Branch History Injection (BHI) is a CPU side-channel vulnerability, where
an attacker may manipulate branch history before transitioning from user
to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
mitigation is required to prevent BHI.

Make BHI_NO bit available to guests.

Tested-by: Xuelian Guo <xuelian.guo@intel.com>
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 6db8d6c9ba..33fb27a611 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1364,7 +1364,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             "taa-no", NULL, NULL, NULL,
             NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no",
             NULL, "fb-clear", NULL, NULL,
-            NULL, NULL, NULL, NULL,
+            "bhi-no", NULL, NULL, NULL,
             "pbrsb-no", NULL, "gds-no", "rfds-no",
             "rfds-clear", NULL, NULL, NULL,
         },
-- 
2.34.1

On 1/21/2025 10:06 AM, Tao Su wrote:
> Branch History Injection (BHI) is a CPU side-channel vulnerability, where
> an attacker may manipulate branch history before transitioning from user
> to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
> BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
> mitigation is required to prevent BHI.
> 
> Make BHI_NO bit available to guests.
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

> ---
>   target/i386/cpu.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 6db8d6c9ba..33fb27a611 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1364,7 +1364,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
>               "taa-no", NULL, NULL, NULL,
>               NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no",
>               NULL, "fb-clear", NULL, NULL,
> -            NULL, NULL, NULL, NULL,
> +            "bhi-no", NULL, NULL, NULL,
>               "pbrsb-no", NULL, "gds-no", "rfds-no",
>               "rfds-clear", NULL, NULL, NULL,
>           },

On Tue, Jan 21, 2025 at 10:06:48AM +0800, Tao Su wrote:
> Branch History Injection (BHI) is a CPU side-channel vulnerability, where
> an attacker may manipulate branch history before transitioning from user
> to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
> BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
> mitigation is required to prevent BHI.
> 
> Make BHI_NO bit available to guests.
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>

Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>

On Tue, Jan 21, 2025 at 10:06:48AM +0800, Tao Su wrote:
> Date: Tue, 21 Jan 2025 10:06:48 +0800
> From: Tao Su <tao1.su@linux.intel.com>
> Subject: [PATCH 2/4] target/i386: Export BHI_NO bit to guests
> X-Mailer: git-send-email 2.34.1
> 
> Branch History Injection (BHI) is a CPU side-channel vulnerability, where
> an attacker may manipulate branch history before transitioning from user
> to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
> BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
> mitigation is required to prevent BHI.
> 
> Make BHI_NO bit available to guests.
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>
> ---
>  target/i386/cpu.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>