x86/bhi: Do not set BHI_DIS_S in 32-bit mode

With the possibility of intra-mode BHI via cBPF, complete mitigation for
BHI is to use IBHF (history fence) instruction with BHI_DIS_S set. Since
this new instruction is only available in 64-bit mode, setting BHI_DIS_S in
32-bit mode is only a partial mitigation.

Do not set BHI_DIS_S in 32-bit mode so as to avoid reporting misleading
mitigated status. With this change IBHF won't be used in 32-bit mode, also
remove the CONFIG_X86_64 check from emit_spectre_bhb_barrier().

Suggested-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 362602b705cc43bd5e9df7c2157f44e7bfb304b9..f219f0f4f2d11d1f59d32ab8b717750d2bb71daa 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1697,11 +1697,11 @@ static void __init bhi_select_mitigation(void)
                        return;
        }
 
-       /* Mitigate in hardware if supported */
-       if (spec_ctrl_bhi_dis())
+       if (!IS_ENABLED(CONFIG_X86_64))
                return;
 
-       if (!IS_ENABLED(CONFIG_X86_64))
+       /* Mitigate in hardware if supported */
+       if (spec_ctrl_bhi_dis())
                return;
 
        if (bhi_mitigation == BHI_MITIGATION_VMEXIT_ONLY) {

diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index e472572392ef6c904ed233ec99ecd6ab29797c51..8a0fabb850b7725c942e6e16927d7e96f6004385 100644 (file)
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -1527,8 +1527,7 @@ static int emit_spectre_bhb_barrier(u8 **pprog, u8 *ip,
        /* Insert IBHF instruction */
        if ((cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_LOOP) &&
             cpu_feature_enabled(X86_FEATURE_HYPERVISOR)) ||
-           (cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW) &&
-            IS_ENABLED(CONFIG_X86_64))) {
+           cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW)) {
                /*
                 * Add an Indirect Branch History Fence (IBHF). IBHF acts as a
                 * fence preventing branch history from before the fence from
@@ -1538,6 +1537,8 @@ static int emit_spectre_bhb_barrier(u8 **pprog, u8 *ip,
                 * hardware that doesn't need or support it.  The REP and REX.W
                 * prefixes are required by the microcode, and they also ensure
                 * that the NOP is unlikely to be used in existing code.
+                *
+                * IBHF is not a valid instruction in 32-bit mode.
                 */
                EMIT5(0xF3, 0x48, 0x0F, 0x1E, 0xF8); /* ibhf */
        }