Re: [PATCH v11 02/12] x86/bhi: Make clear_bhb_loop() effective on newer CPUs

Next message: Peter Griffin: "Re: [PATCH 1/6] firmware: samsung: acpm: Consolidate transfer initialization helper"
Previous message: Dmitry Baryshkov: "Re: [PATCH v5 12/14] media: iris: Add platform data for glymur"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov

Date: Fri May 08 2026 - 17:06:42 EST

On Wed, Apr 22, 2026 at 11:15:15PM -0700, Pawan Gupta wrote:
> As a mitigation for BHI, clear_bhb_loop() executes branches that overwrite
> the Branch History Buffer (BHB). On Alder Lake and newer parts this
> sequence is not sufficient because it doesn't clear enough entries. This
> was not an issue because these CPUs use the BHI_DIS_S hardware mitigation
> in the kernel.
>
> Now with VMSCAPE (BHI variant) it is also required to isolate branch
> history between guests and userspace. Since BHI_DIS_S only protects the
> kernel, the newer CPUs also use IBPB.
>
> A cheaper alternative to the current IBPB mitigation is clear_bhb_loop().
> But it currently does not clear enough BHB entries to be effective on newer
> CPUs with larger BHB. At boot, dynamically set the loop count of
> clear_bhb_loop() such that it is effective on newer CPUs too.
>
> Introduce global loop counts, initializing them with appropriate value
> based on the hardware feature X86_FEATURE_BHI_CTRL.
>
> Suggested-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
> ---
> arch/x86/entry/entry_64.S | 8 +++++---
> arch/x86/include/asm/nospec-branch.h | 2 ++
> arch/x86/kernel/cpu/bugs.c | 13 +++++++++++++
> 3 files changed, 20 insertions(+), 3 deletions(-)

Simple and clean - that's how I like 'em.

Acked-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette