OpenCloudOS-Kernel/Documentation
Pawan Gupta 1c42ff893a x86/bhi: Mitigate KVM by default
commit 95a6ccbdc7199a14b71ad8901cb788ba7fb5167b upstream.

BHI mitigation mode spectre_bhi=auto does not deploy the software
mitigation by default. In a cloud environment, it is a likely scenario
where userspace is trusted but the guests are not trusted. Deploying
system wide mitigation in such cases is not desirable.

Update the auto mode to unconditionally mitigate against malicious
guests. Deploy the software sequence at VMexit in auto mode also, when
hardware mitigation is not available. Unlike the force =on mode,
software sequence is not deployed at syscalls in auto mode.

Suggested-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-10 16:36:08 +02:00
..
ABI x86/rfds: Mitigate Register File Data Sampling (RFDS) 2024-03-15 10:48:22 -04:00
PCI Merge branch 'pci/misc' 2023-08-29 11:03:57 -05:00
RCU Docs/RCU/rculist_nulls: Fix text about atomic_set_release() 2023-07-14 14:55:57 -07:00
accel
accounting docs: psi: use correct config name 2023-07-31 09:54:17 -06:00
admin-guide x86/bhi: Mitigate KVM by default 2024-04-10 16:36:08 +02:00
arch x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT 2024-04-03 15:28:50 +02:00
block Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
bpf Including fixes from netfilter and bpf. 2023-09-07 18:33:07 -07:00
cdrom
core-api workqueue: doc: Fix function and sysfs path errors 2023-10-12 07:27:22 -10:00
cpu-freq
crypto
dev-tools LoongArch changes for v6.6 2023-09-08 12:16:52 -07:00
devicetree dt-bindings: msm: qcom, mdss: Include ommited fam-b compatible 2024-03-26 18:19:47 -04:00
doc-guide Documentation: doc-guide: use '%' constant indicator in Return: examples 2023-07-14 13:16:59 -06:00
driver-api PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() 2024-01-25 15:35:47 -08:00
fault-injection Documentation: Fix typos 2023-08-18 11:29:03 -06:00
fb Documentation: Fix typos 2023-08-18 11:29:03 -06:00
features LoongArch changes for v6.6 2023-09-08 12:16:52 -07:00
filesystems ovl: add support for appending lowerdirs one by one 2024-03-26 18:19:18 -04:00
firmware-guide Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
firmware_class
fpga
gpu drm: Allow drivers to indicate the damage helpers to ignore damage clips 2024-01-31 16:19:08 -08:00
hid HID: Add introduction about HID for non-kernel programmers 2023-08-07 13:24:36 +02:00
hwmon Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
i2c i2c: i801: Add support for Intel Birch Stream SoC 2023-11-28 17:19:46 +00:00
iio
images
infiniband
input input: docs: pxrc: remove reference to phoenix-sim 2023-08-28 12:43:32 -06:00
isdn
kbuild Documentation: kbuild: explain handling optional dependencies 2023-09-25 16:01:05 +09:00
kernel-hacking
leds
litmus-tests
livepatch Documentation: Fix typos 2023-08-18 11:29:03 -06:00
locking Documentation: Fix typos 2023-08-18 11:29:03 -06:00
maintainer Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
mhi
misc-devices
mm Add x86 shadow stack support 2023-08-31 12:20:12 -07:00
netlabel
netlink netlink: specs: devlink: fix reply command values 2023-10-13 17:27:27 -07:00
networking devlink: Fix command annotation documentation 2024-02-23 09:24:50 +01:00
nvdimm
nvme
pcmcia
peci
power Documentation: Fix typos 2023-08-18 11:29:03 -06:00
powerpc docs: kernel_feat.py: fix potential command injection 2024-01-31 16:18:46 -08:00
process rust: upgrade to Rust 1.73.0 2024-02-16 19:10:43 +01:00
riscv docs: kernel_feat.py: fix potential command injection 2024-01-31 16:18:46 -08:00
rust docs: rust: update Rust docs output path 2023-10-19 16:39:03 +02:00
scheduler Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
scsi SCSI misc on 20230902 2023-09-02 12:02:41 -07:00
security Documentation: Fix typos 2023-08-18 11:29:03 -06:00
sound ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument 2024-02-05 20:14:26 +00:00
sphinx docs: kernel_feat.py: fix build error for missing files 2024-02-23 09:25:16 +01:00
sphinx-static
spi Documentation: Fix typos 2023-08-18 11:29:03 -06:00
staging
target
timers
tools rtla: fix a example in rtla-timerlat-hist.rst 2023-09-22 14:44:04 +02:00
trace Documentation: probes: Add a new ret_ip callback parameter 2023-10-17 10:21:45 +09:00
translations docs: kernel_feat.py: fix potential command injection 2024-01-31 16:18:46 -08:00
usb USB / Thunderbolt / PHY driver update for 6.6-rc1 2023-09-01 09:23:34 -07:00
userspace-api media: mc: Expand MUST_CONNECT flag to always require an enabled link 2024-04-03 15:28:17 +02:00
virt ARM: 2023-09-07 13:52:20 -07:00
w1 Documentation: Fix typos 2023-08-18 11:29:03 -06:00
watchdog Documentation: Fix typos 2023-08-18 11:29:03 -06:00
wmi Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
.gitignore
Changes
CodingStyle
Kconfig
Makefile docs: Integrate rustdoc generation into htmldocs 2023-07-21 15:08:46 -06:00
SubmittingPatches
atomic_bitops.txt
atomic_t.txt
conf.py docs: Restore "smart quotes" for quotes 2024-04-03 15:28:22 +02:00
docutils.conf
dontdiff
index.rst
memory-barriers.txt
subsystem-apis.rst docs: consolidate networking interfaces 2023-07-21 14:54:50 -06:00