[PATCH 0/3] x86/bugs: Cleanup parameter parsing

[PATCH 0/3] x86/bugs: Cleanup parameter parsing

[David Kaplan]

Most mitigations in bugs.c use early_param for parameter parsing.  A few
older ones do not and look at boot_command_line directly.

This series modifies those to be consistent with the newer ones.

David Kaplan (3):
  x86/bugs: Use early_param for spectre_v2_user
  x86/bugs: Use early_param for spectre_v2
  x86/bugs: Simplify SSB cmdline parsing

 arch/x86/kernel/cpu/bugs.c | 331 ++++++++++++++++---------------------
 1 file changed, 147 insertions(+), 184 deletions(-)


base-commit: 4b6b14d20bc04dcab6dd3ad0d5a50a0f473d1c18
-- 
2.34.1

[PATCH 1/3] x86/bugs: Use early_param for spectre_v2_user

[David Kaplan]

Most of the mitigations in bugs.c use early_param to parse their command
line options.  Modify spectre_v2_user to use early_param for consistency.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
 arch/x86/kernel/cpu/bugs.c | 62 ++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 32 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index b74bf937cd9f..6bfe199b9f3e 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1829,7 +1829,7 @@ enum spectre_v2_mitigation_cmd {
 
 static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init = SPECTRE_V2_CMD_AUTO;
 
-enum spectre_v2_user_cmd {
+enum spectre_v2_user_mitigation_cmd {
 	SPECTRE_V2_USER_CMD_NONE,
 	SPECTRE_V2_USER_CMD_AUTO,
 	SPECTRE_V2_USER_CMD_FORCE,
@@ -1839,6 +1839,9 @@ enum spectre_v2_user_cmd {
 	SPECTRE_V2_USER_CMD_SECCOMP_IBPB,
 };
 
+static enum spectre_v2_user_mitigation_cmd spectre_v2_user_cmd __ro_after_init =
+	SPECTRE_V2_USER_CMD_AUTO;
+
 static const char * const spectre_v2_user_strings[] = {
 	[SPECTRE_V2_USER_NONE]			= "User space: Vulnerable",
 	[SPECTRE_V2_USER_STRICT]		= "User space: Mitigation: STIBP protection",
@@ -1847,50 +1850,45 @@ static const char * const spectre_v2_user_strings[] = {
 	[SPECTRE_V2_USER_SECCOMP]		= "User space: Mitigation: STIBP via seccomp and prctl",
 };
 
-static const struct {
-	const char			*option;
-	enum spectre_v2_user_cmd	cmd;
-	bool				secure;
-} v2_user_options[] __initconst = {
-	{ "auto",		SPECTRE_V2_USER_CMD_AUTO,		false },
-	{ "off",		SPECTRE_V2_USER_CMD_NONE,		false },
-	{ "on",			SPECTRE_V2_USER_CMD_FORCE,		true  },
-	{ "prctl",		SPECTRE_V2_USER_CMD_PRCTL,		false },
-	{ "prctl,ibpb",		SPECTRE_V2_USER_CMD_PRCTL_IBPB,		false },
-	{ "seccomp",		SPECTRE_V2_USER_CMD_SECCOMP,		false },
-	{ "seccomp,ibpb",	SPECTRE_V2_USER_CMD_SECCOMP_IBPB,	false },
-};
-
 static void __init spec_v2_user_print_cond(const char *reason, bool secure)
 {
 	if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
 		pr_info("spectre_v2_user=%s forced on command line.\n", reason);
 }
 
-static enum spectre_v2_user_cmd __init spectre_v2_parse_user_cmdline(void)
+static int __init spectre_v2_parse_user_cmdline(char *str)
 {
-	char arg[20];
-	int ret, i;
+	if (!str)
+		return -EINVAL;
 
 	if (!IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2))
 		return SPECTRE_V2_USER_CMD_NONE;
 
-	ret = cmdline_find_option(boot_command_line, "spectre_v2_user",
-				  arg, sizeof(arg));
-	if (ret < 0)
-		return SPECTRE_V2_USER_CMD_AUTO;
+	if (!strcmp(str, "auto"))
+		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_AUTO;
+	else if (!strcmp(str, "off"))
+		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_NONE;
+	else if (!strcmp(str, "on"))
+		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_FORCE;
+	else if (!strcmp(str, "prctl"))
+		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_PRCTL;
+	else if (!strcmp(str, "prctl,ibpb"))
+		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_PRCTL_IBPB;
+	else if (!strcmp(str, "seccomp"))
+		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_SECCOMP;
+	else if (!strcmp(str, "seccomp,ibpb"))
+		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_SECCOMP_IBPB;
+	else
+		pr_err("Ignoring unknown spectre_v2_user option (%s).", str);
 
-	for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) {
-		if (match_option(arg, ret, v2_user_options[i].option)) {
-			spec_v2_user_print_cond(v2_user_options[i].option,
-						v2_user_options[i].secure);
-			return v2_user_options[i].cmd;
-		}
-	}
+	if (spectre_v2_user_cmd == SPECTRE_V2_USER_CMD_FORCE)
+		spec_v2_user_print_cond(str, true);
+	else
+		spec_v2_user_print_cond(str, false);
 
-	pr_err("Unknown user space protection option (%s). Switching to default\n", arg);
-	return SPECTRE_V2_USER_CMD_AUTO;
+	return 0;
 }
+early_param("spectre_v2_user", spectre_v2_parse_user_cmdline);
 
 static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)
 {
@@ -1902,7 +1900,7 @@ static void __init spectre_v2_user_select_mitigation(void)
 	if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP))
 		return;
 
