From: tip-bot for Josh Poimboeuf <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: mingo@kernel.org, luto@kernel.org, jikos@kernel.org,
will.deacon@arm.com, benh@kernel.crashing.org,
schwidefsky@de.ibm.com, torvalds@linux-foundation.org,
gregkh@linuxfoundation.org, hpa@zytor.com, mpe@ellerman.id.au,
aarcange@redhat.com, longman@redhat.com, jcm@redhat.com,
paulus@samba.org, catalin.marinas@arm.com, jpoimboe@redhat.com,
jkosina@suse.cz, linux-kernel@vger.kernel.org,
tglx@linutronix.de, pauld@redhat.com, rdunlap@infradead.org,
tyhicks@canonical.com, steven.price@arm.com,
heiko.carstens@de.ibm.com, bp@alien8.de, peterz@infradead.org
Subject: [tip:core/speculation] x86/speculation: Support 'mitigations=' cmdline option
Date: Wed, 17 Apr 2019 13:02:02 -0700 [thread overview]
Message-ID: <tip-d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812@git.kernel.org> (raw)
In-Reply-To: <6616d0ae169308516cfdf5216bedd169f8a8291b.1555085500.git.jpoimboe@redhat.com>
Commit-ID: d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812
Gitweb: https://git.kernel.org/tip/d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812
Author: Josh Poimboeuf <jpoimboe@redhat.com>
AuthorDate: Fri, 12 Apr 2019 15:39:29 -0500
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Wed, 17 Apr 2019 21:37:28 +0200
x86/speculation: Support 'mitigations=' cmdline option
Configure x86 runtime CPU speculation bug mitigations in accordance with
the 'mitigations=' cmdline option. This affects Meltdown, Spectre v2,
Speculative Store Bypass, and L1TF.
The default behavior is unchanged.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
Reviewed-by: Jiri Kosina <jkosina@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Waiman Long <longman@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Steven Price <steven.price@arm.com>
Cc: Phil Auld <pauld@redhat.com>
Link: https://lkml.kernel.org/r/6616d0ae169308516cfdf5216bedd169f8a8291b.1555085500.git.jpoimboe@redhat.com
---
Documentation/admin-guide/kernel-parameters.txt | 16 +++++++++++-----
arch/x86/kernel/cpu/bugs.c | 11 +++++++++--
arch/x86/mm/pti.c | 4 +++-
3 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 720ffa9c4e04..779ddeb2929c 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2514,15 +2514,20 @@
http://repo.or.cz/w/linux-2.6/mini2440.git
mitigations=
- Control optional mitigations for CPU vulnerabilities.
- This is a set of curated, arch-independent options, each
- of which is an aggregation of existing arch-specific
- options.
+ [X86] Control optional mitigations for CPU
+ vulnerabilities. This is a set of curated,
+ arch-independent options, each of which is an
+ aggregation of existing arch-specific options.
off
Disable all optional CPU mitigations. This
improves system performance, but it may also
expose users to several CPU vulnerabilities.
+ Equivalent to: nopti [X86]
+ nospectre_v2 [X86]
+ spectre_v2_user=off [X86]
+ spec_store_bypass_disable=off [X86]
+ l1tf=off [X86]
auto (default)
Mitigate all CPU vulnerabilities, but leave SMT
@@ -2530,12 +2535,13 @@
users who don't want to be surprised by SMT
getting disabled across kernel upgrades, or who
have other ways of avoiding SMT-based attacks.
- This is the default behavior.
+ Equivalent to: (default behavior)
auto,nosmt
Mitigate all CPU vulnerabilities, disabling SMT
if needed. This is for users who always want to
be fully mitigated, even if it means losing SMT.
