x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto

jira LE-2015
cve CVE-2024-2201
Rebuild_History Non-Buildable kernel-5.14.0-427.42.1.el9_4
commit-author Josh Poimboeuf <[email protected]>
commit 36d4fe1
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
Will be included in final tarball splat. Ref for failed cherry-pick at:
ciq/ciq_backports/kernel-5.14.0-427.42.1.el9_4/36d4fe14.failed

Unlike most other mitigations' "auto" options, spectre_bhi=auto only
mitigates newer systems, which is confusing and not particularly useful.

Remove it.

	Signed-off-by: Josh Poimboeuf <[email protected]>
	Signed-off-by: Ingo Molnar <[email protected]>
	Reviewed-by: Nikolay Borisov <[email protected]>
	Cc: Sean Christopherson <[email protected]>
	Cc: Linus Torvalds <[email protected]>
Link: https://lore.kernel.org/r/412e9dc87971b622bbbaf64740ebc1f140bff343.1712813475.git.jpoimboe@kernel.org
(cherry picked from commit 36d4fe1)
	Signed-off-by: Jonathan Maple <[email protected]>

# Conflicts:
#	Documentation/admin-guide/hw-vuln/spectre.rst
#	Documentation/admin-guide/kernel-parameters.txt
#	arch/x86/Kconfig
#	arch/x86/kernel/cpu/bugs.c