-	switch (spectre_v2_parse_user_cmdline()) {
+	switch (spectre_v2_user_cmd) {
 	case SPECTRE_V2_USER_CMD_NONE:
 		return;
 	case SPECTRE_V2_USER_CMD_FORCE:
-- 
2.34.1

[PATCH 2/3] x86/bugs: Use early_param for spectre_v2

[David Kaplan]

Most of the mitigations in bugs.c use early_param for command line parsing.
Rework the spectre_v2 and nospectre_v2 command line options to be
consistent with the others.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
 arch/x86/kernel/cpu/bugs.c | 151 +++++++++++++++++++------------------
 1 file changed, 78 insertions(+), 73 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 6bfe199b9f3e..19a3891953c3 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1827,7 +1827,8 @@ enum spectre_v2_mitigation_cmd {
 	SPECTRE_V2_CMD_IBRS,
 };
 
-static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init = SPECTRE_V2_CMD_AUTO;
+static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =
+	IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
 
 enum spectre_v2_user_mitigation_cmd {
 	SPECTRE_V2_USER_CMD_NONE,
@@ -2035,112 +2036,118 @@ static const char * const spectre_v2_strings[] = {
 	[SPECTRE_V2_IBRS]			= "Mitigation: IBRS",
 };
 
-static const struct {
-	const char *option;
-	enum spectre_v2_mitigation_cmd cmd;
-	bool secure;
-} mitigation_options[] __initconst = {
-	{ "off",		SPECTRE_V2_CMD_NONE,		  false },
-	{ "on",			SPECTRE_V2_CMD_FORCE,		  true  },
-	{ "retpoline",		SPECTRE_V2_CMD_RETPOLINE,	  false },
-	{ "retpoline,amd",	SPECTRE_V2_CMD_RETPOLINE_LFENCE,  false },
-	{ "retpoline,lfence",	SPECTRE_V2_CMD_RETPOLINE_LFENCE,  false },
-	{ "retpoline,generic",	SPECTRE_V2_CMD_RETPOLINE_GENERIC, false },
-	{ "eibrs",		SPECTRE_V2_CMD_EIBRS,		  false },
-	{ "eibrs,lfence",	SPECTRE_V2_CMD_EIBRS_LFENCE,	  false },
-	{ "eibrs,retpoline",	SPECTRE_V2_CMD_EIBRS_RETPOLINE,	  false },
-	{ "auto",		SPECTRE_V2_CMD_AUTO,		  false },
-	{ "ibrs",		SPECTRE_V2_CMD_IBRS,              false },
-};
-
 static void __init spec_v2_print_cond(const char *reason, bool secure)
 {
 	if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
 		pr_info("%s selected on command line.\n", reason);
 }
 
-static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
-{
-	enum spectre_v2_mitigation_cmd cmd;
-	char arg[20];
-	int ret, i;
+static bool nospectre_v2 __ro_after_init;
 
-	cmd = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ?  SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
-	if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
-		return SPECTRE_V2_CMD_NONE;
+static int __init nospectre_v2_parse_cmdline(char *str)
+{
+	nospectre_v2 = true;
+	spectre_v2_cmd = SPECTRE_V2_CMD_NONE;
+	return 0;
+}
+early_param("nospectre_v2", nospectre_v2_parse_cmdline);
 
-	ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
-	if (ret < 0)
-		return cmd;
+static int __init spectre_v2_parse_cmdline(char *str)
+{
+	if (!str)
+		return -EINVAL;
 
-	for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) {
-		if (!match_option(arg, ret, mitigation_options[i].option))
-			continue;
-		cmd = mitigation_options[i].cmd;
-		break;
-	}
+	if (nospectre_v2)
+		return 0;
 
-	if (i >= ARRAY_SIZE(mitigation_options)) {
-		pr_err("unknown option (%s). Switching to default mode\n", arg);
-		return cmd;
-	}
+	if (!strcmp(str, "off"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_NONE;
+	else if (!strcmp(str, "on"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_FORCE;
+	else if (!strcmp(str, "retpoline"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE;
+	else if (!strcmp(str, "retpoline,amd") ||
+		 !strcmp(str, "retpoline,lfence"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE_LFENCE;
+	else if (!strcmp(str, "retpoline,generic"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE_GENERIC;
+	else if (!strcmp(str, "eibrs"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS;
+	else if (!strcmp(str, "eibrs,lfence"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS_LFENCE;
+	else if (!strcmp(str, "eibrs,retpoline"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS_RETPOLINE;
+	else if (!strcmp(str, "auto"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
+	else if (!strcmp(str, "ibrs"))
+		spectre_v2_cmd = SPECTRE_V2_CMD_IBRS;
+	else
+		pr_err("Ignoring unknown spectre_v2 option (%s).", str);
 
-	if ((cmd == SPECTRE_V2_CMD_RETPOLINE ||
-	     cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
-	     cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
-	     cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
-	     cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
+	if ((spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE ||
+	     spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
+	     spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
+	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
+	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
 	    !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) {
 		pr_err("%s selected but not compiled in. Switching to AUTO select\n",
-		       mitigation_options[i].option);
-		return SPECTRE_V2_CMD_AUTO;
+			str);
+		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
 	}
 
