x86/bhi: Mitigate KVM by default (95a6ccbd) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit 95a6ccbd authored Mar 11, 2024 by

Pawan Gupta Committed by Thomas Gleixner Apr 08, 2024

x86/bhi: Mitigate KVM by default

BHI mitigation mode spectre_bhi=auto does not deploy the software
mitigation by default. In a cloud environment, it is a likely scenario
where userspace is trusted but the guests are not trusted. Deploying
system wide mitigation in such cases is not desirable.

Update the auto mode to unconditionally mitigate against malicious
guests. Deploy the software sequence at VMexit in auto mode also, when
hardware mitigation is not available. Unlike the force =on mode,
software sequence is not deployed at syscalls in auto mode.

Suggested-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>

parent ec9404e4

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit c2b9e038
· Apr 11, 2024

mentioned in commit c2b9e038

mentioned in commit c2b9e038896f01ba4bec87cfc97573b7f1b736d6

Toggle commit list
mirror @mirror
mentioned in commit 43704e99
· Apr 11, 2024

mentioned in commit 43704e99

mentioned in commit 43704e993ae54b8caf821501229dd2534ecb0e56

Toggle commit list
mirror @mirror
mentioned in commit 1c42ff89
· Apr 11, 2024

mentioned in commit 1c42ff89

mentioned in commit 1c42ff893a8fb802dd90ca06af928826fdf0d16b

Toggle commit list
mirror @mirror
mentioned in commit 2bf604dc
· Apr 11, 2024

mentioned in commit 2bf604dc

mentioned in commit 2bf604dc494f9f747eee62e7d46b2c179aa243dc

Toggle commit list

Please register or to comment