Author: PlaidCat

ciq/ciq_backports/kernel-5.14.0-427.42.1.el9_4/36d4fe14.failed

@@ -0,0 +1,201 @@
+x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
+
+jira LE-2015
+cve CVE-2024-2201
+Rebuild_History Non-Buildable kernel-5.14.0-427.42.1.el9_4
+commit-author Josh Poimboeuf <[email protected]>
+commit 36d4fe147c870f6d3f6602befd7ef44393a1c87a
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-5.14.0-427.42.1.el9_4/36d4fe14.failed
+
+Unlike most other mitigations' "auto" options, spectre_bhi=auto only
+mitigates newer systems, which is confusing and not particularly useful.
+
+Remove it.
+
+	Signed-off-by: Josh Poimboeuf <[email protected]>
+	Signed-off-by: Ingo Molnar <[email protected]>
+	Reviewed-by: Nikolay Borisov <[email protected]>
+	Cc: Sean Christopherson <[email protected]>
+	Cc: Linus Torvalds <[email protected]>
+Link: https://lore.kernel.org/r/412e9dc87971b622bbbaf64740ebc1f140bff343.1712813475.git.jpoimboe@kernel.org
+(cherry picked from commit 36d4fe147c870f6d3f6602befd7ef44393a1c87a)
+	Signed-off-by: Jonathan Maple <[email protected]>
+
+# Conflicts:
+#	Documentation/admin-guide/hw-vuln/spectre.rst
+#	Documentation/admin-guide/kernel-parameters.txt
+#	arch/x86/Kconfig
+#	arch/x86/kernel/cpu/bugs.c
+diff --cc Documentation/admin-guide/hw-vuln/spectre.rst
+index 166facdabe9f,25a04cda4c2c..000000000000
+--- a/Documentation/admin-guide/hw-vuln/spectre.rst
++++ b/Documentation/admin-guide/hw-vuln/spectre.rst
+@@@ -638,6 -658,18 +638,21 @@@ kernel command line
+  		spectre_v2=off. Spectre variant 1 mitigations
+  		cannot be disabled.
+  
+++<<<<<<< HEAD
+++=======
++ 	spectre_bhi=
++ 
++ 		[X86] Control mitigation of Branch History Injection
++ 		(BHI) vulnerability.  This setting affects the deployment
++ 		of the HW BHI control and the SW BHB clearing sequence.
++ 
++ 		on
++ 			(default) Enable the HW or SW mitigation as
++ 			needed.
++ 		off
++ 			Disable the mitigation.
++ 
+++>>>>>>> 36d4fe147c87 (x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto)
+  For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt
+  
+  Mitigation selection guide
+diff --cc Documentation/admin-guide/kernel-parameters.txt
+index f74f25f00a14,902ecd92a29f..000000000000
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@@ -5722,7 -6064,16 +5722,20 @@@
+  	sonypi.*=	[HW] Sony Programmable I/O Control Device driver
+  			See Documentation/admin-guide/laptops/sonypi.rst
+  
+++<<<<<<< HEAD
+ +	spectre_v2=	[X86] Control mitigation of Spectre variant 2
+++=======
++ 	spectre_bhi=	[X86] Control mitigation of Branch History Injection
++ 			(BHI) vulnerability.  This setting affects the
++ 			deployment of the HW BHI control and the SW BHB
++ 			clearing sequence.
++ 
++ 			on   - (default) Enable the HW or SW mitigation
++ 			       as needed.
++ 			off  - Disable the mitigation.
++ 
++ 	spectre_v2=	[X86,EARLY] Control mitigation of Spectre variant 2
+++>>>>>>> 36d4fe147c87 (x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto)
+  			(indirect branch speculation) vulnerability.
+  			The default operation protects the kernel from
+  			user space attacks.
+diff --cc arch/x86/Kconfig
+index 2e3190218496,b63b6767a63d..000000000000
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@@ -2641,6 -2633,27 +2641,30 @@@ config MITIGATION_RFD
+  	  stored in floating point, vector and integer registers.
+  	  See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst>
+  
+++<<<<<<< HEAD
+++=======
++ choice
++ 	prompt "Clear branch history"
++ 	depends on CPU_SUP_INTEL
++ 	default SPECTRE_BHI_ON
++ 	help
++ 	  Enable BHI mitigations. BHI attacks are a form of Spectre V2 attacks
++ 	  where the branch history buffer is poisoned to speculatively steer
++ 	  indirect branches.
++ 	  See <file:Documentation/admin-guide/hw-vuln/spectre.rst>
++ 
++ config SPECTRE_BHI_ON
++ 	bool "on"
++ 	help
++ 	  Equivalent to setting spectre_bhi=on command line parameter.
++ config SPECTRE_BHI_OFF
++ 	bool "off"
++ 	help
++ 	  Equivalent to setting spectre_bhi=off command line parameter.
++ 
++ endchoice
++ 
+++>>>>>>> 36d4fe147c87 (x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto)
+  endif
+  
+  config ARCH_HAS_ADD_PAGES
+diff --cc arch/x86/kernel/cpu/bugs.c
+index d1c0c8f6898b,6af4780a18ed..000000000000
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@@ -1612,6 -1606,73 +1612,76 @@@ static void __init spectre_v2_determine
+  	dump_stack();
+  }
+  
+++<<<<<<< HEAD
+++=======
++ /*
++  * Set BHI_DIS_S to prevent indirect branches in kernel to be influenced by
++  * branch history in userspace. Not needed if BHI_NO is set.
++  */
++ static bool __init spec_ctrl_bhi_dis(void)
++ {
++ 	if (!boot_cpu_has(X86_FEATURE_BHI_CTRL))
++ 		return false;
++ 
++ 	x86_spec_ctrl_base |= SPEC_CTRL_BHI_DIS_S;
++ 	update_spec_ctrl(x86_spec_ctrl_base);
++ 	setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_HW);
++ 
++ 	return true;
++ }
++ 
++ enum bhi_mitigations {
++ 	BHI_MITIGATION_OFF,
++ 	BHI_MITIGATION_ON,
++ };
++ 
++ static enum bhi_mitigations bhi_mitigation __ro_after_init =
++ 	IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : BHI_MITIGATION_OFF;
++ 
++ static int __init spectre_bhi_parse_cmdline(char *str)
++ {
++ 	if (!str)
++ 		return -EINVAL;
++ 
++ 	if (!strcmp(str, "off"))
++ 		bhi_mitigation = BHI_MITIGATION_OFF;
++ 	else if (!strcmp(str, "on"))
++ 		bhi_mitigation = BHI_MITIGATION_ON;
++ 	else
++ 		pr_err("Ignoring unknown spectre_bhi option (%s)", str);
++ 
++ 	return 0;
++ }
++ early_param("spectre_bhi", spectre_bhi_parse_cmdline);
++ 
++ static void __init bhi_select_mitigation(void)
++ {
++ 	if (bhi_mitigation == BHI_MITIGATION_OFF)
++ 		return;
++ 
++ 	/* Retpoline mitigates against BHI unless the CPU has RRSBA behavior */
++ 	if (cpu_feature_enabled(X86_FEATURE_RETPOLINE)) {
++ 		spec_ctrl_disable_kernel_rrsba();
++ 		if (rrsba_disabled)
++ 			return;
++ 	}
++ 
++ 	if (spec_ctrl_bhi_dis())
++ 		return;
++ 
++ 	if (!IS_ENABLED(CONFIG_X86_64))
++ 		return;
++ 
++ 	/* Mitigate KVM by default */
++ 	setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT);
++ 	pr_info("Spectre BHI mitigation: SW BHB clearing on vm exit\n");
++ 
++ 	/* Mitigate syscalls when the mitigation is forced =on */
++ 	setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP);
++ 	pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n");
++ }
++ 
+++>>>>>>> 36d4fe147c87 (x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto)
+  static void __init spectre_v2_select_mitigation(void)
+  {
+  	enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
+* Unmerged path Documentation/admin-guide/hw-vuln/spectre.rst
+* Unmerged path Documentation/admin-guide/kernel-parameters.txt
+* Unmerged path arch/x86/Kconfig
+* Unmerged path arch/x86/kernel/cpu/bugs.c