-	if ((cmd == SPECTRE_V2_CMD_EIBRS ||
-	     cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
-	     cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
+	if ((spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS ||
+	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
+	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
 	    !boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {
 		pr_err("%s selected but CPU doesn't have Enhanced or Automatic IBRS. Switching to AUTO select\n",
-		       mitigation_options[i].option);
-		return SPECTRE_V2_CMD_AUTO;
+		       str);
+		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
 	}
 
-	if ((cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
-	     cmd == SPECTRE_V2_CMD_EIBRS_LFENCE) &&
+	if ((spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
+	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE) &&
 	    !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {
 		pr_err("%s selected, but CPU doesn't have a serializing LFENCE. Switching to AUTO select\n",
-		       mitigation_options[i].option);
-		return SPECTRE_V2_CMD_AUTO;
+		       str);
+		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
 	}
 
-	if (cmd == SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY)) {
+	if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY)) {
 		pr_err("%s selected but not compiled in. Switching to AUTO select\n",
-		       mitigation_options[i].option);
-		return SPECTRE_V2_CMD_AUTO;
+		       str);
+		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
 	}
 
-	if (cmd == SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) {
+	if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) {
 		pr_err("%s selected but not Intel CPU. Switching to AUTO select\n",
-		       mitigation_options[i].option);
-		return SPECTRE_V2_CMD_AUTO;
+		       str);
+		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
 	}
 
-	if (cmd == SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATURE_IBRS)) {
+	if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATURE_IBRS)) {
 		pr_err("%s selected but CPU doesn't have IBRS. Switching to AUTO select\n",
-		       mitigation_options[i].option);
-		return SPECTRE_V2_CMD_AUTO;
+		       str);
+		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
 	}
 
-	if (cmd == SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_FEATURE_XENPV)) {
+	if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_FEATURE_XENPV)) {
 		pr_err("%s selected but running as XenPV guest. Switching to AUTO select\n",
-		       mitigation_options[i].option);
-		return SPECTRE_V2_CMD_AUTO;
+		       str);
+		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
 	}
 
-	spec_v2_print_cond(mitigation_options[i].option,
-			   mitigation_options[i].secure);
-	return cmd;
+	/* Print a warning if forcing an option.  AUTO is not forcing. */
+	if (spectre_v2_cmd == SPECTRE_V2_CMD_AUTO)
+		return 0;
+
+	if (spectre_v2_cmd == SPECTRE_V2_CMD_FORCE)
+		spec_v2_print_cond(str, true);
+	else
+		spec_v2_print_cond(str, false);
+
+	return 0;
 }
+early_param("spectre_v2", spectre_v2_parse_cmdline);
 
 static enum spectre_v2_mitigation __init spectre_v2_select_retpoline(void)
 {
@@ -2328,8 +2335,6 @@ static void __init bhi_apply_mitigation(void)
 
 static void __init spectre_v2_select_mitigation(void)
 {
-	spectre_v2_cmd = spectre_v2_parse_cmdline();
-
 	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) &&
 	    (spectre_v2_cmd == SPECTRE_V2_CMD_NONE || spectre_v2_cmd == SPECTRE_V2_CMD_AUTO))
 		return;
-- 
2.34.1

[PATCH 3/3] x86/bugs: Simplify SSB cmdline parsing

[David Kaplan]

Simplify the SSB command line parsing by selecting a mitigation directly,
as is done in most of the simpler vulnerabilities.  Use early_param instead
of cmdline_find_option for consistency with the other mitigation
selections.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
 arch/x86/kernel/cpu/bugs.c | 118 ++++++++++++-------------------------
 1 file changed, 39 insertions(+), 79 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 19a3891953c3..3766dff9a699 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2625,16 +2625,8 @@ void cpu_bugs_smt_update(void)
 #undef pr_fmt
 #define pr_fmt(fmt)	"Speculative Store Bypass: " fmt
 
-static enum ssb_mitigation ssb_mode __ro_after_init = SPEC_STORE_BYPASS_NONE;
-
-/* The kernel command line selection */
-enum ssb_mitigation_cmd {
-	SPEC_STORE_BYPASS_CMD_NONE,
-	SPEC_STORE_BYPASS_CMD_AUTO,
-	SPEC_STORE_BYPASS_CMD_ON,
-	SPEC_STORE_BYPASS_CMD_PRCTL,
-	SPEC_STORE_BYPASS_CMD_SECCOMP,
-};
+static enum ssb_mitigation ssb_mode __ro_after_init =
+	IS_ENABLED(CONFIG_MITIGATION_SSB) ? SPEC_STORE_BYPASS_PRCTL : SPEC_STORE_BYPASS_NONE;
 
 static const char * const ssb_strings[] = {
 	[SPEC_STORE_BYPASS_NONE]	= "Vulnerable",
@@ -2643,89 +2635,57 @@ static const char * const ssb_strings[] = {
 	[SPEC_STORE_BYPASS_SECCOMP]	= "Mitigation: Speculative Store Bypass disabled via prctl and seccomp",
 };
 
-static const struct {
-	const char *option;
-	enum ssb_mitigation_cmd cmd;
-} ssb_mitigation_options[]  __initconst = {
-	{ "auto",	SPEC_STORE_BYPASS_CMD_AUTO },    /* Platform decides */
-	{ "on",		SPEC_STORE_BYPASS_CMD_ON },      /* Disable Speculative Store Bypass */
-	{ "off",	SPEC_STORE_BYPASS_CMD_NONE },    /* Don't touch Speculative Store Bypass */
-	{ "prctl",	SPEC_STORE_BYPASS_CMD_PRCTL },   /* Disable Speculative Store Bypass via prctl */
-	{ "seccomp",	SPEC_STORE_BYPASS_CMD_SECCOMP }, /* Disable Speculative Store Bypass via prctl and seccomp */
-};
+static bool nossb __ro_after_init;
 
-static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
+static int __init nossb_parse_cmdline(char *str)
 {
-	enum ssb_mitigation_cmd cmd;
-	char arg[20];
-	int ret, i;
+	nossb = true;
+	ssb_mode = SPEC_STORE_BYPASS_NONE;
+	return 0;
+}
+early_param("nospec_store_bypass_disable", nossb_parse_cmdline);
 
-	cmd = IS_ENABLED(CONFIG_MITIGATION_SSB) ?
-		SPEC_STORE_BYPASS_CMD_AUTO : SPEC_STORE_BYPASS_CMD_NONE;
-	if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") ||
-	    cpu_mitigations_off()) {
-		return SPEC_STORE_BYPASS_CMD_NONE;
-	} else {
-		ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
-					  arg, sizeof(arg));
-		if (ret < 0)
-			return cmd;
+static int __init ssb_parse_cmdline(char *str)
+{
+	if (!str)
+		return -EINVAL;
 
-		for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) {
-			if (!match_option(arg, ret, ssb_mitigation_options[i].option))
-				continue;
+	if (!IS_ENABLED(CONFIG_MITIGATION_SSB))
+		return 0;
 
-			cmd = ssb_mitigation_options[i].cmd;
-			break;
-		}
+	if (nossb)
+		return 0;
 
-		if (i >= ARRAY_SIZE(ssb_mitigation_options)) {
-			pr_err("unknown option (%s). Switching to default mode\n", arg);
-			return cmd;
-		}
-	}
+	if (!strcmp(str, "auto"))
+		ssb_mode = SPEC_STORE_BYPASS_PRCTL;
+	else if (!strcmp(str, "on"))
+		ssb_mode = SPEC_STORE_BYPASS_DISABLE;
+	else if (!strcmp(str, "off"))
+		ssb_mode = SPEC_STORE_BYPASS_NONE;
+	else if (!strcmp(str, "prctl"))
+		ssb_mode = SPEC_STORE_BYPASS_PRCTL;
+	else if (!strcmp(str, "seccomp"))
+		ssb_mode = IS_ENABLED(CONFIG_SECCOMP) ?
+			SPEC_STORE_BYPASS_SECCOMP : SPEC_STORE_BYPASS_PRCTL;
+	else
+		pr_err("Ignoring unknown spec_store_bypass_disable option (%s).\n",
+			str);
 
-	return cmd;
+	return 0;
 }
+early_param("spec_store_bypass_disable", ssb_parse_cmdline);
 
 static void __init ssb_select_mitigation(void)
 {
-	enum ssb_mitigation_cmd cmd;
-
-	if (!boot_cpu_has(X86_FEATURE_SSBD))
-		goto out;
-
-	cmd = ssb_parse_cmdline();
-	if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) &&
-	    (cmd == SPEC_STORE_BYPASS_CMD_NONE ||
-	     cmd == SPEC_STORE_BYPASS_CMD_AUTO))
+	if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) || cpu_mitigations_off()) {
+		ssb_mode = SPEC_STORE_BYPASS_NONE;
 		return;
-
-	switch (cmd) {
-	case SPEC_STORE_BYPASS_CMD_SECCOMP:
-		/*
-		 * Choose prctl+seccomp as the default mode if seccomp is
-		 * enabled.
-		 */
-		if (IS_ENABLED(CONFIG_SECCOMP))
-			ssb_mode = SPEC_STORE_BYPASS_SECCOMP;
-		else
-			ssb_mode = SPEC_STORE_BYPASS_PRCTL;
-		break;
-	case SPEC_STORE_BYPASS_CMD_ON:
-		ssb_mode = SPEC_STORE_BYPASS_DISABLE;
-		break;
-	case SPEC_STORE_BYPASS_CMD_AUTO:
-	case SPEC_STORE_BYPASS_CMD_PRCTL:
-		ssb_mode = SPEC_STORE_BYPASS_PRCTL;
-		break;
-	case SPEC_STORE_BYPASS_CMD_NONE:
-		break;
 	}
 
-out:
-	if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
-		pr_info("%s\n", ssb_strings[ssb_mode]);
+	if (!boot_cpu_has(X86_FEATURE_SSBD))
+		ssb_mode = SPEC_STORE_BYPASS_NONE;
+
+	pr_info("%s\n", ssb_strings[ssb_mode]);
 }
 
 static void __init ssb_apply_mitigation(void)
-- 
2.34.1

Re: [PATCH 1/3] x86/bugs: Use early_param for spectre_v2_user

[Pawan Gupta]

On Mon, Aug 11, 2025 at 09:26:57AM -0500, David Kaplan wrote:
> Most of the mitigations in bugs.c use early_param to parse their command
> line options.  Modify spectre_v2_user to use early_param for consistency.
> 
> Signed-off-by: David Kaplan <david.kaplan@amd.com>
> ---
>  arch/x86/kernel/cpu/bugs.c | 62 ++++++++++++++++++--------------------
>  1 file changed, 30 insertions(+), 32 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index b74bf937cd9f..6bfe199b9f3e 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -1829,7 +1829,7 @@ enum spectre_v2_mitigation_cmd {
>  
>  static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init = SPECTRE_V2_CMD_AUTO;
>  
> -enum spectre_v2_user_cmd {
> +enum spectre_v2_user_mitigation_cmd {
>  	SPECTRE_V2_USER_CMD_NONE,
>  	SPECTRE_V2_USER_CMD_AUTO,
>  	SPECTRE_V2_USER_CMD_FORCE,
> @@ -1839,6 +1839,9 @@ enum spectre_v2_user_cmd {
>  	SPECTRE_V2_USER_CMD_SECCOMP_IBPB,
>  };
>  
> +static enum spectre_v2_user_mitigation_cmd spectre_v2_user_cmd __ro_after_init =
> +	SPECTRE_V2_USER_CMD_AUTO;
> +
>  static const char * const spectre_v2_user_strings[] = {
>  	[SPECTRE_V2_USER_NONE]			= "User space: Vulnerable",
>  	[SPECTRE_V2_USER_STRICT]		= "User space: Mitigation: STIBP protection",
> @@ -1847,50 +1850,45 @@ static const char * const spectre_v2_user_strings[] = {
>  	[SPECTRE_V2_USER_SECCOMP]		= "User space: Mitigation: STIBP via seccomp and prctl",
>  };
>  
> -static const struct {
> -	const char			*option;
> -	enum spectre_v2_user_cmd	cmd;
> -	bool				secure;
> -} v2_user_options[] __initconst = {
> -	{ "auto",		SPECTRE_V2_USER_CMD_AUTO,		false },
> -	{ "off",		SPECTRE_V2_USER_CMD_NONE,		false },
> -	{ "on",			SPECTRE_V2_USER_CMD_FORCE,		true  },
> -	{ "prctl",		SPECTRE_V2_USER_CMD_PRCTL,		false },
> -	{ "prctl,ibpb",		SPECTRE_V2_USER_CMD_PRCTL_IBPB,		false },
> -	{ "seccomp",		SPECTRE_V2_USER_CMD_SECCOMP,		false },
> -	{ "seccomp,ibpb",	SPECTRE_V2_USER_CMD_SECCOMP_IBPB,	false },
> -};
> -
>  static void __init spec_v2_user_print_cond(const char *reason, bool secure)
>  {
>  	if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
>  		pr_info("spectre_v2_user=%s forced on command line.\n", reason);
>  }
>  
> -static enum spectre_v2_user_cmd __init spectre_v2_parse_user_cmdline(void)
> +static int __init spectre_v2_parse_user_cmdline(char *str)
>  {
> -	char arg[20];
> -	int ret, i;
> +	if (!str)
> +		return -EINVAL;
>  
>  	if (!IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2))
>  		return SPECTRE_V2_USER_CMD_NONE;
>  
> -	ret = cmdline_find_option(boot_command_line, "spectre_v2_user",
> -				  arg, sizeof(arg));
> -	if (ret < 0)
> -		return SPECTRE_V2_USER_CMD_AUTO;
> +	if (!strcmp(str, "auto"))
> +		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_AUTO;
> +	else if (!strcmp(str, "off"))
> +		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_NONE;
> +	else if (!strcmp(str, "on"))
> +		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_FORCE;
> +	else if (!strcmp(str, "prctl"))
> +		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_PRCTL;
> +	else if (!strcmp(str, "prctl,ibpb"))
> +		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_PRCTL_IBPB;
> +	else if (!strcmp(str, "seccomp"))
> +		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_SECCOMP;
> +	else if (!strcmp(str, "seccomp,ibpb"))
> +		spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_SECCOMP_IBPB;
> +	else
> +		pr_err("Ignoring unknown spectre_v2_user option (%s).", str);

Should return from here? Otherwise, spec_v2_user_print_cond() will print
the unknown option as forced:

	pr_info("spectre_v2_user=%s forced on command line.\n", reason);

>  
> -	for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) {
> -		if (match_option(arg, ret, v2_user_options[i].option)) {
> -			spec_v2_user_print_cond(v2_user_options[i].option,
> -						v2_user_options[i].secure);
> -			return v2_user_options[i].cmd;
> -		}
> -	}
> +	if (spectre_v2_user_cmd == SPECTRE_V2_USER_CMD_FORCE)
> +		spec_v2_user_print_cond(str, true);
> +	else
> +		spec_v2_user_print_cond(str, false);

I don't see the need for spec_v2_user_print_cond(), should it be zapped?

And then just do:

	if (spectre_v2_user_cmd != SPECTRE_V2_USER_CMD_FORCE)
		pr_info("spectre_v2_user=%s forced on command line.\n", str);

I also feel that the original print is a bit confusing (code-wise), because
it prints "forced" when the user opts for anything other than
"on"(CMD_FORCE). I think the intent was to inform the user that a partially
secure option is chosen.

> -	pr_err("Unknown user space protection option (%s). Switching to default\n", arg);
> -	return SPECTRE_V2_USER_CMD_AUTO;
> +	return 0;
>  }

RE: [PATCH 1/3] x86/bugs: Use early_param for spectre_v2_user

[Kaplan, David]

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> Sent: Wednesday, August 13, 2025 10:20 PM
> To: Kaplan, David <David.Kaplan@amd.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>; Borislav Petkov <bp@alien8.de>; Peter
> Zijlstra <peterz@infradead.org>; Josh Poimboeuf <jpoimboe@kernel.org>; Ingo
> Molnar <mingo@redhat.com>; Dave Hansen <dave.hansen@linux.intel.com>;
> x86@kernel.org; H . Peter Anvin <hpa@zytor.com>; linux-kernel@vger.kernel.org
> Subject: Re: [PATCH 1/3] x86/bugs: Use early_param for spectre_v2_user
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Aug 11, 2025 at 09:26:57AM -0500, David Kaplan wrote:
> > Most of the mitigations in bugs.c use early_param to parse their command
> > line options.  Modify spectre_v2_user to use early_param for consistency.
> >
> > Signed-off-by: David Kaplan <david.kaplan@amd.com>
> > ---
> >  arch/x86/kernel/cpu/bugs.c | 62 ++++++++++++++++++--------------------
> >  1 file changed, 30 insertions(+), 32 deletions(-)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index b74bf937cd9f..6bfe199b9f3e 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -1829,7 +1829,7 @@ enum spectre_v2_mitigation_cmd {
> >
> >  static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =
> SPECTRE_V2_CMD_AUTO;
> >
> > -enum spectre_v2_user_cmd {
> > +enum spectre_v2_user_mitigation_cmd {
> >       SPECTRE_V2_USER_CMD_NONE,
> >       SPECTRE_V2_USER_CMD_AUTO,
> >       SPECTRE_V2_USER_CMD_FORCE,
> > @@ -1839,6 +1839,9 @@ enum spectre_v2_user_cmd {
> >       SPECTRE_V2_USER_CMD_SECCOMP_IBPB,
> >  };
> >
> > +static enum spectre_v2_user_mitigation_cmd spectre_v2_user_cmd
> __ro_after_init =
> > +     SPECTRE_V2_USER_CMD_AUTO;
> > +
> >  static const char * const spectre_v2_user_strings[] = {
> >       [SPECTRE_V2_USER_NONE]                  = "User space: Vulnerable",
> >       [SPECTRE_V2_USER_STRICT]                = "User space: Mitigation: STIBP
> protection",
> > @@ -1847,50 +1850,45 @@ static const char * const spectre_v2_user_strings[]
> = {
> >       [SPECTRE_V2_USER_SECCOMP]               = "User space: Mitigation:
> STIBP via seccomp and prctl",
> >  };
> >
> > -static const struct {
> > -     const char                      *option;
> > -     enum spectre_v2_user_cmd        cmd;
> > -     bool                            secure;
> > -} v2_user_options[] __initconst = {
> > -     { "auto",               SPECTRE_V2_USER_CMD_AUTO,               false },
> > -     { "off",                SPECTRE_V2_USER_CMD_NONE,               false },
> > -     { "on",                 SPECTRE_V2_USER_CMD_FORCE,              true  },
> > -     { "prctl",              SPECTRE_V2_USER_CMD_PRCTL,              false },
> > -     { "prctl,ibpb",         SPECTRE_V2_USER_CMD_PRCTL_IBPB,         false },
> > -     { "seccomp",            SPECTRE_V2_USER_CMD_SECCOMP,            false },
> > -     { "seccomp,ibpb",       SPECTRE_V2_USER_CMD_SECCOMP_IBPB,
> false },
> > -};
> > -
> >  static void __init spec_v2_user_print_cond(const char *reason, bool secure)
> >  {
> >       if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
> >               pr_info("spectre_v2_user=%s forced on command line.\n", reason);
> >  }
> >
> > -static enum spectre_v2_user_cmd __init spectre_v2_parse_user_cmdline(void)
> > +static int __init spectre_v2_parse_user_cmdline(char *str)
> >  {
> > -     char arg[20];
> > -     int ret, i;
> > +     if (!str)
> > +             return -EINVAL;
> >
> >       if (!IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2))
> >               return SPECTRE_V2_USER_CMD_NONE;
> >
> > -     ret = cmdline_find_option(boot_command_line, "spectre_v2_user",
> > -                               arg, sizeof(arg));
> > -     if (ret < 0)
> > -             return SPECTRE_V2_USER_CMD_AUTO;
> > +     if (!strcmp(str, "auto"))
> > +             spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_AUTO;
> > +     else if (!strcmp(str, "off"))
> > +             spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_NONE;
> > +     else if (!strcmp(str, "on"))
> > +             spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_FORCE;
> > +     else if (!strcmp(str, "prctl"))
> > +             spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_PRCTL;
> > +     else if (!strcmp(str, "prctl,ibpb"))
> > +             spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_PRCTL_IBPB;
> > +     else if (!strcmp(str, "seccomp"))
> > +             spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_SECCOMP;
> > +     else if (!strcmp(str, "seccomp,ibpb"))
> > +             spectre_v2_user_cmd =
> SPECTRE_V2_USER_CMD_SECCOMP_IBPB;
> > +     else
> > +             pr_err("Ignoring unknown spectre_v2_user option (%s).", str);
>
> Should return from here? Otherwise, spec_v2_user_print_cond() will print
> the unknown option as forced:

Yes, good point.

>
>         pr_info("spectre_v2_user=%s forced on command line.\n", reason);
>
> >
> > -     for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) {
> > -             if (match_option(arg, ret, v2_user_options[i].option)) {
> > -                     spec_v2_user_print_cond(v2_user_options[i].option,
> > -                                             v2_user_options[i].secure);
> > -                     return v2_user_options[i].cmd;
> > -             }
> > -     }
> > +     if (spectre_v2_user_cmd == SPECTRE_V2_USER_CMD_FORCE)
> > +             spec_v2_user_print_cond(str, true);
> > +     else
> > +             spec_v2_user_print_cond(str, false);
>
> I don't see the need for spec_v2_user_print_cond(), should it be zapped?
>
> And then just do:
>
>         if (spectre_v2_user_cmd != SPECTRE_V2_USER_CMD_FORCE)
>                 pr_info("spectre_v2_user=%s forced on command line.\n", str);
>
> I also feel that the original print is a bit confusing (code-wise), because
> it prints "forced" when the user opts for anything other than
> "on"(CMD_FORCE). I think the intent was to inform the user that a partially
> secure option is chosen.
>

I found that function confusing as well.  None of the other bugs print a message just because you selected some command line option.  Nor do they even print a message if you force a bug on (like indirect_target_selection=force) explicitly.

