* [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels
@ 2024-04-09 17:51 Sean Christopherson
2024-04-09 17:51 ` [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Sean Christopherson
` (3 more replies)
0 siblings, 4 replies; 30+ messages in thread
From: Sean Christopherson @ 2024-04-09 17:51 UTC (permalink / raw)
To: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf
Cc: linux-doc, linux-kernel, Sean Christopherson, Pawan Gupta,
Daniel Sneddon
Fix the handling of SPECULATION_MITIGATIONS=n so that it actually does
what it says it does: disable any and all mitigations.
And because I don't see a way to provide sane behavior for overriding
SPECULATION_MITIGATIONS=n at runtime, explicitly disallow doing so via
the "mitigations" kernel parameter, e.g. so that the user at least knows
that their system is still likely vulnerable to a variety of issues.
Sean Christopherson (3):
x86/cpu: Actually turn off mitigations by default for
SPECULATION_MITIGATIONS=n
x86/cpu: Disable BHI mitigation by default when
SPECULATION_MITIGATIONS=n
x86/cpu: Ignore "mitigations" kernel parameter if
SPECULATION_MITIGATIONS=n
Documentation/admin-guide/kernel-parameters.txt | 3 +++
arch/x86/Kconfig | 10 +++++++---
arch/x86/kernel/cpu/bugs.c | 6 +++---
kernel/cpu.c | 5 ++++-
4 files changed, 17 insertions(+), 7 deletions(-)
base-commit: 2c71fdf02a95b3dd425b42f28fd47fb2b1d22702
--
2.44.0.478.gd926399ef9-goog
^ permalink raw reply [flat|nested] 30+ messages in thread* [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-09 17:51 [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels Sean Christopherson @ 2024-04-09 17:51 ` Sean Christopherson 2024-04-10 14:31 ` [tip: x86/urgent] " tip-bot2 for Sean Christopherson ` (2 more replies) 2024-04-09 17:51 ` [PATCH 2/3] x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n Sean Christopherson ` (2 subsequent siblings) 3 siblings, 3 replies; 30+ messages in thread From: Sean Christopherson @ 2024-04-09 17:51 UTC (permalink / raw) To: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf Cc: linux-doc, linux-kernel, Sean Christopherson, Pawan Gupta, Daniel Sneddon Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly states that disabling SPECULATION_MITIGATIONS is supposed to turn off all mitigations by default. │ If you say N, all mitigations will be disabled. You really │ should know what you are doing to say so. As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson <seanjc@google.com> --- kernel/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/cpu.c b/kernel/cpu.c index 8f6affd051f7..07ad53b7f119 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3207,7 +3207,8 @@ enum cpu_mitigations { }; static enum cpu_mitigations cpu_mitigations __ro_after_init = - CPU_MITIGATIONS_AUTO; + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : + CPU_MITIGATIONS_OFF; static int __init mitigations_parse_cmdline(char *arg) { -- 2.44.0.478.gd926399ef9-goog ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [tip: x86/urgent] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-09 17:51 ` [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Sean Christopherson @ 2024-04-10 14:31 ` tip-bot2 for Sean Christopherson 2024-04-13 1:53 ` Stephen Rothwell 2024-04-15 11:13 ` Geert Uytterhoeven 2 siblings, 0 replies; 30+ messages in thread From: tip-bot2 for Sean Christopherson @ 2024-04-10 14:31 UTC (permalink / raw) To: linux-tip-commits Cc: Sean Christopherson, Ingo Molnar, Daniel Sneddon, stable, Linus Torvalds, x86, linux-kernel The following commit has been merged into the x86/urgent branch of tip: Commit-ID: f337a6a21e2fd67eadea471e93d05dd37baaa9be Gitweb: https://git.kernel.org/tip/f337a6a21e2fd67eadea471e93d05dd37baaa9be Author: Sean Christopherson <seanjc@google.com> AuthorDate: Tue, 09 Apr 2024 10:51:05 -07:00 Committer: Ingo Molnar <mingo@kernel.org> CommitterDate: Wed, 10 Apr 2024 16:22:47 +02:00 x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly states that disabling SPECULATION_MITIGATIONS is supposed to turn off all mitigations by default. │ If you say N, all mitigations will be disabled. You really │ should know what you are doing to say so. As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Cc: stable@vger.kernel.org Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: https://lore.kernel.org/r/20240409175108.1512861-2-seanjc@google.com --- kernel/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/cpu.c b/kernel/cpu.c index 8f6affd..07ad53b 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3207,7 +3207,8 @@ enum cpu_mitigations { }; static enum cpu_mitigations cpu_mitigations __ro_after_init = - CPU_MITIGATIONS_AUTO; + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : + CPU_MITIGATIONS_OFF; static int __init mitigations_parse_cmdline(char *arg) { ^ permalink raw reply related [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-09 17:51 ` [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Sean Christopherson @ 2024-04-13 1:53 ` Stephen Rothwell 2024-04-13 1:53 ` Stephen Rothwell 2024-04-15 11:13 ` Geert Uytterhoeven 2 siblings, 0 replies; 30+ messages in thread From: Stephen Rothwell @ 2024-04-13 1:53 UTC (permalink / raw) To: Sean Christopherson Cc: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, Michael Ellerman [-- Attachment #1: Type: text/plain, Size: 1731 bytes --] Hi Sean, I noticed this commit in linux-next. On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > > Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built > with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly > states that disabling SPECULATION_MITIGATIONS is supposed to turn off all > mitigations by default. > > │ If you say N, all mitigations will be disabled. You really > │ should know what you are doing to say so. > > As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in > some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. > > Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") > Cc: stable@vger.kernel.org > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > kernel/cpu.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/kernel/cpu.c b/kernel/cpu.c > index 8f6affd051f7..07ad53b7f119 100644 > --- a/kernel/cpu.c > +++ b/kernel/cpu.c > @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > }; > > static enum cpu_mitigations cpu_mitigations __ro_after_init = > - CPU_MITIGATIONS_AUTO; > + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > + CPU_MITIGATIONS_OFF; > > static int __init mitigations_parse_cmdline(char *arg) > { > -- > 2.44.0.478.gd926399ef9-goog > I noticed because it turned off all mitigations for my PowerPC qemu boot tests - probably because CONFIG_SPECULATION_MITIGATIONS only exists in arch/x86/Kconfig ... thus for other architectures that have cpu mitigations, this will always default them to off, right? -- Cheers, Stephen Rothwell [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-13 1:53 ` Stephen Rothwell 0 siblings, 0 replies; 30+ messages in thread From: Stephen Rothwell @ 2024-04-13 1:53 UTC (permalink / raw) To: Sean Christopherson Cc: x86, Jonathan Corbet, Peter Zijlstra, Dave Hansen, linux-doc, linux-kernel, Ingo Molnar, Borislav Petkov, Pawan Gupta, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon [-- Attachment #1: Type: text/plain, Size: 1731 bytes --] Hi Sean, I noticed this commit in linux-next. On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > > Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built > with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly > states that disabling SPECULATION_MITIGATIONS is supposed to turn off all > mitigations by default. > > │ If you say N, all mitigations will be disabled. You really > │ should know what you are doing to say so. > > As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in > some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. > > Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") > Cc: stable@vger.kernel.org > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > kernel/cpu.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/kernel/cpu.c b/kernel/cpu.c > index 8f6affd051f7..07ad53b7f119 100644 > --- a/kernel/cpu.c > +++ b/kernel/cpu.c > @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > }; > > static enum cpu_mitigations cpu_mitigations __ro_after_init = > - CPU_MITIGATIONS_AUTO; > + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > + CPU_MITIGATIONS_OFF; > > static int __init mitigations_parse_cmdline(char *arg) > { > -- > 2.44.0.478.gd926399ef9-goog > I noticed because it turned off all mitigations for my PowerPC qemu boot tests - probably because CONFIG_SPECULATION_MITIGATIONS only exists in arch/x86/Kconfig ... thus for other architectures that have cpu mitigations, this will always default them to off, right? -- Cheers, Stephen Rothwell [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-13 1:53 ` Stephen Rothwell @ 2024-04-13 9:27 ` Michael Ellerman -1 siblings, 0 replies; 30+ messages in thread From: Michael Ellerman @ 2024-04-13 9:27 UTC (permalink / raw) To: Stephen Rothwell, Sean Christopherson Cc: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Will Deacon, Heiko Carstens Stephen Rothwell <sfr@canb.auug.org.au> writes: > Hi Sean, > > I noticed this commit in linux-next. > > On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: >> >> Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built >> with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly >> states that disabling SPECULATION_MITIGATIONS is supposed to turn off all >> mitigations by default. >> >> │ If you say N, all mitigations will be disabled. You really >> │ should know what you are doing to say so. >> >> As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in >> some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. >> >> Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") >> Cc: stable@vger.kernel.org >> Signed-off-by: Sean Christopherson <seanjc@google.com> >> --- >> kernel/cpu.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/kernel/cpu.c b/kernel/cpu.c >> index 8f6affd051f7..07ad53b7f119 100644 >> --- a/kernel/cpu.c >> +++ b/kernel/cpu.c >> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { >> }; >> >> static enum cpu_mitigations cpu_mitigations __ro_after_init = >> - CPU_MITIGATIONS_AUTO; >> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : >> + CPU_MITIGATIONS_OFF; >> >> static int __init mitigations_parse_cmdline(char *arg) >> { >> -- >> 2.44.0.478.gd926399ef9-goog >> > > I noticed because it turned off all mitigations for my PowerPC qemu > boot tests - probably because CONFIG_SPECULATION_MITIGATIONS only > exists in arch/x86/Kconfig ... thus for other architectures that have > cpu mitigations, this will always default them to off, right? Yep. The patch has the effect of changing the default for non-x86 arches from auto to off. I see at least powerpc, arm64 and s390 use cpu_mitigations_off() and will be affected. cheers ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-13 9:27 ` Michael Ellerman 0 siblings, 0 replies; 30+ messages in thread From: Michael Ellerman @ 2024-04-13 9:27 UTC (permalink / raw) To: Stephen Rothwell, Sean Christopherson Cc: linux-arch, x86, Will Deacon, Jonathan Corbet, Peter Zijlstra, Catalin Marinas, Heiko Carstens, Dave Hansen, linux-doc, linux-kernel, Ingo Molnar, Borislav Petkov, Pawan Gupta, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon Stephen Rothwell <sfr@canb.auug.org.au> writes: > Hi Sean, > > I noticed this commit in linux-next. > > On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: >> >> Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built >> with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly >> states that disabling SPECULATION_MITIGATIONS is supposed to turn off all >> mitigations by default. >> >> │ If you say N, all mitigations will be disabled. You really >> │ should know what you are doing to say so. >> >> As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in >> some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. >> >> Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") >> Cc: stable@vger.kernel.org >> Signed-off-by: Sean Christopherson <seanjc@google.com> >> --- >> kernel/cpu.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/kernel/cpu.c b/kernel/cpu.c >> index 8f6affd051f7..07ad53b7f119 100644 >> --- a/kernel/cpu.c >> +++ b/kernel/cpu.c >> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { >> }; >> >> static enum cpu_mitigations cpu_mitigations __ro_after_init = >> - CPU_MITIGATIONS_AUTO; >> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : >> + CPU_MITIGATIONS_OFF; >> >> static int __init mitigations_parse_cmdline(char *arg) >> { >> -- >> 2.44.0.478.gd926399ef9-goog >> > > I noticed because it turned off all mitigations for my PowerPC qemu > boot tests - probably because CONFIG_SPECULATION_MITIGATIONS only > exists in arch/x86/Kconfig ... thus for other architectures that have > cpu mitigations, this will always default them to off, right? Yep. The patch has the effect of changing the default for non-x86 arches from auto to off. I see at least powerpc, arm64 and s390 use cpu_mitigations_off() and will be affected. cheers ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-13 9:27 ` Michael Ellerman @ 2024-04-13 9:38 ` Michael Ellerman -1 siblings, 0 replies; 30+ messages in thread From: Michael Ellerman @ 2024-04-13 9:38 UTC (permalink / raw) To: Stephen Rothwell, Sean Christopherson Cc: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Will Deacon, Heiko Carstens Michael Ellerman <mpe@ellerman.id.au> writes: > Stephen Rothwell <sfr@canb.auug.org.au> writes: ... >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: ... >>> diff --git a/kernel/cpu.c b/kernel/cpu.c >>> index 8f6affd051f7..07ad53b7f119 100644 >>> --- a/kernel/cpu.c >>> +++ b/kernel/cpu.c >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { >>> }; >>> >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = >>> - CPU_MITIGATIONS_AUTO; >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : >>> + CPU_MITIGATIONS_OFF; >>> >>> static int __init mitigations_parse_cmdline(char *arg) >>> { I think a minimal workaround/fix would be: diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig index 2b8fd6bb7da0..290be2f9e909 100644 --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE config GENERIC_CPU_VULNERABILITIES bool +config SPECULATION_MITIGATIONS + def_bool y + depends on !X86 + config SOC_BUS bool select GLOB cheers ^ permalink raw reply related [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-13 9:38 ` Michael Ellerman 0 siblings, 0 replies; 30+ messages in thread From: Michael Ellerman @ 2024-04-13 9:38 UTC (permalink / raw) To: Stephen Rothwell, Sean Christopherson Cc: linux-arch, x86, Will Deacon, Jonathan Corbet, Peter Zijlstra, Catalin Marinas, Heiko Carstens, Dave Hansen, linux-doc, linux-kernel, Ingo Molnar, Borislav Petkov, Pawan Gupta, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon Michael Ellerman <mpe@ellerman.id.au> writes: > Stephen Rothwell <sfr@canb.auug.org.au> writes: ... >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: ... >>> diff --git a/kernel/cpu.c b/kernel/cpu.c >>> index 8f6affd051f7..07ad53b7f119 100644 >>> --- a/kernel/cpu.c >>> +++ b/kernel/cpu.c >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { >>> }; >>> >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = >>> - CPU_MITIGATIONS_AUTO; >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : >>> + CPU_MITIGATIONS_OFF; >>> >>> static int __init mitigations_parse_cmdline(char *arg) >>> { I think a minimal workaround/fix would be: diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig index 2b8fd6bb7da0..290be2f9e909 100644 --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE config GENERIC_CPU_VULNERABILITIES bool +config SPECULATION_MITIGATIONS + def_bool y + depends on !X86 + config SOC_BUS bool select GLOB cheers ^ permalink raw reply related [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-13 9:38 ` Michael Ellerman @ 2024-04-14 22:42 ` Stephen Rothwell -1 siblings, 0 replies; 30+ messages in thread From: Stephen Rothwell @ 2024-04-14 22:42 UTC (permalink / raw) To: Sean Christopherson Cc: Michael Ellerman, Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Will Deacon, Heiko Carstens [-- Attachment #1: Type: text/plain, Size: 1380 bytes --] Hi all, On Sat, 13 Apr 2024 19:38:47 +1000 Michael Ellerman <mpe@ellerman.id.au> wrote: > > Michael Ellerman <mpe@ellerman.id.au> writes: > > Stephen Rothwell <sfr@canb.auug.org.au> writes: > ... > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > ... > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c > >>> index 8f6affd051f7..07ad53b7f119 100644 > >>> --- a/kernel/cpu.c > >>> +++ b/kernel/cpu.c > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > >>> }; > >>> > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = > >>> - CPU_MITIGATIONS_AUTO; > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > >>> + CPU_MITIGATIONS_OFF; > >>> > >>> static int __init mitigations_parse_cmdline(char *arg) > >>> { > > I think a minimal workaround/fix would be: > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > index 2b8fd6bb7da0..290be2f9e909 100644 > --- a/drivers/base/Kconfig > +++ b/drivers/base/Kconfig > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE > config GENERIC_CPU_VULNERABILITIES > bool > > +config SPECULATION_MITIGATIONS > + def_bool y > + depends on !X86 > + > config SOC_BUS > bool > select GLOB The original commit is now in Linus' tree. -- Cheers, Stephen Rothwell [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-14 22:42 ` Stephen Rothwell 0 siblings, 0 replies; 30+ messages in thread From: Stephen Rothwell @ 2024-04-14 22:42 UTC (permalink / raw) To: Sean Christopherson Cc: linux-arch, x86, Will Deacon, Jonathan Corbet, Peter Zijlstra, Heiko Carstens, Dave Hansen, linux-doc, linux-kernel, Ingo Molnar, Borislav Petkov, Catalin Marinas, Pawan Gupta, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon [-- Attachment #1: Type: text/plain, Size: 1380 bytes --] Hi all, On Sat, 13 Apr 2024 19:38:47 +1000 Michael Ellerman <mpe@ellerman.id.au> wrote: > > Michael Ellerman <mpe@ellerman.id.au> writes: > > Stephen Rothwell <sfr@canb.auug.org.au> writes: > ... > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > ... > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c > >>> index 8f6affd051f7..07ad53b7f119 100644 > >>> --- a/kernel/cpu.c > >>> +++ b/kernel/cpu.c > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > >>> }; > >>> > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = > >>> - CPU_MITIGATIONS_AUTO; > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > >>> + CPU_MITIGATIONS_OFF; > >>> > >>> static int __init mitigations_parse_cmdline(char *arg) > >>> { > > I think a minimal workaround/fix would be: > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > index 2b8fd6bb7da0..290be2f9e909 100644 > --- a/drivers/base/Kconfig > +++ b/drivers/base/Kconfig > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE > config GENERIC_CPU_VULNERABILITIES > bool > > +config SPECULATION_MITIGATIONS > + def_bool y > + depends on !X86 > + > config SOC_BUS > bool > select GLOB The original commit is now in Linus' tree. -- Cheers, Stephen Rothwell [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-13 9:38 ` Michael Ellerman @ 2024-04-15 11:16 ` Geert Uytterhoeven -1 siblings, 0 replies; 30+ messages in thread From: Geert Uytterhoeven @ 2024-04-15 11:16 UTC (permalink / raw) To: Michael Ellerman Cc: Stephen Rothwell, Sean Christopherson, Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Will Deacon, Heiko Carstens, Linux-Renesas Hi Michael, On Sat, Apr 13, 2024 at 11:38 AM Michael Ellerman <mpe@ellerman.id.au> wrote: > Michael Ellerman <mpe@ellerman.id.au> writes: > > Stephen Rothwell <sfr@canb.auug.org.au> writes: > ... > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > ... > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c > >>> index 8f6affd051f7..07ad53b7f119 100644 > >>> --- a/kernel/cpu.c > >>> +++ b/kernel/cpu.c > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > >>> }; > >>> > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = > >>> - CPU_MITIGATIONS_AUTO; > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > >>> + CPU_MITIGATIONS_OFF; > >>> > >>> static int __init mitigations_parse_cmdline(char *arg) > >>> { > > I think a minimal workaround/fix would be: > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > index 2b8fd6bb7da0..290be2f9e909 100644 > --- a/drivers/base/Kconfig > +++ b/drivers/base/Kconfig > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE > config GENERIC_CPU_VULNERABILITIES > bool > > +config SPECULATION_MITIGATIONS > + def_bool y > + depends on !X86 > + > config SOC_BUS > bool > select GLOB Thanks, that works for me (on arm64), so Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-15 11:16 ` Geert Uytterhoeven 0 siblings, 0 replies; 30+ messages in thread From: Geert Uytterhoeven @ 2024-04-15 11:16 UTC (permalink / raw) To: Michael Ellerman Cc: linux-arch, Stephen Rothwell, x86, Will Deacon, Jonathan Corbet, Peter Zijlstra, Sean Christopherson, Heiko Carstens, Dave Hansen, linux-doc, linux-kernel, Linux-Renesas, Ingo Molnar, Borislav Petkov, Catalin Marinas, Pawan Gupta, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon Hi Michael, On Sat, Apr 13, 2024 at 11:38 AM Michael Ellerman <mpe@ellerman.id.au> wrote: > Michael Ellerman <mpe@ellerman.id.au> writes: > > Stephen Rothwell <sfr@canb.auug.org.au> writes: > ... > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > ... > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c > >>> index 8f6affd051f7..07ad53b7f119 100644 > >>> --- a/kernel/cpu.c > >>> +++ b/kernel/cpu.c > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > >>> }; > >>> > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = > >>> - CPU_MITIGATIONS_AUTO; > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > >>> + CPU_MITIGATIONS_OFF; > >>> > >>> static int __init mitigations_parse_cmdline(char *arg) > >>> { > > I think a minimal workaround/fix would be: > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > index 2b8fd6bb7da0..290be2f9e909 100644 > --- a/drivers/base/Kconfig > +++ b/drivers/base/Kconfig > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE > config GENERIC_CPU_VULNERABILITIES > bool > > +config SPECULATION_MITIGATIONS > + def_bool y > + depends on !X86 > + > config SOC_BUS > bool > select GLOB Thanks, that works for me (on arm64), so Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-15 11:16 ` Geert Uytterhoeven @ 2024-04-15 14:31 ` Sean Christopherson -1 siblings, 0 replies; 30+ messages in thread From: Sean Christopherson @ 2024-04-15 14:31 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Michael Ellerman, Stephen Rothwell, Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Will Deacon, Heiko Carstens, Linux-Renesas On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: > Hi Michael, > > On Sat, Apr 13, 2024 at 11:38 AM Michael Ellerman <mpe@ellerman.id.au> wrote: > > Michael Ellerman <mpe@ellerman.id.au> writes: > > > Stephen Rothwell <sfr@canb.auug.org.au> writes: > > ... > > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > > ... > > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c > > >>> index 8f6affd051f7..07ad53b7f119 100644 > > >>> --- a/kernel/cpu.c > > >>> +++ b/kernel/cpu.c > > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > > >>> }; > > >>> > > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = > > >>> - CPU_MITIGATIONS_AUTO; > > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > > >>> + CPU_MITIGATIONS_OFF; > > >>> > > >>> static int __init mitigations_parse_cmdline(char *arg) > > >>> { > > > > I think a minimal workaround/fix would be: > > > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > > index 2b8fd6bb7da0..290be2f9e909 100644 > > --- a/drivers/base/Kconfig > > +++ b/drivers/base/Kconfig > > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE > > config GENERIC_CPU_VULNERABILITIES > > bool > > > > +config SPECULATION_MITIGATIONS > > + def_bool y > > + depends on !X86 > > + > > config SOC_BUS > > bool > > select GLOB > > Thanks, that works for me (on arm64), so > Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think of better solution than an on-by-default generic Kconfig, though can't that it more simply be: diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig index 2b8fd6bb7da0..5930cb56ee29 100644 --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE config GENERIC_CPU_VULNERABILITIES bool +config SPECULATION_MITIGATIONS + def_bool !X86 + config SOC_BUS bool select GLOB ^ permalink raw reply related [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-15 14:31 ` Sean Christopherson 0 siblings, 0 replies; 30+ messages in thread From: Sean Christopherson @ 2024-04-15 14:31 UTC (permalink / raw) To: Geert Uytterhoeven Cc: linux-arch, Stephen Rothwell, x86, Will Deacon, Jonathan Corbet, Peter Zijlstra, Heiko Carstens, Dave Hansen, linux-doc, linux-kernel, Linux-Renesas, Ingo Molnar, Borislav Petkov, Catalin Marinas, Pawan Gupta, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: > Hi Michael, > > On Sat, Apr 13, 2024 at 11:38 AM Michael Ellerman <mpe@ellerman.id.au> wrote: > > Michael Ellerman <mpe@ellerman.id.au> writes: > > > Stephen Rothwell <sfr@canb.auug.org.au> writes: > > ... > > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > > ... > > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c > > >>> index 8f6affd051f7..07ad53b7f119 100644 > > >>> --- a/kernel/cpu.c > > >>> +++ b/kernel/cpu.c > > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > > >>> }; > > >>> > > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = > > >>> - CPU_MITIGATIONS_AUTO; > > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > > >>> + CPU_MITIGATIONS_OFF; > > >>> > > >>> static int __init mitigations_parse_cmdline(char *arg) > > >>> { > > > > I think a minimal workaround/fix would be: > > > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > > index 2b8fd6bb7da0..290be2f9e909 100644 > > --- a/drivers/base/Kconfig > > +++ b/drivers/base/Kconfig > > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE > > config GENERIC_CPU_VULNERABILITIES > > bool > > > > +config SPECULATION_MITIGATIONS > > + def_bool y > > + depends on !X86 > > + > > config SOC_BUS > > bool > > select GLOB > > Thanks, that works for me (on arm64), so > Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think of better solution than an on-by-default generic Kconfig, though can't that it more simply be: diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig index 2b8fd6bb7da0..5930cb56ee29 100644 --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE config GENERIC_CPU_VULNERABILITIES bool +config SPECULATION_MITIGATIONS + def_bool !X86 + config SOC_BUS bool select GLOB ^ permalink raw reply related [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-15 14:31 ` Sean Christopherson @ 2024-04-16 11:06 ` Michael Ellerman -1 siblings, 0 replies; 30+ messages in thread From: Michael Ellerman @ 2024-04-16 11:06 UTC (permalink / raw) To: Sean Christopherson, Geert Uytterhoeven Cc: Stephen Rothwell, Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Will Deacon, Heiko Carstens, Linux-Renesas Sean Christopherson <seanjc@google.com> writes: > On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: >> On Sat, Apr 13, 2024 at 11:38 AM Michael Ellerman <mpe@ellerman.id.au> wrote: >> > Michael Ellerman <mpe@ellerman.id.au> writes: >> > > Stephen Rothwell <sfr@canb.auug.org.au> writes: >> > ... >> > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: >> > ... >> > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c >> > >>> index 8f6affd051f7..07ad53b7f119 100644 >> > >>> --- a/kernel/cpu.c >> > >>> +++ b/kernel/cpu.c >> > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { >> > >>> }; >> > >>> >> > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = >> > >>> - CPU_MITIGATIONS_AUTO; >> > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : >> > >>> + CPU_MITIGATIONS_OFF; >> > >>> >> > >>> static int __init mitigations_parse_cmdline(char *arg) >> > >>> { >> > >> > I think a minimal workaround/fix would be: >> > >> > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig >> > index 2b8fd6bb7da0..290be2f9e909 100644 >> > --- a/drivers/base/Kconfig >> > +++ b/drivers/base/Kconfig >> > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE >> > config GENERIC_CPU_VULNERABILITIES >> > bool >> > >> > +config SPECULATION_MITIGATIONS >> > + def_bool y >> > + depends on !X86 >> > + >> > config SOC_BUS >> > bool >> > select GLOB >> >> Thanks, that works for me (on arm64), so >> Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> > > Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think > of better solution than an on-by-default generic Kconfig, though can't that it > more simply be: > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > index 2b8fd6bb7da0..5930cb56ee29 100644 > --- a/drivers/base/Kconfig > +++ b/drivers/base/Kconfig > @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE > config GENERIC_CPU_VULNERABILITIES > bool > > +config SPECULATION_MITIGATIONS > + def_bool !X86 > + Yeah that works too. cheers ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-16 11:06 ` Michael Ellerman 0 siblings, 0 replies; 30+ messages in thread From: Michael Ellerman @ 2024-04-16 11:06 UTC (permalink / raw) To: Sean Christopherson, Geert Uytterhoeven Cc: linux-arch, Stephen Rothwell, x86, Will Deacon, Jonathan Corbet, Peter Zijlstra, Catalin Marinas, Heiko Carstens, Dave Hansen, linux-doc, linux-kernel, Linux-Renesas, Ingo Molnar, Borislav Petkov, Pawan Gupta, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon Sean Christopherson <seanjc@google.com> writes: > On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: >> On Sat, Apr 13, 2024 at 11:38 AM Michael Ellerman <mpe@ellerman.id.au> wrote: >> > Michael Ellerman <mpe@ellerman.id.au> writes: >> > > Stephen Rothwell <sfr@canb.auug.org.au> writes: >> > ... >> > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: >> > ... >> > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c >> > >>> index 8f6affd051f7..07ad53b7f119 100644 >> > >>> --- a/kernel/cpu.c >> > >>> +++ b/kernel/cpu.c >> > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { >> > >>> }; >> > >>> >> > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = >> > >>> - CPU_MITIGATIONS_AUTO; >> > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : >> > >>> + CPU_MITIGATIONS_OFF; >> > >>> >> > >>> static int __init mitigations_parse_cmdline(char *arg) >> > >>> { >> > >> > I think a minimal workaround/fix would be: >> > >> > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig >> > index 2b8fd6bb7da0..290be2f9e909 100644 >> > --- a/drivers/base/Kconfig >> > +++ b/drivers/base/Kconfig >> > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE >> > config GENERIC_CPU_VULNERABILITIES >> > bool >> > >> > +config SPECULATION_MITIGATIONS >> > + def_bool y >> > + depends on !X86 >> > + >> > config SOC_BUS >> > bool >> > select GLOB >> >> Thanks, that works for me (on arm64), so >> Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> > > Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think > of better solution than an on-by-default generic Kconfig, though can't that it > more simply be: > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > index 2b8fd6bb7da0..5930cb56ee29 100644 > --- a/drivers/base/Kconfig > +++ b/drivers/base/Kconfig > @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE > config GENERIC_CPU_VULNERABILITIES > bool > > +config SPECULATION_MITIGATIONS > + def_bool !X86 > + Yeah that works too. cheers ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-15 14:31 ` Sean Christopherson @ 2024-04-19 14:03 ` Will Deacon -1 siblings, 0 replies; 30+ messages in thread From: Will Deacon @ 2024-04-19 14:03 UTC (permalink / raw) To: Sean Christopherson Cc: Geert Uytterhoeven, Michael Ellerman, Stephen Rothwell, Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Heiko Carstens, Linux-Renesas On Mon, Apr 15, 2024 at 07:31:23AM -0700, Sean Christopherson wrote: > On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: > > On Sat, Apr 13, 2024 at 11:38 AM Michael Ellerman <mpe@ellerman.id.au> wrote: > > > Michael Ellerman <mpe@ellerman.id.au> writes: > > > > Stephen Rothwell <sfr@canb.auug.org.au> writes: > > > ... > > > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > > > ... > > > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c > > > >>> index 8f6affd051f7..07ad53b7f119 100644 > > > >>> --- a/kernel/cpu.c > > > >>> +++ b/kernel/cpu.c > > > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > > > >>> }; > > > >>> > > > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = > > > >>> - CPU_MITIGATIONS_AUTO; > > > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > > > >>> + CPU_MITIGATIONS_OFF; > > > >>> > > > >>> static int __init mitigations_parse_cmdline(char *arg) > > > >>> { > > > > > > I think a minimal workaround/fix would be: > > > > > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > > > index 2b8fd6bb7da0..290be2f9e909 100644 > > > --- a/drivers/base/Kconfig > > > +++ b/drivers/base/Kconfig > > > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE > > > config GENERIC_CPU_VULNERABILITIES > > > bool > > > > > > +config SPECULATION_MITIGATIONS > > > + def_bool y > > > + depends on !X86 > > > + > > > config SOC_BUS > > > bool > > > select GLOB > > > > Thanks, that works for me (on arm64), so > > Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> > > Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think > of better solution than an on-by-default generic Kconfig, though can't that it > more simply be: > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > index 2b8fd6bb7da0..5930cb56ee29 100644 > --- a/drivers/base/Kconfig > +++ b/drivers/base/Kconfig > @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE > config GENERIC_CPU_VULNERABILITIES > bool > > +config SPECULATION_MITIGATIONS > + def_bool !X86 > + > config SOC_BUS > bool > select GLOB I can't see this in -next yet. Do you plan to post it as a proper patch to collect acks etc? Cheers, Will ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-19 14:03 ` Will Deacon 0 siblings, 0 replies; 30+ messages in thread From: Will Deacon @ 2024-04-19 14:03 UTC (permalink / raw) To: Sean Christopherson Cc: linux-arch, Stephen Rothwell, x86, Jonathan Corbet, Peter Zijlstra, Pawan Gupta, Dave Hansen, linux-doc, linux-kernel, Linux-Renesas, Heiko Carstens, Ingo Molnar, Geert Uytterhoeven, Catalin Marinas, Borislav Petkov, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon On Mon, Apr 15, 2024 at 07:31:23AM -0700, Sean Christopherson wrote: > On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: > > On Sat, Apr 13, 2024 at 11:38 AM Michael Ellerman <mpe@ellerman.id.au> wrote: > > > Michael Ellerman <mpe@ellerman.id.au> writes: > > > > Stephen Rothwell <sfr@canb.auug.org.au> writes: > > > ... > > > >> On Tue, 9 Apr 2024 10:51:05 -0700 Sean Christopherson <seanjc@google.com> wrote: > > > ... > > > >>> diff --git a/kernel/cpu.c b/kernel/cpu.c > > > >>> index 8f6affd051f7..07ad53b7f119 100644 > > > >>> --- a/kernel/cpu.c > > > >>> +++ b/kernel/cpu.c > > > >>> @@ -3207,7 +3207,8 @@ enum cpu_mitigations { > > > >>> }; > > > >>> > > > >>> static enum cpu_mitigations cpu_mitigations __ro_after_init = > > > >>> - CPU_MITIGATIONS_AUTO; > > > >>> + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : > > > >>> + CPU_MITIGATIONS_OFF; > > > >>> > > > >>> static int __init mitigations_parse_cmdline(char *arg) > > > >>> { > > > > > > I think a minimal workaround/fix would be: > > > > > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > > > index 2b8fd6bb7da0..290be2f9e909 100644 > > > --- a/drivers/base/Kconfig > > > +++ b/drivers/base/Kconfig > > > @@ -191,6 +191,10 @@ config GENERIC_CPU_AUTOPROBE > > > config GENERIC_CPU_VULNERABILITIES > > > bool > > > > > > +config SPECULATION_MITIGATIONS > > > + def_bool y > > > + depends on !X86 > > > + > > > config SOC_BUS > > > bool > > > select GLOB > > > > Thanks, that works for me (on arm64), so > > Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> > > Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think > of better solution than an on-by-default generic Kconfig, though can't that it > more simply be: > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > index 2b8fd6bb7da0..5930cb56ee29 100644 > --- a/drivers/base/Kconfig > +++ b/drivers/base/Kconfig > @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE > config GENERIC_CPU_VULNERABILITIES > bool > > +config SPECULATION_MITIGATIONS > + def_bool !X86 > + > config SOC_BUS > bool > select GLOB I can't see this in -next yet. Do you plan to post it as a proper patch to collect acks etc? Cheers, Will ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-19 14:03 ` Will Deacon @ 2024-04-19 14:06 ` Sean Christopherson -1 siblings, 0 replies; 30+ messages in thread From: Sean Christopherson @ 2024-04-19 14:06 UTC (permalink / raw) To: Will Deacon Cc: Geert Uytterhoeven, Michael Ellerman, Stephen Rothwell, Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Heiko Carstens, Linux-Renesas On Fri, Apr 19, 2024, Will Deacon wrote: > On Mon, Apr 15, 2024 at 07:31:23AM -0700, Sean Christopherson wrote: > > On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: > > Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think > > of better solution than an on-by-default generic Kconfig, though can't that it > > more simply be: > > > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > > index 2b8fd6bb7da0..5930cb56ee29 100644 > > --- a/drivers/base/Kconfig > > +++ b/drivers/base/Kconfig > > @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE > > config GENERIC_CPU_VULNERABILITIES > > bool > > > > +config SPECULATION_MITIGATIONS > > + def_bool !X86 > > + > > config SOC_BUS > > bool > > select GLOB > > I can't see this in -next yet. Do you plan to post it as a proper patch > to collect acks etc? Sorry, I neglected to Cc everyone. https://lore.kernel.org/all/20240417001507.2264512-2-seanjc@google.com ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-19 14:06 ` Sean Christopherson 0 siblings, 0 replies; 30+ messages in thread From: Sean Christopherson @ 2024-04-19 14:06 UTC (permalink / raw) To: Will Deacon Cc: linux-arch, Stephen Rothwell, x86, Jonathan Corbet, Peter Zijlstra, Pawan Gupta, Dave Hansen, linux-doc, linux-kernel, Linux-Renesas, Heiko Carstens, Ingo Molnar, Geert Uytterhoeven, Catalin Marinas, Borislav Petkov, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon On Fri, Apr 19, 2024, Will Deacon wrote: > On Mon, Apr 15, 2024 at 07:31:23AM -0700, Sean Christopherson wrote: > > On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: > > Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think > > of better solution than an on-by-default generic Kconfig, though can't that it > > more simply be: > > > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > > index 2b8fd6bb7da0..5930cb56ee29 100644 > > --- a/drivers/base/Kconfig > > +++ b/drivers/base/Kconfig > > @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE > > config GENERIC_CPU_VULNERABILITIES > > bool > > > > +config SPECULATION_MITIGATIONS > > + def_bool !X86 > > + > > config SOC_BUS > > bool > > select GLOB > > I can't see this in -next yet. Do you plan to post it as a proper patch > to collect acks etc? Sorry, I neglected to Cc everyone. https://lore.kernel.org/all/20240417001507.2264512-2-seanjc@google.com ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-19 14:06 ` Sean Christopherson @ 2024-04-19 14:38 ` Will Deacon -1 siblings, 0 replies; 30+ messages in thread From: Will Deacon @ 2024-04-19 14:38 UTC (permalink / raw) To: Sean Christopherson Cc: Geert Uytterhoeven, Michael Ellerman, Stephen Rothwell, Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, linuxppc-dev, linux-arch, Catalin Marinas, Heiko Carstens, Linux-Renesas On Fri, Apr 19, 2024 at 07:06:00AM -0700, Sean Christopherson wrote: > On Fri, Apr 19, 2024, Will Deacon wrote: > > On Mon, Apr 15, 2024 at 07:31:23AM -0700, Sean Christopherson wrote: > > > On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: > > > Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think > > > of better solution than an on-by-default generic Kconfig, though can't that it > > > more simply be: > > > > > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > > > index 2b8fd6bb7da0..5930cb56ee29 100644 > > > --- a/drivers/base/Kconfig > > > +++ b/drivers/base/Kconfig > > > @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE > > > config GENERIC_CPU_VULNERABILITIES > > > bool > > > > > > +config SPECULATION_MITIGATIONS > > > + def_bool !X86 > > > + > > > config SOC_BUS > > > bool > > > select GLOB > > > > I can't see this in -next yet. Do you plan to post it as a proper patch > > to collect acks etc? > > Sorry, I neglected to Cc everyone. > > https://lore.kernel.org/all/20240417001507.2264512-2-seanjc@google.com Ah, thanks. I'll go Ack that... Will ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-19 14:38 ` Will Deacon 0 siblings, 0 replies; 30+ messages in thread From: Will Deacon @ 2024-04-19 14:38 UTC (permalink / raw) To: Sean Christopherson Cc: linux-arch, Stephen Rothwell, x86, Jonathan Corbet, Peter Zijlstra, Pawan Gupta, Dave Hansen, linux-doc, linux-kernel, Linux-Renesas, Heiko Carstens, Ingo Molnar, Geert Uytterhoeven, Catalin Marinas, Borislav Petkov, Thomas Gleixner, linuxppc-dev, Josh Poimboeuf, Daniel Sneddon On Fri, Apr 19, 2024 at 07:06:00AM -0700, Sean Christopherson wrote: > On Fri, Apr 19, 2024, Will Deacon wrote: > > On Mon, Apr 15, 2024 at 07:31:23AM -0700, Sean Christopherson wrote: > > > On Mon, Apr 15, 2024, Geert Uytterhoeven wrote: > > > Oof. I completely missed that "cpu_mitigations" wasn't x86-only. I can't think > > > of better solution than an on-by-default generic Kconfig, though can't that it > > > more simply be: > > > > > > diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig > > > index 2b8fd6bb7da0..5930cb56ee29 100644 > > > --- a/drivers/base/Kconfig > > > +++ b/drivers/base/Kconfig > > > @@ -191,6 +191,9 @@ config GENERIC_CPU_AUTOPROBE > > > config GENERIC_CPU_VULNERABILITIES > > > bool > > > > > > +config SPECULATION_MITIGATIONS > > > + def_bool !X86 > > > + > > > config SOC_BUS > > > bool > > > select GLOB > > > > I can't see this in -next yet. Do you plan to post it as a proper patch > > to collect acks etc? > > Sorry, I neglected to Cc everyone. > > https://lore.kernel.org/all/20240417001507.2264512-2-seanjc@google.com Ah, thanks. I'll go Ack that... Will ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n 2024-04-09 17:51 ` [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Sean Christopherson @ 2024-04-15 11:13 ` Geert Uytterhoeven 2024-04-13 1:53 ` Stephen Rothwell 2024-04-15 11:13 ` Geert Uytterhoeven 2 siblings, 0 replies; 30+ messages in thread From: Geert Uytterhoeven @ 2024-04-15 11:13 UTC (permalink / raw) To: Sean Christopherson Cc: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, Catalin Marinas, Will Deacon, Linux ARM, Linux-Renesas Hi Sean, On Tue, Apr 9, 2024 at 7:51 PM Sean Christopherson <seanjc@google.com> wrote: > Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built > with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly > states that disabling SPECULATION_MITIGATIONS is supposed to turn off all > mitigations by default. > > │ If you say N, all mitigations will be disabled. You really > │ should know what you are doing to say so. > > As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in > some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. > > Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") > Cc: stable@vger.kernel.org > Signed-off-by: Sean Christopherson <seanjc@google.com> Thanks for your patch, which is now commit f337a6a21e2fd67e ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") in v6.9-rc4. This causes the following suspicious messages on R-Car H3: CPU features: kernel page table isolation forced OFF by mitigations=off spectre-v4 mitigation disabled by command-line option spectre-v2 mitigation disabled by command line option spectre-v2 mitigation disabled by command line option and R-Car V4H: CPU features: kernel page table isolation forced OFF by mitigations=off spectre-v4 mitigation disabled by command-line option spectre-bhb mitigation disabled by command line option spectre-bhb mitigation disabled by command line option Interestingly, no mitigations are disabled on the command-line. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n @ 2024-04-15 11:13 ` Geert Uytterhoeven 0 siblings, 0 replies; 30+ messages in thread From: Geert Uytterhoeven @ 2024-04-15 11:13 UTC (permalink / raw) To: Sean Christopherson Cc: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon, Catalin Marinas, Will Deacon, Linux ARM, Linux-Renesas Hi Sean, On Tue, Apr 9, 2024 at 7:51 PM Sean Christopherson <seanjc@google.com> wrote: > Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built > with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly > states that disabling SPECULATION_MITIGATIONS is supposed to turn off all > mitigations by default. > > │ If you say N, all mitigations will be disabled. You really > │ should know what you are doing to say so. > > As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in > some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. > > Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") > Cc: stable@vger.kernel.org > Signed-off-by: Sean Christopherson <seanjc@google.com> Thanks for your patch, which is now commit f337a6a21e2fd67e ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") in v6.9-rc4. This causes the following suspicious messages on R-Car H3: CPU features: kernel page table isolation forced OFF by mitigations=off spectre-v4 mitigation disabled by command-line option spectre-v2 mitigation disabled by command line option spectre-v2 mitigation disabled by command line option and R-Car V4H: CPU features: kernel page table isolation forced OFF by mitigations=off spectre-v4 mitigation disabled by command-line option spectre-bhb mitigation disabled by command line option spectre-bhb mitigation disabled by command line option Interestingly, no mitigations are disabled on the command-line. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 30+ messages in thread
* [PATCH 2/3] x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n 2024-04-09 17:51 [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels Sean Christopherson 2024-04-09 17:51 ` [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Sean Christopherson @ 2024-04-09 17:51 ` Sean Christopherson 2024-04-10 14:31 ` [tip: x86/urgent] " tip-bot2 for Sean Christopherson 2024-04-09 17:51 ` [PATCH 3/3] x86/cpu: Ignore "mitigations" kernel parameter if SPECULATION_MITIGATIONS=n Sean Christopherson 2024-04-09 18:55 ` [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels Daniel Sneddon 3 siblings, 1 reply; 30+ messages in thread From: Sean Christopherson @ 2024-04-09 17:51 UTC (permalink / raw) To: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf Cc: linux-doc, linux-kernel, Sean Christopherson, Pawan Gupta, Daniel Sneddon Rework the initialization of bhi_mitigation to use positive CONFIG tests for the ON/AUTO cases so that lack of *any* CONFIG_SPECTRE_BHI_* #define, i.e. when the kernel is built with CONFIG_SPECULATION_MITIGATIONS=n, results in the mitigation being OFF by default, not AUTO. Per the help text for SPECULATION_MITIGATIONS, the intent is that 'N' disables all mitigations. Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") Cc: stable@vger.kernel.org Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Cc: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Sean Christopherson <seanjc@google.com> --- arch/x86/kernel/cpu/bugs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 295463707e68..e1775debeafe 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1630,9 +1630,9 @@ enum bhi_mitigations { }; static enum bhi_mitigations bhi_mitigation __ro_after_init = - IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : - IS_ENABLED(CONFIG_SPECTRE_BHI_OFF) ? BHI_MITIGATION_OFF : - BHI_MITIGATION_AUTO; + IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : + IS_ENABLED(CONFIG_SPECTRE_BHI_AUTO) ? BHI_MITIGATION_AUTO : + BHI_MITIGATION_OFF; static int __init spectre_bhi_parse_cmdline(char *str) { -- 2.44.0.478.gd926399ef9-goog ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [tip: x86/urgent] x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n 2024-04-09 17:51 ` [PATCH 2/3] x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n Sean Christopherson @ 2024-04-10 14:31 ` tip-bot2 for Sean Christopherson 0 siblings, 0 replies; 30+ messages in thread From: tip-bot2 for Sean Christopherson @ 2024-04-10 14:31 UTC (permalink / raw) To: linux-tip-commits Cc: Sean Christopherson, Ingo Molnar, Daniel Sneddon, stable, Linus Torvalds, x86, linux-kernel The following commit has been merged into the x86/urgent branch of tip: Commit-ID: e8f2ec1cc10e86adfc2089fb93a1158e69989bbd Gitweb: https://git.kernel.org/tip/e8f2ec1cc10e86adfc2089fb93a1158e69989bbd Author: Sean Christopherson <seanjc@google.com> AuthorDate: Tue, 09 Apr 2024 10:51:06 -07:00 Committer: Ingo Molnar <mingo@kernel.org> CommitterDate: Wed, 10 Apr 2024 16:22:56 +02:00 x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n Rework the initialization of bhi_mitigation to use positive CONFIG tests for the ON/AUTO cases so that lack of *any* CONFIG_SPECTRE_BHI_* #define, i.e. when the kernel is built with CONFIG_SPECULATION_MITIGATIONS=n, results in the mitigation being OFF by default, not AUTO. Per the help text for SPECULATION_MITIGATIONS, the intent is that 'N' disables all mitigations. Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Cc: stable@vger.kernel.org Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: https://lore.kernel.org/r/20240409175108.1512861-3-seanjc@google.com --- arch/x86/kernel/cpu/bugs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 27f5004..7e4a706 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1630,9 +1630,9 @@ enum bhi_mitigations { }; static enum bhi_mitigations bhi_mitigation __ro_after_init = - IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : - IS_ENABLED(CONFIG_SPECTRE_BHI_OFF) ? BHI_MITIGATION_OFF : - BHI_MITIGATION_AUTO; + IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : + IS_ENABLED(CONFIG_SPECTRE_BHI_AUTO) ? BHI_MITIGATION_AUTO : + BHI_MITIGATION_OFF; static int __init spectre_bhi_parse_cmdline(char *str) { ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [PATCH 3/3] x86/cpu: Ignore "mitigations" kernel parameter if SPECULATION_MITIGATIONS=n 2024-04-09 17:51 [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels Sean Christopherson 2024-04-09 17:51 ` [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Sean Christopherson 2024-04-09 17:51 ` [PATCH 2/3] x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n Sean Christopherson @ 2024-04-09 17:51 ` Sean Christopherson 2024-04-10 14:18 ` Ingo Molnar 2024-04-09 18:55 ` [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels Daniel Sneddon 3 siblings, 1 reply; 30+ messages in thread From: Sean Christopherson @ 2024-04-09 17:51 UTC (permalink / raw) To: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf Cc: linux-doc, linux-kernel, Sean Christopherson, Pawan Gupta, Daniel Sneddon Explicitly disallow enabling mitigations at runtime for kernels that were built with CONFIG_SPECULATION_MITIGATIONS=n. Because more Kconfigs are buried behind SPECULATION_MITIGATIONS, trying to provide sane behavior for retroactively enabling mitigations is extremely difficult, bordering on impossible. E.g. page table isolation and call depth tracking requrie build-time support, BHI mitigations will still be off without additional kernel parameters, etc. Signed-off-by: Sean Christopherson <seanjc@google.com> --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/x86/Kconfig | 10 +++++++--- kernel/cpu.c | 2 ++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 70046a019d42..7d623df11a1a 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -3423,6 +3423,9 @@ arch-independent options, each of which is an aggregation of existing arch-specific options. + Note, "mitigations" is supported on x86 if and only if + the kernel was built with SPECULATION_MITIGATIONS=y. + off Disable all optional CPU mitigations. This improves system performance, but it may also diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 10a6251f58f3..f4e4dd360636 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2493,10 +2493,14 @@ menuconfig SPECULATION_MITIGATIONS default y help Say Y here to enable options which enable mitigations for - speculative execution hardware vulnerabilities. + speculative execution hardware vulnerabilities. Mitigations can + be disabled or restricted to SMT systems at runtime via the + "mitigations" kernel parameter. - If you say N, all mitigations will be disabled. You really - should know what you are doing to say so. + If you say N, all mitigations will be disabled. This CANNOT be + overridden at runtime. + + Say 'Y', unless you really know what you are doing. if SPECULATION_MITIGATIONS diff --git a/kernel/cpu.c b/kernel/cpu.c index 07ad53b7f119..d445763d8047 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3214,6 +3214,8 @@ static int __init mitigations_parse_cmdline(char *arg) { if (!strcmp(arg, "off")) cpu_mitigations = CPU_MITIGATIONS_OFF; + else if (!IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS)) + pr_crit("Kernel compiled without mitigations, system may still be vulnerable\n"); else if (!strcmp(arg, "auto")) cpu_mitigations = CPU_MITIGATIONS_AUTO; else if (!strcmp(arg, "auto,nosmt")) -- 2.44.0.478.gd926399ef9-goog ^ permalink raw reply related [flat|nested] 30+ messages in thread
* Re: [PATCH 3/3] x86/cpu: Ignore "mitigations" kernel parameter if SPECULATION_MITIGATIONS=n 2024-04-09 17:51 ` [PATCH 3/3] x86/cpu: Ignore "mitigations" kernel parameter if SPECULATION_MITIGATIONS=n Sean Christopherson @ 2024-04-10 14:18 ` Ingo Molnar 0 siblings, 0 replies; 30+ messages in thread From: Ingo Molnar @ 2024-04-10 14:18 UTC (permalink / raw) To: Sean Christopherson Cc: Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf, linux-doc, linux-kernel, Pawan Gupta, Daniel Sneddon * Sean Christopherson <seanjc@google.com> wrote: > Explicitly disallow enabling mitigations at runtime for kernels that were > built with CONFIG_SPECULATION_MITIGATIONS=n. Because more Kconfigs are > buried behind SPECULATION_MITIGATIONS, trying to provide sane behavior for > retroactively enabling mitigations is extremely difficult, bordering on > impossible. E.g. page table isolation and call depth tracking requrie > build-time support, BHI mitigations will still be off without additional > kernel parameters, etc. > > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > Documentation/admin-guide/kernel-parameters.txt | 3 +++ > arch/x86/Kconfig | 10 +++++++--- > kernel/cpu.c | 2 ++ > 3 files changed, 12 insertions(+), 3 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index 70046a019d42..7d623df11a1a 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -3423,6 +3423,9 @@ > arch-independent options, each of which is an > aggregation of existing arch-specific options. > > + Note, "mitigations" is supported on x86 if and only if > + the kernel was built with SPECULATION_MITIGATIONS=y. > + > off > Disable all optional CPU mitigations. This > improves system performance, but it may also > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 10a6251f58f3..f4e4dd360636 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2493,10 +2493,14 @@ menuconfig SPECULATION_MITIGATIONS > default y > help > Say Y here to enable options which enable mitigations for > - speculative execution hardware vulnerabilities. > + speculative execution hardware vulnerabilities. Mitigations can > + be disabled or restricted to SMT systems at runtime via the > + "mitigations" kernel parameter. > > - If you say N, all mitigations will be disabled. You really > - should know what you are doing to say so. > + If you say N, all mitigations will be disabled. This CANNOT be > + overridden at runtime. > + > + Say 'Y', unless you really know what you are doing. > > if SPECULATION_MITIGATIONS > > diff --git a/kernel/cpu.c b/kernel/cpu.c > index 07ad53b7f119..d445763d8047 100644 > --- a/kernel/cpu.c > +++ b/kernel/cpu.c > @@ -3214,6 +3214,8 @@ static int __init mitigations_parse_cmdline(char *arg) > { > if (!strcmp(arg, "off")) > cpu_mitigations = CPU_MITIGATIONS_OFF; > + else if (!IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS)) > + pr_crit("Kernel compiled without mitigations, system may still be vulnerable\n"); This doesn't really make it clear that the kernel is actively ignoring the mitigations= command line. I think something like this would be more clear: > + pr_crit("Kernel compiled without mitigations, ignoring mitigations= boot option. System may still be vulnerable\n"); Thanks, Ingo ^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels 2024-04-09 17:51 [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels Sean Christopherson ` (2 preceding siblings ...) 2024-04-09 17:51 ` [PATCH 3/3] x86/cpu: Ignore "mitigations" kernel parameter if SPECULATION_MITIGATIONS=n Sean Christopherson @ 2024-04-09 18:55 ` Daniel Sneddon 3 siblings, 0 replies; 30+ messages in thread From: Daniel Sneddon @ 2024-04-09 18:55 UTC (permalink / raw) To: Sean Christopherson, Jonathan Corbet, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, Peter Zijlstra, Josh Poimboeuf Cc: linux-doc, linux-kernel, Pawan Gupta On 4/9/24 10:51, Sean Christopherson wrote: > Fix the handling of SPECULATION_MITIGATIONS=n so that it actually does > what it says it does: disable any and all mitigations. > > And because I don't see a way to provide sane behavior for overriding > SPECULATION_MITIGATIONS=n at runtime, explicitly disallow doing so via > the "mitigations" kernel parameter, e.g. so that the user at least knows > that their system is still likely vulnerable to a variety of issues. > > Sean Christopherson (3): > x86/cpu: Actually turn off mitigations by default for > SPECULATION_MITIGATIONS=n > x86/cpu: Disable BHI mitigation by default when > SPECULATION_MITIGATIONS=n > x86/cpu: Ignore "mitigations" kernel parameter if > SPECULATION_MITIGATIONS=n > > Documentation/admin-guide/kernel-parameters.txt | 3 +++ > arch/x86/Kconfig | 10 +++++++--- > arch/x86/kernel/cpu/bugs.c | 6 +++--- > kernel/cpu.c | 5 ++++- > 4 files changed, 17 insertions(+), 7 deletions(-) > > > base-commit: 2c71fdf02a95b3dd425b42f28fd47fb2b1d22702 Reviewed-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> ^ permalink raw reply [flat|nested] 30+ messages in thread
end of thread, other threads:[~2024-04-19 14:39 UTC | newest] Thread overview: 30+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-04-09 17:51 [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels Sean Christopherson 2024-04-09 17:51 ` [PATCH 1/3] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Sean Christopherson 2024-04-10 14:31 ` [tip: x86/urgent] " tip-bot2 for Sean Christopherson 2024-04-13 1:53 ` [PATCH 1/3] " Stephen Rothwell 2024-04-13 1:53 ` Stephen Rothwell 2024-04-13 9:27 ` Michael Ellerman 2024-04-13 9:27 ` Michael Ellerman 2024-04-13 9:38 ` Michael Ellerman 2024-04-13 9:38 ` Michael Ellerman 2024-04-14 22:42 ` Stephen Rothwell 2024-04-14 22:42 ` Stephen Rothwell 2024-04-15 11:16 ` Geert Uytterhoeven 2024-04-15 11:16 ` Geert Uytterhoeven 2024-04-15 14:31 ` Sean Christopherson 2024-04-15 14:31 ` Sean Christopherson 2024-04-16 11:06 ` Michael Ellerman 2024-04-16 11:06 ` Michael Ellerman 2024-04-19 14:03 ` Will Deacon 2024-04-19 14:03 ` Will Deacon 2024-04-19 14:06 ` Sean Christopherson 2024-04-19 14:06 ` Sean Christopherson 2024-04-19 14:38 ` Will Deacon 2024-04-19 14:38 ` Will Deacon 2024-04-15 11:13 ` Geert Uytterhoeven 2024-04-15 11:13 ` Geert Uytterhoeven 2024-04-09 17:51 ` [PATCH 2/3] x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n Sean Christopherson 2024-04-10 14:31 ` [tip: x86/urgent] " tip-bot2 for Sean Christopherson 2024-04-09 17:51 ` [PATCH 3/3] x86/cpu: Ignore "mitigations" kernel parameter if SPECULATION_MITIGATIONS=n Sean Christopherson 2024-04-10 14:18 ` Ingo Molnar 2024-04-09 18:55 ` [PATCH 0/3] x86/cpu: Fix SPECULATIVE_MITIGATION=n kernels Daniel Sneddon
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.