From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Josh Poimboeuf <jpoimboe@kernel.org>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Alexandre Chartre <alexandre.chartre@oracle.com>
Subject: [PATCH 5.15 54/54] x86/bhi: Do not set BHI_DIS_S in 32-bit mode
Date: Mon, 12 May 2025 19:30:06 +0200 [thread overview]
Message-ID: <20250512172017.818291107@linuxfoundation.org> (raw)
In-Reply-To: <20250512172015.643809034@linuxfoundation.org>
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit 073fdbe02c69c43fb7c0d547ec265c7747d4a646 upstream.
With the possibility of intra-mode BHI via cBPF, complete mitigation for
BHI is to use IBHF (history fence) instruction with BHI_DIS_S set. Since
this new instruction is only available in 64-bit mode, setting BHI_DIS_S in
32-bit mode is only a partial mitigation.
Do not set BHI_DIS_S in 32-bit mode so as to avoid reporting misleading
mitigated status. With this change IBHF won't be used in 32-bit mode, also
remove the CONFIG_X86_64 check from emit_spectre_bhb_barrier().
Suggested-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/bugs.c | 5 +++--
arch/x86/net/bpf_jit_comp.c | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1656,10 +1656,11 @@ static void __init bhi_select_mitigation
return;
}
- if (spec_ctrl_bhi_dis())
+ if (!IS_ENABLED(CONFIG_X86_64))
return;
- if (!IS_ENABLED(CONFIG_X86_64))
+ /* Mitigate in hardware if supported */
+ if (spec_ctrl_bhi_dis())
return;
/* Mitigate KVM by default */
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -956,8 +956,7 @@ static int emit_spectre_bhb_barrier(u8 *
/* Insert IBHF instruction */
if ((cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_LOOP) &&
cpu_feature_enabled(X86_FEATURE_HYPERVISOR)) ||
- (cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW) &&
- IS_ENABLED(CONFIG_X86_64))) {
+ cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW)) {
/*
* Add an Indirect Branch History Fence (IBHF). IBHF acts as a
* fence preventing branch history from before the fence from
@@ -967,6 +966,8 @@ static int emit_spectre_bhb_barrier(u8 *
* hardware that doesn't need or support it. The REP and REX.W
* prefixes are required by the microcode, and they also ensure
* that the NOP is unlikely to be used in existing code.
+ *
+ * IBHF is not a valid instruction in 32-bit mode.
*/
EMIT5(0xF3, 0x48, 0x0F, 0x1E, 0xF8); /* ibhf */
}
next prev parent reply other threads:[~2025-05-12 17:32 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-12 17:29 [PATCH 5.15 00/54] 5.15.183-rc1 review Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 01/54] can: mcan: m_can_class_unregister(): fix order of unregistration calls Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 02/54] can: mcp251xfd: mcp251xfd_remove(): " Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 03/54] openvswitch: Fix unsafe attribute parsing in output_userspace() Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 04/54] gre: Fix again IPv6 link-local address generation Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 05/54] can: gw: use call_rcu() instead of costly synchronize_rcu() Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 06/54] rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep() Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 07/54] can: gw: fix RCU/BH usage in cgw_create_job() Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 08/54] netfilter: ipset: fix region locking in hash types Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 09/54] net: dsa: b53: allow leaky reserved multicast Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 10/54] net: dsa: b53: fix clearing PVID of a port Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 11/54] net: dsa: b53: fix flushing old pvid VLAN on pvid change Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 12/54] net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 13/54] net: dsa: b53: always rejoin default untagged VLAN " Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 14/54] net: dsa: b53: fix learning on VLAN unaware bridges Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 15/54] Input: synaptics - enable InterTouch on Dynabook Portege X30-D Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 16/54] Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 17/54] Input: synaptics - enable InterTouch on Dell Precision M3800 Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 18/54] Input: synaptics - enable SMBus for HP Elitebook 850 G1 Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 19/54] Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 20/54] staging: iio: adc: ad7816: Correct conditional logic for store mode Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 21/54] staging: axis-fifo: Remove hardware resets for user errors Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 22/54] staging: axis-fifo: Correct handling of tx_fifo_depth for size validation Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 23/54] x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 24/54] iio: adc: ad7606: fix serial register access Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 25/54] iio: adis16201: Correct inclinometer channel resolution Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 26/54] iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 27/54] iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 28/54] drm/amd/display: Fix wrong handling for AUX_DEFER case Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 29/54] usb: uhci-platform: Make the clock really optional Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 30/54] xenbus: Use kref to track req lifetime Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 31/54] module: ensure that kobject_put() is safe for module type kobjects Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 32/54] ocfs2: switch osb->disable_recovery to enum Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 33/54] ocfs2: implement handshaking with ocfs2 recovery thread Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 34/54] ocfs2: stop quota recovery before disabling quotas Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 35/54] usb: cdnsp: Fix issue with resuming from L1 Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 36/54] usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 37/54] usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 38/54] usb: host: tegra: Prevent host controller crash when OTG port is used Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 39/54] usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 40/54] usb: typec: ucsi: displayport: Fix NULL pointer access Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 41/54] USB: usbtmc: use interruptible sleep in usbtmc_read Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 42/54] usb: usbtmc: Fix erroneous get_stb ioctl error returns Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 43/54] usb: usbtmc: Fix erroneous wait_srq ioctl return Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 44/54] usb: usbtmc: Fix erroneous generic_read " Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 45/54] types: Complement the aligned types with signed 64-bit one Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 46/54] iio: adc: dln2: Use aligned_s64 for timestamp Greg Kroah-Hartman
2025-05-12 17:29 ` [PATCH 5.15 47/54] MIPS: Fix MAX_REG_OFFSET Greg Kroah-Hartman
2025-05-12 17:30 ` [PATCH 5.15 48/54] drm/panel: simple: Update timings for AUO G101EVN010 Greg Kroah-Hartman
2025-05-12 17:30 ` [PATCH 5.15 49/54] nvme: unblock ctrl state transition for firmware update Greg Kroah-Hartman
2025-05-12 17:30 ` [PATCH 5.15 50/54] do_umount(): add missing barrier before refcount checks in sync case Greg Kroah-Hartman
2025-05-12 17:30 ` [PATCH 5.15 51/54] Revert "net: phy: microchip: force IRQ polling mode for lan88xx" Greg Kroah-Hartman
2025-05-12 17:30 ` [PATCH 5.15 52/54] x86/bpf: Call branch history clearing sequence on exit Greg Kroah-Hartman
2025-05-12 17:30 ` [PATCH 5.15 53/54] x86/bpf: Add IBHF call at end of classic BPF Greg Kroah-Hartman
2025-05-12 17:30 ` Greg Kroah-Hartman [this message]
2025-05-12 20:56 ` [PATCH 5.15 00/54] 5.15.183-rc1 review Jon Hunter
2025-05-13 9:29 ` Florian Fainelli
2025-05-13 9:48 ` Mark Brown
2025-05-13 10:14 ` Ron Economos
2025-05-13 16:17 ` Naresh Kamboju
2025-05-13 17:33 ` Shuah Khan
2025-05-14 5:23 ` Vijayendra Suman
2025-05-14 17:14 ` Hardik Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250512172017.818291107@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexandre.chartre@oracle.com \
--cc=dave.hansen@linux.intel.com \
--cc=jpoimboe@kernel.org \
--cc=patches@lists.linux.dev \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox