x86/bugs: Fix BHI documentation

Fix up some inaccuracies in the BHI documentation. Fixes: ec9404e4 ("x86/bhi: Add BHI mitigation knob") Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Nikolay Borisov <nik.borisov@suse.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Sean Christopherson <seanjc@google.com> Link: https://lore.kernel.org/r/8c84f7451bfe0dd08543c6082a383f390d4aa7e2.1712813475.git.jpoimboe@kernel.org

x86/bugs: Fix BHI documentation
Fix up some inaccuracies in the BHI documentation. Fixes: ec9404e4 ("x86/bhi: Add BHI mitigation knob") Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Nikolay Borisov <nik.borisov@suse.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Sean Christopherson <seanjc@google.com> Link: https://lore.kernel.org/r/8c84f7451bfe0dd08543c6082a383f390d4aa7e2.1712813475.git.jpoimboe@kernel.org
dfe64890 · Josh Poimboeuf · Ingo Molnar · f337a6a2 · dfe64890 · dfe64890
Commit dfe64890 authored Apr 10, 2024 by Josh Poimboeuf Committed by Ingo Molnar Apr 11, 2024
Showing with 15 additions and 12 deletions

Documentation/admin-guide/hw-vuln/spectre.rst Documentation/admin-guide/hw-vuln/spectre.rst +8 -7

Documentation/admin-guide/kernel-parameters.txt Documentation/admin-guide/kernel-parameters.txt +7 -5

No files found.
--- a/Documentation/admin-guide/hw-vuln/spectre.rst
+++ b/Documentation/admin-guide/hw-vuln/spectre.rst
@@ -439,11 +439,11 @@ The possible values in this file are:
   - System is protected by retpoline
 * - BHI: BHI_DIS_S
   - System is protected by BHI_DIS_S
- * - BHI: SW loop; KVM SW loop
+ * - BHI: SW loop, KVM SW loop
   - System is protected by software clearing sequence
 * - BHI: Syscall hardening
   - Syscalls are hardened against BHI
- * - BHI: Syscall hardening; KVM: SW loop
+ * - BHI: Syscall hardening, KVM: SW loop
   - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence
 Full mitigation might require a microcode update from the CPU
@@ -666,13 +666,14 @@ kernel command line.
 		of the HW BHI control and the SW BHB clearing sequence.
 		on
-			unconditionally enable.
+			(default) Enable the HW or SW mitigation as
+			needed.
 		off
-			unconditionally disable.
+			Disable the mitigation.
 		auto
-			enable if hardware mitigation
+			Enable the HW mitigation if needed, but
-			control(BHI_DIS_S) is available, otherwise
+			*don't* enable the SW mitigation except for KVM.
-			enable alternate mitigation in KVM.
+			The system may be vulnerable.
 For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt

--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3444,6 +3444,7 @@
 					       retbleed=off [X86]
 					       spec_rstack_overflow=off [X86]
 					       spec_store_bypass_disable=off [X86,PPC]
+					       spectre_bhi=off [X86]
 					       spectre_v2_user=off [X86]
 					       srbds=off [X86,INTEL]
 					       ssbd=force-off [ARM64]
@@ -6069,11 +6070,12 @@
 			deployment of the HW BHI control and the SW BHB
 			clearing sequence.
-			on   - unconditionally enable.
+			on   - (default) Enable the HW or SW mitigation
-			off  - unconditionally disable.
+			       as needed.
-			auto - (default) enable hardware mitigation
+			off  - Disable the mitigation.
-			       (BHI_DIS_S) if available, otherwise enable
+			auto - Enable the HW mitigation if needed, but
-			       alternate mitigation in KVM.
+			       *don't* enable the SW mitigation except
+			       for KVM.  The system may be vulnerable.
 	spectre_v2=	[X86,EARLY] Control mitigation of Spectre variant 2
 			(indirect branch speculation) vulnerability.