Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-26 22:21:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
9875c0beb8
linux/Documentation
History
Linus Torvalds 2bb69f5fc7 x86 mitigations for the native BHI hardware vulnerabilty: 
Branch History Injection (BHI) attacks may allow a malicious application to
 influence indirect branch prediction in kernel by poisoning the branch
 history. eIBRS isolates indirect branch targets in ring0.  The BHB can
 still influence the choice of indirect branch predictor entry, and although
 branch predictor entries are isolated between modes when eIBRS is enabled,
 the BHB itself is not isolated between modes.
 
 Add mitigations against it either with the help of microcode or with
 software sequences for the affected CPUs.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmYUKPMTHHRnbHhAbGlu
 dXRyb25peC5kZQAKCRCmGPVMDXSYofT8EACJJix+GzGUcJjOvfWFZcxwziY152hO
 5XSzHOZZL6oz5Yk/Rye/S9RVTN7aDjn1CEvI0cD/ULxaTP869sS9dDdUcHhEJ//5
 6hjqWsWiKc1QmLjBy3Pcb97GZHQXM5a9D1f6jXnJD+0FMLbQHpzSEBit0H4tv/TC
 75myGgYihvUbhN9/bL10M5fz+UADU42nChvPWDMr9ukljjCqa46tPTmKUIAW5TWj
 /xsyf+Nk+4kZpdaidKGhpof6KCV2rNeevvzUGN8Pv5y13iAmvlyplqTcQ6dlubnZ
 CuDX5Ji9spNF9WmhKpLgy5N+Ocb64oVHov98N2zw1sT1N8XOYcSM0fBj7SQIFURs
 L7T4jBZS+1c3ZGJPPFWIaGjV8w1ZMhelglwJxjY7ZgRD6fK3mwRx/ks54J8H4HjE
 FbirXaZLeKlscDIOKtnxxKoIGwpdGwLKQYi/wEw7F9NhCLSj9wMia+j3uYIUEEHr
 6xEiYEtyjcV3ocxagH7eiHyrasOKG64vjx2h1XodusBA2Wrvgm/jXlchUu+wb6B4
 LiiZJt+DmOdQ1h5j3r2rt3hw7+nWa7kyq34qfN6NSUCHiedp6q7BClueSaKiOCGk
 RoNibNiS+CqaxwGxj/RGuvajEJeEMCsLuCxzT3aeaDBsqscW6Ka/HkGA76Tpb5nJ
 E3JyjYE7AlG4rw==
 =W0W3
 -----END PGP SIGNATURE-----

Merge tag 'nativebhi' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 mitigations from Thomas Gleixner:
 "Mitigations for the native BHI hardware vulnerabilty:

  Branch History Injection (BHI) attacks may allow a malicious
  application to influence indirect branch prediction in kernel by
  poisoning the branch history. eIBRS isolates indirect branch targets
  in ring0. The BHB can still influence the choice of indirect branch
  predictor entry, and although branch predictor entries are isolated
  between modes when eIBRS is enabled, the BHB itself is not isolated
  between modes.

  Add mitigations against it either with the help of microcode or with
  software sequences for the affected CPUs"

[ This also ends up enabling the full mitigation by default despite the
  system call hardening, because apparently there are other indirect
  calls that are still sufficiently reachable, and the 'auto' case just
  isn't hardened enough.

  We'll have some more inevitable tweaking in the future    - Linus ]

* tag 'nativebhi' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  KVM: x86: Add BHI_NO
  x86/bhi: Mitigate KVM by default
  x86/bhi: Add BHI mitigation knob
  x86/bhi: Enumerate Branch History Injection (BHI) bug
  x86/bhi: Define SPEC_CTRL_BHI_DIS_S
  x86/bhi: Add support for clearing branch history at syscall entry
  x86/syscall: Don't force use of indirect calls for system calls
  x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
2024-04-08 20:07:51 -07:00
..
ABI Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
accel
accounting
admin-guide x86 mitigations for the native BHI hardware vulnerabilty: 2024-04-08 20:07:51 -07:00
arch Documentation/x86: Fix title underline length 2024-03-25 11:29:16 +01:00
block
bpf bpf, docs: Rename legacy conformance group to packet 2024-03-04 14:31:06 +01:00
cdrom
core-api workqueue: Changes for v6.9 2024-03-11 12:50:42 -07:00
cpu-freq
crypto
dev-tools Documentation: dev-tools: Add link to RV docs 2024-03-29 08:27:21 -06:00
devicetree Devicetree fixes for v6.9, part 1: 2024-04-05 14:07:22 -07:00
doc-guide docs: drop the version constraints for sphinx and dependencies 2024-03-03 08:17:20 -07:00
driver-api TTY/Serial driver update for 6.9-rc1 2024-03-21 12:44:10 -07:00
fault-injection Fixed case issue with 'fault-injection' in documentation 2024-02-21 13:44:21 -07:00
fb
features membarrier: riscv: Provide core serializing command 2024-02-15 08:04:14 -08:00
filesystems f2fs update for 6.9-rc1 2024-03-18 11:26:00 -07:00
firmware_class
firmware-guide More ACPI updates for 6.9-rc1 2024-03-19 11:15:14 -07:00
fpga
gpu drm-misc-next for v6.9: 2024-02-26 09:51:49 +01:00
hid
hwmon hwmon: (aspeed-g6-pwm-tacho): Support for ASPEED g6 PWM/Fan tach 2024-03-07 10:50:16 -08:00
i2c Documentation: i2c: Document that client auto-detection is a legacy mechanism 2024-03-07 09:42:09 +01:00
iio docs: iio: add documentation for adis16475 driver 2024-02-28 19:26:36 +00:00
images
infiniband
input
isdn
kbuild Documentation/llvm: Note s390 LLVM=1 support with LLVM 18.1.0 and newer 2024-03-31 21:09:50 +09:00
kernel-hacking
leds
litmus-tests
livepatch
locking
maintainer
mhi
misc-devices
mm This pull request contains updates for UBI and UBIFS: 2024-03-21 15:09:29 -07:00
netlabel
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-03-11 20:38:36 -07:00
networking Documentation: Add documentation for eswitch attribute 2024-03-28 18:20:08 -07:00
nvdimm
nvme
PCI
pcmcia
peci
power Documentation: power: Fix typo in suspend and interrupts doc 2024-03-13 20:51:11 +01:00
process A handful of late-arriving documentation fixes and enhancements. 2024-03-20 09:36:46 -07:00
RCU A moderatly busy cycle for development this time around. 2024-03-12 15:18:34 -07:00
rust arm64 updates for 6.9: 2024-03-14 15:35:42 -07:00
scheduler A single update for the documentation of the base_slice_ns tunable to 2024-03-24 11:11:05 -07:00
scsi
security
sound ALSA: doc: Use DEFINE_SIMPLE_DEV_PM_OPS() 2024-02-12 11:50:26 +01:00
sphinx docs: drop the version constraints for sphinx and dependencies 2024-03-03 08:17:20 -07:00
sphinx-static
spi spi: docs: spidev: fix echo command format 2024-03-19 18:37:55 +00:00
staging docs: staging: fix typo in docs 2024-02-08 15:38:21 -07:00
target
tee
timers
tools tools/rtla: Add -U/--user-load option to timerlat 2024-03-20 05:39:06 +01:00
trace tracing/user_events: Document multi-format flag 2024-03-18 10:13:16 -04:00
translations - Sumanth Korikkar has taught s390 to allocate hotplug-time page frames 2024-03-14 17:43:30 -07:00
usb Documentation: usb: Document FunctionFS DMABUF API 2024-02-17 17:00:09 +01:00
userspace-api media updates for v6.9-rc1 2024-03-15 11:36:54 -07:00
virt Documentation: kvm/sev: clarify usage of KVM_MEMORY_ENCRYPT_OP 2024-03-18 19:03:53 -04:00
w1 w1: add UART w1 bus driver 2024-02-15 15:02:33 +01:00
watchdog
wmi platform/x86: wmi: Update documentation regarding _WED 2024-02-27 14:44:31 +02:00
.gitignore
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py docs: Restore "smart quotes" for quotes 2024-02-28 15:48:18 -07:00
docutils.conf
dontdiff
index.rst A moderatly busy cycle for development this time around. 2024-03-12 15:18:34 -07:00
Kconfig
Makefile docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than htmldocs 2024-03-05 11:06:43 -07:00
memory-barriers.txt
SubmittingPatches
subsystem-apis.rst