From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Breno Leitao <leitao@debian.org>, Ingo Molnar <mingo@kernel.org>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
David Kaplan <David.Kaplan@amd.com>,
Sasha Levin <sashal@kernel.org>,
corbet@lwn.net, tglx@linutronix.de, bp@alien8.de,
mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org,
akpm@linux-foundation.org, rostedt@goodmis.org,
paulmck@kernel.org, thuth@redhat.com, ardb@kernel.org,
gregkh@linuxfoundation.org, linux-doc@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 37/79] x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
Date: Mon, 5 May 2025 19:21:09 -0400 [thread overview]
Message-ID: <20250505232151.2698893-37-sashal@kernel.org> (raw)
In-Reply-To: <20250505232151.2698893-1-sashal@kernel.org>
From: Breno Leitao <leitao@debian.org>
[ Upstream commit 98fdaeb296f51ef08e727a7cc72e5b5c864c4f4d ]
Change the default value of spectre v2 in user mode to respect the
CONFIG_MITIGATION_SPECTRE_V2 config option.
Currently, user mode spectre v2 is set to auto
(SPECTRE_V2_USER_CMD_AUTO) by default, even if
CONFIG_MITIGATION_SPECTRE_V2 is disabled.
Set the spectre_v2 value to auto (SPECTRE_V2_USER_CMD_AUTO) if the
Spectre v2 config (CONFIG_MITIGATION_SPECTRE_V2) is enabled, otherwise
set the value to none (SPECTRE_V2_USER_CMD_NONE).
Important to say the command line argument "spectre_v2_user" overwrites
the default value in both cases.
When CONFIG_MITIGATION_SPECTRE_V2 is not set, users have the flexibility
to opt-in for specific mitigations independently. In this scenario,
setting spectre_v2= will not enable spectre_v2_user=, and command line
options spectre_v2_user and spectre_v2 are independent when
CONFIG_MITIGATION_SPECTRE_V2=n.
Signed-off-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: David Kaplan <David.Kaplan@amd.com>
Link: https://lore.kernel.org/r/20241031-x86_bugs_last_v2-v2-2-b7ff1dab840e@debian.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/admin-guide/kernel-parameters.txt | 2 ++
arch/x86/kernel/cpu/bugs.c | 10 +++++++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 9975dcab99c35..6d9acc3f977b3 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4600,6 +4600,8 @@
Selecting 'on' will also enable the mitigation
against user space to user space task attacks.
+ Selecting specific mitigation does not force enable
+ user mitigations.
Selecting 'off' will disable both the kernel and
the user space protections.
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 4f803aed2ef0e..0f523ebfbabf6 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1050,9 +1050,13 @@ static __ro_after_init enum spectre_v2_mitigation_cmd spectre_v2_cmd;
static enum spectre_v2_user_cmd __init
spectre_v2_parse_user_cmdline(void)
{
+ enum spectre_v2_user_cmd mode;
char arg[20];
int ret, i;
+ mode = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ?
+ SPECTRE_V2_USER_CMD_AUTO : SPECTRE_V2_USER_CMD_NONE;
+
switch (spectre_v2_cmd) {
case SPECTRE_V2_CMD_NONE:
return SPECTRE_V2_USER_CMD_NONE;
@@ -1065,7 +1069,7 @@ spectre_v2_parse_user_cmdline(void)
ret = cmdline_find_option(boot_command_line, "spectre_v2_user",
arg, sizeof(arg));
if (ret < 0)
- return SPECTRE_V2_USER_CMD_AUTO;
+ return mode;
for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) {
if (match_option(arg, ret, v2_user_options[i].option)) {
@@ -1075,8 +1079,8 @@ spectre_v2_parse_user_cmdline(void)
}
}
- pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg);
- return SPECTRE_V2_USER_CMD_AUTO;
+ pr_err("Unknown user space protection option (%s). Switching to default\n", arg);
+ return mode;
}
static inline bool spectre_v2_in_eibrs_mode(enum spectre_v2_mitigation mode)
--
2.39.5
next prev parent reply other threads:[~2025-05-05 23:22 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-05 23:20 [PATCH AUTOSEL 5.4 01/79] kconfig: merge_config: use an empty file as initfile Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 02/79] mailbox: use error ret code of of_parse_phandle_with_args() Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 03/79] fbdev: fsl-diu-fb: add missing device_remove_file() Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 04/79] fbdev: core: tileblit: Implement missing margin clearing for tileblit Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 05/79] NFSv4: Treat ENETUNREACH errors as fatal for state recovery Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 06/79] SUNRPC: rpc_clnt_set_transport() must not change the autobind setting Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 07/79] exit: fix the usage of delay_group_leader->exit_code in do_notify_parent() and pidfs_exit() Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 08/79] dql: Fix dql->limit value when reset Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 09/79] tools/build: Don't pass test log files to linker Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 10/79] pNFS/flexfiles: Report ENETDOWN as a connection error Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 11/79] libnvdimm/labels: Fix divide error in nd_label_data_init() Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 12/79] mmc: host: Wait for Vdd to settle on card power off Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 13/79] i2c: pxa: fix call balance of i2c->clk handling routines Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 14/79] btrfs: avoid linker error in btrfs_find_create_tree_block() Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 15/79] btrfs: send: return -ENAMETOOLONG when attempting a path that is too long Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 16/79] um: Store full CSGSFS and SS register from mcontext Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 17/79] um: Update min_low_pfn to match changes in uml_reserved Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 18/79] ext4: reorder capability check last Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 19/79] scsi: st: Tighten the page format heuristics with MODE SELECT Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 20/79] scsi: st: ERASE does not change tape location Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 21/79] kbuild: fix argument parsing in scripts/config Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 22/79] dm: restrict dm device size to 2^63-512 bytes Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 23/79] xen: Add support for XenServer 6.1 platform device Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 24/79] posix-timers: Add cond_resched() to posix_timer_add() search loop Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 25/79] netfilter: conntrack: Bound nf_conntrack sysctl writes Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 26/79] mmc: sdhci: Disable SD card clock before changing parameters Sasha Levin
2025-05-05 23:20 ` [PATCH AUTOSEL 5.4 27/79] powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 28/79] rtc: ds1307: stop disabling alarms on probe Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 29/79] ieee802154: ca8210: Use proper setters and getters for bitwise types Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 30/79] ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 31/79] media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 32/79] dm cache: prevent BUG_ON by blocking retries on failed device resumes Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 33/79] orangefs: Do not truncate file size Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 34/79] media: cx231xx: set device_caps for 417 Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 35/79] pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 36/79] net: pktgen: fix mpls maximum labels list parsing Sasha Levin
2025-05-05 23:21 ` Sasha Levin [this message]
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 38/79] hwmon: (gpio-fan) Add missing mutex locks Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 39/79] drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 40/79] fpga: altera-cvp: Increase credit timeout Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 41/79] net/mlx5: Avoid report two health errors on same syndrome Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 42/79] drm/amdkfd: KFD release_work possible circular locking Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 43/79] net: xgene-v2: remove incorrect ACPI_PTR annotation Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 44/79] bonding: report duplicate MAC address in all situations Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 45/79] x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 46/79] cpuidle: menu: Avoid discarding useful information Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 47/79] MIPS: Use arch specific syscall name match function Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 48/79] MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 49/79] scsi: mpt3sas: Send a diag reset if target reset fails Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 50/79] wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 51/79] net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 52/79] EDAC/ie31200: work around false positive build warning Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 53/79] PCI: Fix old_size lower bound in calculate_iosize() too Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 54/79] ACPI: HED: Always initialize before evged Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 55/79] net/mlx5: Modify LSB bitmask in temperature event to include only the first bit Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 56/79] net/mlx5: Apply rate-limiting to high temperature warning Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 57/79] ASoC: ops: Enforce platform maximum on initial value Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 58/79] pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 59/79] smack: recognize ipv4 CIPSO w/o categories Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 60/79] net/mlx4_core: Avoid impossible mlx4_db_alloc() order value Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 61/79] phy: core: don't require set_mode() callback for phy_get_mode() to work Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 62/79] net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 63/79] net/mlx5e: set the tx_queue_len for pfifo_fast Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 64/79] net/mlx5e: reduce rep rxq depth to 256 for ECPF Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 65/79] ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure() Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 66/79] exit: change the release_task() paths to call flush_sigqueue() lockless Sasha Levin
2025-05-06 11:21 ` Oleg Nesterov
2025-05-20 14:05 ` Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 67/79] hwmon: (xgene-hwmon) use appropriate type for the latency value Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 68/79] vxlan: Annotate FDB data races Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 69/79] net-sysfs: prevent uncleared queues from being re-added Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 70/79] rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 71/79] rcu: fix header guard for rcu_all_qs() Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 72/79] scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 73/79] scsi: st: Restore some drive settings after reset Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 74/79] HID: usbkbd: Fix the bit shift number for LED_KANA Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 75/79] bpftool: Fix readlink usage in get_fd_type Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 76/79] wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 77/79] regulator: ad5398: Add device tree support Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 78/79] drm/atomic: clarify the rules around drm_atomic_state->allow_modeset Sasha Levin
2025-05-05 23:21 ` [PATCH AUTOSEL 5.4 79/79] drm: Add valid clones check Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250505232151.2698893-37-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=David.Kaplan@amd.com \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jpoimboe@kernel.org \
--cc=leitao@debian.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=paulmck@kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=thuth@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox