RE: [RFC PATCH 15/56] x86/bugs: Reset BHI mitigations

From: Kaplan, David
Date: Fri Oct 24 2025 - 11:04:48 EST

Next message: Borislav Petkov: "Re: [PATCH v7 2/8] x86/mce: Unify AMD DFR handler with MCA Polling"
Previous message: Mathieu Poirier: "Re: [PATCH] dt-bindings: Remove extra blank lines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
> Sent: Thursday, October 23, 2025 9:49 PM
> To: Kaplan, David <David.Kaplan@xxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>; Borislav Petkov <bp@xxxxxxxxx>; Peter
> Zijlstra <peterz@xxxxxxxxxxxxx>; Josh Poimboeuf <jpoimboe@xxxxxxxxxx>; Ingo
> Molnar <mingo@xxxxxxxxxx>; Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>;
> x86@xxxxxxxxxx; H . Peter Anvin <hpa@xxxxxxxxx>; Alexander Graf
> <graf@xxxxxxxxxx>; Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>; linux-
> kernel@xxxxxxxxxxxxxxx
> Subject: Re: [RFC PATCH 15/56] x86/bugs: Reset BHI mitigations
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Oct 13, 2025 at 09:34:03AM -0500, David Kaplan wrote:
> > Add function to reset BHI mitigations back to their boot-time defaults.
> >
> > Signed-off-by: David Kaplan <david.kaplan@xxxxxxx>
> > ---
> > arch/x86/kernel/cpu/bugs.c | 12 ++++++++++++
> > 1 file changed, 12 insertions(+)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index e765ac0b9240..67561e5c2154 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -2360,6 +2360,17 @@ static void __init bhi_apply_mitigation(void)
> > setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT);
> > }
> >
> > +#ifdef CONFIG_DYNAMIC_MITIGATIONS
> > +static void bhi_reset_mitigation(void)
> > +{
> > + /* RRSBA already cleared in spectre_v2_reset_mitigation() */
> > + setup_clear_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT);
> > + setup_clear_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP);
>
> Also needs to reset SPEC_CTRL_BHI_DIS_S in x86_spec_ctrl_base.
>
> An alternative is to add spec_ctrl_reset_mitigation() that resets
> x86_spec_ctrl_base for SPEC_CTRL_MITIGATIONS_MASK. To be consistent with
> reset functions of other mitigations, probably also reset the MSR.

Actually I think it's better if none of the reset functions touch the MSR. That only runs on whatever thread is doing the reset, which is random. The __cpu_update_alternatives() function will later update all speculation related MSRs on all CPUs after new mitigations are selected. This also avoids a window where the MSR setting might be insecure even though a mitigation is not actually changing.

I will add resetting SPEC_CTRL_BHI_DIS_S though, looks like I missed that one.

Thanks
--David Kaplan

Next message: Borislav Petkov: "Re: [PATCH v7 2/8] x86/mce: Unify AMD DFR handler with MCA Polling"
Previous message: Mathieu Poirier: "Re: [PATCH] dt-bindings: Remove extra blank lines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]