From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9BCFDC04AB4 for ; Tue, 14 May 2019 17:13:47 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6DEC120578 for ; Tue, 14 May 2019 17:13:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="uygRLHgn"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="SbRziWRh" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6DEC120578 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:From:To: Subject:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=7SjQPPkxPtgcx/OstCYQWExu0ABkzAbZLPzg6mWRonw=; b=uygRLHgnZQeisI wKIbLwAhp0vXMkyuiVslGBfYxZNuccYwcrnWBiBd34rbXSzAiQsARGZTBU3a3I87ikzQkGkPHyd16 xUTU88/Hc7HpqRxjq6VGc2ua1u4afA45KsYoKVWs20nFMaWJjzAEXbsKkkDml8yLPpx7jDus/vusD 0h0MYG+7QwqiiBaoWKWISjv/tAZvwJKz/LSla0k6+jasS867sT6DWQKN/ZsTah49t6b1n86njQTFQ 5Da5lLgPPk0vDWSC90LyvXxwi20KgJBjimXK6c4OckM1idJW/YHOH3zY+eMKhuzca0/N7bKSVG7bC kvxNAGAejBakQeaGza9g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hQazk-0006Uo-WC; Tue, 14 May 2019 17:13:41 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hQazL-00062I-E3 for linux-arm-kernel@lists.infradead.org; Tue, 14 May 2019 17:13:35 +0000 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5F702216F4; Tue, 14 May 2019 17:13:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1557853995; bh=Gnri2Wr1YCPQky459e4EFM8B8Q4B3DajxWgQ/ZkaxFA=; h=Subject:To:Cc:From:Date:From; b=SbRziWRhV2K5dVHdAzJZGXyboqyMs47Bt64IJUpgPQ4DQK/wog64x0sNzYpQhf8U4 xVxAHE1Uzf2GVz8BWcZrrE+N8/ISbtpsedp88NFyVVPamqpgjhJHNuGaWv30lEhtsr arCeZNmXaQhkwSrRJHqCjJ4MiMj/Pmoofp7ikn0g= Subject: Patch "[PATCH 20/27] cpu/speculation: Add 'mitigations=' cmdline option" has been added to the 5.0-stable tree To: aarcange@redhat.com, b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com, benh@kernel.crashing.org, bp@alien8.de, catalin.marinas@arm.com, gregkh@linuxfoundation.org, heiko.carstens@de.ibm.com, hpa@zytor.com, jcm@redhat.com, jikos@kernel.org, jkosina@suse.cz, jpoimboe@redhat.com, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, longman@redhat.com, luto@kernel.org, mpe@ellerman.id.au, pauld@redhat.com, paulus@samba.org, peterz@infradead.org, rdunlap@infradead.org, schwidefsky@de.ibm.com, steven.price@arm.com, tglx@linutronix.de, torvalds@linux-foundation.org, tyhicks@canonical.com, will.deacon@arm.com From: Date: Tue, 14 May 2019 19:06:17 +0200 Message-ID: <1557853577107123@kroah.com> MIME-Version: 1.0 X-stable: commit X-Patchwork-Hint: ignore X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190514_101316_059015_B8E0A193 X-CRM114-Status: GOOD ( 17.10 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stable-commits@vger.kernel.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org This is a note to let you know that I've just added the patch titled [PATCH 20/27] cpu/speculation: Add 'mitigations=' cmdline option to the 5.0-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: 0020-cpu-speculation-Add-mitigations-cmdline-option.patch and it can be found in the queue-5.0 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 8d7c1c38b02551bd808007884bc37f501076b8c8 Mon Sep 17 00:00:00 2001 From: Josh Poimboeuf Date: Fri, 12 Apr 2019 15:39:28 -0500 Subject: [PATCH 20/27] cpu/speculation: Add 'mitigations=' cmdline option commit 98af8452945c55652de68536afdde3b520fec429 upstream Keeping track of the number of mitigations for all the CPU speculation bugs has become overwhelming for many users. It's getting more and more complicated to decide which mitigations are needed for a given architecture. Complicating matters is the fact that each arch tends to have its own custom way to mitigate the same vulnerability. Most users fall into a few basic categories: a) they want all mitigations off; b) they want all reasonable mitigations on, with SMT enabled even if it's vulnerable; or c) they want all reasonable mitigations on, with SMT disabled if vulnerable. Define a set of curated, arch-independent options, each of which is an aggregation of existing options: - mitigations=off: Disable all mitigations. - mitigations=auto: [default] Enable all the default mitigations, but leave SMT enabled, even if it's vulnerable. - mitigations=auto,nosmt: Enable all the default mitigations, disabling SMT if needed by a mitigation. Currently, these options are placeholders which don't actually do anything. They will be fleshed out in upcoming patches. Signed-off-by: Josh Poimboeuf