YtB2xJdsOHSJV7Py@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=antonio.gomez.iglesias@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.