+ Equivalent to: l1tf=flush,nosmt [X86]
mminit_loglevel=
[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 01874d54f4fd..435c078c2948 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -440,7 +440,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
char arg[20];
int ret, i;
- if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
+ if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") ||
+ cpu_mitigations_off())
return SPECTRE_V2_CMD_NONE;
ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
@@ -672,7 +673,8 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
char arg[20];
int ret, i;
- if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) {
+ if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") ||
+ cpu_mitigations_off()) {
return SPEC_STORE_BYPASS_CMD_NONE;
} else {
ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
@@ -996,6 +998,11 @@ static void __init l1tf_select_mitigation(void)
if (!boot_cpu_has_bug(X86_BUG_L1TF))
return;
+ if (cpu_mitigations_off())
+ l1tf_mitigation = L1TF_MITIGATION_OFF;
+ else if (cpu_mitigations_auto_nosmt())
+ l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT;
+
override_cache_bits(&boot_cpu_data);
switch (l1tf_mitigation) {
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 4fee5c3003ed..5890f09bfc19 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -35,6 +35,7 @@
#include <linux/spinlock.h>
#include <linux/mm.h>
#include <linux/uaccess.h>
+#include <linux/cpu.h>
#include <asm/cpufeature.h>
#include <asm/hypervisor.h>
@@ -115,7 +116,8 @@ void __init pti_check_boottime_disable(void)
}
}
- if (cmdline_find_option_bool(boot_command_line, "nopti")) {
+ if (cmdline_find_option_bool(boot_command_line, "nopti") ||
+ cpu_mitigations_off()) {
pti_mode = PTI_FORCE_OFF;
pti_print_if_insecure("disabled on command line.");
return;
next prev parent reply other threads:[~2019-04-17 20:03 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-12 20:39 [PATCH v2 0/5] cpu/speculation: Add 'mitigations=' cmdline option Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` [PATCH v2 1/5] " Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-16 14:13 ` Borislav Petkov
2019-04-16 14:13 ` Borislav Petkov
2019-04-16 14:13 ` Borislav Petkov
2019-04-16 14:13 ` Borislav Petkov
2019-04-16 15:32 ` Josh Poimboeuf
2019-04-16 15:32 ` Josh Poimboeuf
2019-04-16 15:32 ` Josh Poimboeuf
2019-04-16 15:32 ` Josh Poimboeuf
2019-04-17 20:01 ` [tip:core/speculation] " tip-bot for Josh Poimboeuf
2019-04-12 20:39 ` [PATCH v2 2/5] x86/speculation: Support " Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-17 20:02 ` tip-bot for Josh Poimboeuf [this message]
2019-04-12 20:39 ` [PATCH v2 3/5] powerpc/speculation: " Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-17 20:02 ` [tip:core/speculation] " tip-bot for Josh Poimboeuf
2019-04-12 20:39 ` [PATCH v2 4/5] s390/speculation: " Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-17 20:03 ` [tip:core/speculation] " tip-bot for Josh Poimboeuf
2019-04-12 20:39 ` [PATCH v2 5/5] arm64/speculation: " Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 20:39 ` Josh Poimboeuf
2019-04-12 23:34 ` Randy Dunlap
2019-04-12 23:34 ` Randy Dunlap
2019-04-12 23:34 ` Randy Dunlap
2019-04-12 23:34 ` Randy Dunlap
2019-04-13 3:56 ` [PATCH] Documentation: Add ARM64 to kernel-parameters.rst Josh Poimboeuf
2019-04-13 3:56 ` Josh Poimboeuf
2019-04-13 3:56 ` Josh Poimboeuf
2019-04-13 3:56 ` Josh Poimboeuf
2019-04-13 4:47 ` Randy Dunlap
2019-04-13 4:47 ` Randy Dunlap
2019-04-13 4:47 ` Randy Dunlap
2019-04-13 4:47 ` Randy Dunlap
2019-05-03 12:37 ` Jonathan Corbet
2019-05-03 12:37 ` Jonathan Corbet
2019-05-03 12:37 ` Jonathan Corbet
2019-05-03 12:37 ` Jonathan Corbet
2019-05-03 12:39 ` Will Deacon
2019-05-03 12:39 ` Will Deacon
2019-05-03 12:39 ` Will Deacon
2019-05-03 12:39 ` Will Deacon
2019-05-03 12:47 ` Jonathan Corbet
2019-05-03 12:47 ` Jonathan Corbet
2019-05-03 12:47 ` Jonathan Corbet
2019-05-03 12:47 ` Jonathan Corbet
2019-05-03 13:00 ` Will Deacon
2019-05-03 13:00 ` Will Deacon
2019-05-03 13:00 ` Will Deacon
2019-05-03 13:00 ` Will Deacon
2019-04-16 19:26 ` [PATCH v2 5/5] arm64/speculation: Support 'mitigations=' cmdline option Thomas Gleixner
2019-04-16 19:26 ` Thomas Gleixner
2019-04-16 19:26 ` Thomas Gleixner
2019-04-16 19:26 ` Thomas Gleixner
2019-04-16 20:21 ` Josh Poimboeuf
2019-04-16 20:21 ` Josh Poimboeuf
2019-04-16 20:21 ` Josh Poimboeuf
2019-04-16 20:21 ` Josh Poimboeuf
2019-04-16 21:39 ` Will Deacon
2019-04-16 21:39 ` Will Deacon
2019-04-16 21:39 ` Will Deacon
2019-04-16 21:39 ` Will Deacon
2019-04-24 14:16 ` Will Deacon
2019-04-24 14:16 ` Will Deacon
2019-04-24 14:16 ` Will Deacon
2019-04-24 14:16 ` Will Deacon
2019-04-24 18:19 ` Thomas Gleixner
2019-04-24 18:19 ` Thomas Gleixner
2019-04-24 18:19 ` Thomas Gleixner
2019-04-24 18:19 ` Thomas Gleixner
2019-04-16 7:53 ` [PATCH v2 0/5] cpu/speculation: Add " Jiri Kosina
2019-04-16 7:53 ` Jiri Kosina
2019-04-16 7:53 ` Jiri Kosina
2019-04-16 7:53 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812@git.kernel.org \
--to=tipbot@zytor.com \
--cc=aarcange@redhat.com \
--cc=benh@kernel.crashing.org \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=gregkh@linuxfoundation.org \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=jcm@redhat.com \
--cc=jikos@kernel.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=longman@redhat.com \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=mpe@ellerman.id.au \
--cc=pauld@redhat.com \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=rdunlap@infradead.org \
--cc=schwidefsky@de.ibm.com \
--cc=steven.price@arm.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tyhicks@canonical.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.