Signed-off-by: Thomas Gleixner Tested-by: Jiri Kosina (on x86) Reviewed-by: Jiri Kosina Cc: Borislav Petkov Cc: "H . Peter Anvin" Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Jiri Kosina Cc: Waiman Long Cc: Andrea Arcangeli Cc: Jon Masters Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: linux-s390@vger.kernel.org Cc: Catalin Marinas Cc: Will Deacon Cc: linux-arm-kernel@lists.infradead.org Cc: linux-arch@vger.kernel.org Cc: Greg Kroah-Hartman Cc: Tyler Hicks Cc: Linus Torvalds Cc: Randy Dunlap Cc: Steven Price Cc: Phil Auld Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com Signed-off-by: Greg Kroah-Hartman --- .../admin-guide/kernel-parameters.txt | 24 +++++++++++++++++++ include/linux/cpu.h | 24 +++++++++++++++++++ kernel/cpu.c | 15 ++++++++++++ 3 files changed, 63 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 8f04985d3122..df6d9a7c1724 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2539,6 +2539,30 @@ in the "bleeding edge" mini2440 support kernel at http://repo.or.cz/w/linux-2.6/mini2440.git + mitigations= + Control optional mitigations for CPU vulnerabilities. + This is a set of curated, arch-independent options, each + of which is an aggregation of existing arch-specific + options. + + off + Disable all optional CPU mitigations. This + improves system performance, but it may also + expose users to several CPU vulnerabilities. + + auto (default) + Mitigate all CPU vulnerabilities, but leave SMT + enabled, even if it's vulnerable. This is for + users who don't want to be surprised by SMT + getting disabled across kernel upgrades, or who + have other ways of avoiding SMT-based attacks. + This is the default behavior. + + auto,nosmt + Mitigate all CPU vulnerabilities, disabling SMT + if needed. This is for users who always want to + be fully mitigated, even if it means losing SMT. + mminit_loglevel= [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this parameter allows control of the logging verbosity for diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 3c87ad888ed3..57ae83c4d5f4 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -189,4 +189,28 @@ static inline void cpu_smt_disable(bool force) { } static inline void cpu_smt_check_topology(void) { } #endif +/* + * These are used for a global "mitigations=" cmdline option for toggling + * optional CPU mitigations. + */ +enum cpu_mitigations { + CPU_MITIGATIONS_OFF, + CPU_MITIGATIONS_AUTO, + CPU_MITIGATIONS_AUTO_NOSMT, +}; + +extern enum cpu_mitigations cpu_mitigations; + +/* mitigations=off */ +static inline bool cpu_mitigations_off(void) +{ + return cpu_mitigations == CPU_MITIGATIONS_OFF; +} + +/* mitigations=auto,nosmt */ +static inline bool cpu_mitigations_auto_nosmt(void) +{ + return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT; +} + #endif /* _LINUX_CPU_H_ */ diff --git a/kernel/cpu.c b/kernel/cpu.c index 6754f3ecfd94..43e741e88691 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -2304,3 +2304,18 @@ void __init boot_cpu_hotplug_init(void) #endif this_cpu_write(cpuhp_state.state, CPUHP_ONLINE); } + +enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO; + +static int __init mitigations_parse_cmdline(char *arg) +{ + if (!strcmp(arg, "off")) + cpu_mitigations = CPU_MITIGATIONS_OFF; + else if (!strcmp(arg, "auto")) + cpu_mitigations = CPU_MITIGATIONS_AUTO; + else if (!strcmp(arg, "auto,nosmt")) + cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT; + + return 0; +} +early_param("mitigations", mitigations_parse_cmdline); -- 2.21.0 Patches currently in stable-queue which might be from jpoimboe@redhat.com are queue-5.0/0019-x86-speculation-mds-Print-SMT-vulnerable-on-MSBDS-wi.patch queue-5.0/0016-x86-speculation-Move-arch_smt_update-call-to-after-m.patch queue-5.0/0024-x86-speculation-mds-Add-mitigations-support-for-MDS.patch queue-5.0/0021-x86-speculation-Support-mitigations-cmdline-option.patch queue-5.0/0022-powerpc-speculation-Support-mitigations-cmdline-opti.patch queue-5.0/0020-cpu-speculation-Add-mitigations-cmdline-option.patch queue-5.0/0023-s390-speculation-Support-mitigations-cmdline-option.patch queue-5.0/0015-x86-speculation-mds-Add-mds-full-nosmt-cmdline-optio.patch queue-5.0/0027-x86-speculation-mds-Fix-documentation-typo.patch queue-5.0/0017-x86-speculation-mds-Add-SMT-warning-message.patch queue-5.0/0018-x86-speculation-mds-Fix-comment.patch _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel