From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from localhost ([127.0.0.1] helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtp (Exim 4.80) (envelope-from ) id 1fCsWu-0002XB-AN for speck@linutronix.de; Sun, 29 Apr 2018 22:02:40 +0200 Message-Id: <20180429193045.711908246@linutronix.de> Date: Sun, 29 Apr 2018 21:30:45 +0200 From: Thomas Gleixner Subject: [patch V7 00/15] SBB 0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: speck@linutronix.de List-ID: This is an update based on Konrads V6 series. The major changes are: - Distangle the mitigation control from the AMD/Intel cpu init code and keep it confined to bugs.c. That's cleaner and required to make the prctl mode work properly on both AMD and Intel - Avoid parsing the command line when RDS is not supported at all. - Make all the spec ctrl msr related variables __ro_after_init instead of read_mostly. Nothing can fiddle with them after boot. - Integrate the PRCTL: - Split it up into separate patches - Use the new scheme as proposed by Jon Masters - Document the interface and return values - Implement the context magic as I suggested in the earlier review - Make it work for both AMD and Intel - Allow caching of the AMD magic MSR to avoid a RMW in context switch. - Implement the arch prctl according to the new scheme w/o all the magic nonsense of allowing writes when prctl control is disabled and reusing the existing functions instead of adding yet another pile. Things which need some thought: - The default mode for Intel is now PRCTL controlled, which might be OK for enterprise distro stuff. But what is going to happen for the rest of the world? Are the browsers prctl enabled on CRD? I seriously doubt that and I'm pondering to make the default ON for that very reason. We should not require that Joe User has to add magic crap to the kernel command line to get protected. Enterprise admins should know how to do that. TODOs: - Make the prctl documentation rst properly formatted - Write a patch for the prctl(2) man page Thanks, tglx 8<-------------- Documentation/admin-guide/kernel-parameters.txt | 36 ++ Documentation/userspace-api/index.rst | 1 arch/x86/include/asm/cpufeatures.h | 4 arch/x86/include/asm/msr-index.h | 3 arch/x86/include/asm/nospec-branch.h | 32 +- arch/x86/include/asm/thread_info.h | 4 arch/x86/kernel/cpu/amd.c | 21 + arch/x86/kernel/cpu/bugs.c | 337 +++++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 47 ++- arch/x86/kernel/cpu/cpu.h | 2 arch/x86/kernel/cpu/intel.c | 1 arch/x86/kernel/process.c | 22 + arch/x86/kvm/cpuid.c | 2 arch/x86/kvm/svm.c | 8 arch/x86/kvm/vmx.c | 16 - b/Documentation/userspace-api/spec_ctrl.rst | 65 ++++ b/arch/x86/include/asm/specctrl.h | 38 ++ drivers/base/cpu.c | 8 include/linux/cpu.h | 2 include/linux/nospec.h | 5 include/uapi/linux/prctl.h | 11 kernel/sys.c | 18 + 22 files changed, 638 insertions(+), 45 deletions(-)