The fact is that we already print the selected mitigation at the end of update_mitigation function (like we do for all the bugs).  I'm not sure why informing the user about the cmdline option they picked is of any value.

So I also would prefer to just eliminate the function entirely unless there are objections.

--David Kaplan

Re: [PATCH 2/3] x86/bugs: Use early_param for spectre_v2

[Pawan Gupta]

On Mon, Aug 11, 2025 at 09:26:58AM -0500, David Kaplan wrote:
> Most of the mitigations in bugs.c use early_param for command line parsing.
> Rework the spectre_v2 and nospectre_v2 command line options to be
> consistent with the others.
> 
> Signed-off-by: David Kaplan <david.kaplan@amd.com>
> ---
>  arch/x86/kernel/cpu/bugs.c | 151 +++++++++++++++++++------------------
>  1 file changed, 78 insertions(+), 73 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 6bfe199b9f3e..19a3891953c3 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -1827,7 +1827,8 @@ enum spectre_v2_mitigation_cmd {
>  	SPECTRE_V2_CMD_IBRS,
>  };
>  
> -static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init = SPECTRE_V2_CMD_AUTO;
> +static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =
> +	IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
>  
>  enum spectre_v2_user_mitigation_cmd {
>  	SPECTRE_V2_USER_CMD_NONE,
> @@ -2035,112 +2036,118 @@ static const char * const spectre_v2_strings[] = {
>  	[SPECTRE_V2_IBRS]			= "Mitigation: IBRS",
>  };
>  
> -static const struct {
> -	const char *option;
> -	enum spectre_v2_mitigation_cmd cmd;
> -	bool secure;
> -} mitigation_options[] __initconst = {
> -	{ "off",		SPECTRE_V2_CMD_NONE,		  false },
> -	{ "on",			SPECTRE_V2_CMD_FORCE,		  true  },
> -	{ "retpoline",		SPECTRE_V2_CMD_RETPOLINE,	  false },
> -	{ "retpoline,amd",	SPECTRE_V2_CMD_RETPOLINE_LFENCE,  false },
> -	{ "retpoline,lfence",	SPECTRE_V2_CMD_RETPOLINE_LFENCE,  false },
> -	{ "retpoline,generic",	SPECTRE_V2_CMD_RETPOLINE_GENERIC, false },
> -	{ "eibrs",		SPECTRE_V2_CMD_EIBRS,		  false },
> -	{ "eibrs,lfence",	SPECTRE_V2_CMD_EIBRS_LFENCE,	  false },
> -	{ "eibrs,retpoline",	SPECTRE_V2_CMD_EIBRS_RETPOLINE,	  false },
> -	{ "auto",		SPECTRE_V2_CMD_AUTO,		  false },
> -	{ "ibrs",		SPECTRE_V2_CMD_IBRS,              false },
> -};
> -
>  static void __init spec_v2_print_cond(const char *reason, bool secure)
>  {
>  	if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
>  		pr_info("%s selected on command line.\n", reason);
>  }
>  
> -static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
> -{
> -	enum spectre_v2_mitigation_cmd cmd;
> -	char arg[20];
> -	int ret, i;
> +static bool nospectre_v2 __ro_after_init;
>  
> -	cmd = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ?  SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
> -	if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
> -		return SPECTRE_V2_CMD_NONE;
> +static int __init nospectre_v2_parse_cmdline(char *str)
> +{
> +	nospectre_v2 = true;
> +	spectre_v2_cmd = SPECTRE_V2_CMD_NONE;
> +	return 0;
> +}
> +early_param("nospectre_v2", nospectre_v2_parse_cmdline);
>  
> -	ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
> -	if (ret < 0)
> -		return cmd;
> +static int __init spectre_v2_parse_cmdline(char *str)
> +{
> +	if (!str)
> +		return -EINVAL;
>  
> -	for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) {
> -		if (!match_option(arg, ret, mitigation_options[i].option))
> -			continue;
> -		cmd = mitigation_options[i].cmd;
> -		break;
> -	}
> +	if (nospectre_v2)
> +		return 0;
>  
> -	if (i >= ARRAY_SIZE(mitigation_options)) {
> -		pr_err("unknown option (%s). Switching to default mode\n", arg);
> -		return cmd;
> -	}
> +	if (!strcmp(str, "off"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_NONE;
> +	else if (!strcmp(str, "on"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_FORCE;
> +	else if (!strcmp(str, "retpoline"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE;
> +	else if (!strcmp(str, "retpoline,amd") ||
> +		 !strcmp(str, "retpoline,lfence"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE_LFENCE;
> +	else if (!strcmp(str, "retpoline,generic"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE_GENERIC;
> +	else if (!strcmp(str, "eibrs"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS;
> +	else if (!strcmp(str, "eibrs,lfence"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS_LFENCE;
> +	else if (!strcmp(str, "eibrs,retpoline"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS_RETPOLINE;
> +	else if (!strcmp(str, "auto"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
> +	else if (!strcmp(str, "ibrs"))
> +		spectre_v2_cmd = SPECTRE_V2_CMD_IBRS;
> +	else
> +		pr_err("Ignoring unknown spectre_v2 option (%s).", str);

All of the below should go in spectre_v2_select_mitigation() after all
features are detected because ...

> -	if ((cmd == SPECTRE_V2_CMD_RETPOLINE ||
> -	     cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
> -	     cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
> -	     cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
> -	     cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
> +	if ((spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE ||
> +	     spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
> +	     spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
> +	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
> +	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
>  	    !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) {
>  		pr_err("%s selected but not compiled in. Switching to AUTO select\n",
> -		       mitigation_options[i].option);
> -		return SPECTRE_V2_CMD_AUTO;
> +			str);
> +		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
>  	}
>  
> -	if ((cmd == SPECTRE_V2_CMD_EIBRS ||
> -	     cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
> -	     cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
> +	if ((spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS ||
> +	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
> +	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
>  	    !boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {

... X86_FEATURE_IBRS_ENHANCED is not enumerated yet in early_param processing.

>  		pr_err("%s selected but CPU doesn't have Enhanced or Automatic IBRS. Switching to AUTO select\n",
> -		       mitigation_options[i].option);
> -		return SPECTRE_V2_CMD_AUTO;
> +		       str);
> +		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
>  	}
>  
> -	if ((cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
> -	     cmd == SPECTRE_V2_CMD_EIBRS_LFENCE) &&
> +	if ((spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
> +	     spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE) &&
>  	    !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {

and this. So in essence, spectre_v2_parse_cmdline() should only record what
user wanted.

>  		pr_err("%s selected, but CPU doesn't have a serializing LFENCE. Switching to AUTO select\n",
> -		       mitigation_options[i].option);
> -		return SPECTRE_V2_CMD_AUTO;
> +		       str);
> +		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
>  	}
>  
> -	if (cmd == SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY)) {
> +	if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY)) {
>  		pr_err("%s selected but not compiled in. Switching to AUTO select\n",
> -		       mitigation_options[i].option);
> -		return SPECTRE_V2_CMD_AUTO;
> +		       str);
> +		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
>  	}
>  
> -	if (cmd == SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) {
> +	if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) {
>  		pr_err("%s selected but not Intel CPU. Switching to AUTO select\n",
> -		       mitigation_options[i].option);
> -		return SPECTRE_V2_CMD_AUTO;
> +		       str);
> +		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
>  	}
>  
> -	if (cmd == SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATURE_IBRS)) {
> +	if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATURE_IBRS)) {
>  		pr_err("%s selected but CPU doesn't have IBRS. Switching to AUTO select\n",
> -		       mitigation_options[i].option);
> -		return SPECTRE_V2_CMD_AUTO;
> +		       str);
> +		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
>  	}
>  
> -	if (cmd == SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_FEATURE_XENPV)) {
> +	if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_FEATURE_XENPV)) {
>  		pr_err("%s selected but running as XenPV guest. Switching to AUTO select\n",
> -		       mitigation_options[i].option);
> -		return SPECTRE_V2_CMD_AUTO;
> +		       str);
> +		spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
>  	}
>  
> -	spec_v2_print_cond(mitigation_options[i].option,
> -			   mitigation_options[i].secure);
> -	return cmd;
> +	/* Print a warning if forcing an option.  AUTO is not forcing. */
> +	if (spectre_v2_cmd == SPECTRE_V2_CMD_AUTO)
> +		return 0;
> +
> +	if (spectre_v2_cmd == SPECTRE_V2_CMD_FORCE)
> +		spec_v2_print_cond(str, true);
> +	else
> +		spec_v2_print_cond(str, false);
> +
> +	return 0;
>  }
> +early_param("spectre_v2", spectre_v2_parse_cmdline);

RE: [PATCH 2/3] x86/bugs: Use early_param for spectre_v2

[Kaplan, David]

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> Sent: Thursday, August 14, 2025 11:55 AM
> To: Kaplan, David <David.Kaplan@amd.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>; Borislav Petkov <bp@alien8.de>; Peter
> Zijlstra <peterz@infradead.org>; Josh Poimboeuf <jpoimboe@kernel.org>; Ingo
> Molnar <mingo@redhat.com>; Dave Hansen <dave.hansen@linux.intel.com>;
> x86@kernel.org; H . Peter Anvin <hpa@zytor.com>; linux-kernel@vger.kernel.org
> Subject: Re: [PATCH 2/3] x86/bugs: Use early_param for spectre_v2
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Aug 11, 2025 at 09:26:58AM -0500, David Kaplan wrote:
> > Most of the mitigations in bugs.c use early_param for command line parsing.
> > Rework the spectre_v2 and nospectre_v2 command line options to be
> > consistent with the others.
> >
> > Signed-off-by: David Kaplan <david.kaplan@amd.com>
> > ---
> >  arch/x86/kernel/cpu/bugs.c | 151 +++++++++++++++++++------------------
> >  1 file changed, 78 insertions(+), 73 deletions(-)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 6bfe199b9f3e..19a3891953c3 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -1827,7 +1827,8 @@ enum spectre_v2_mitigation_cmd {
> >       SPECTRE_V2_CMD_IBRS,
> >  };
> >
> > -static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =
> SPECTRE_V2_CMD_AUTO;
> > +static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =
> > +     IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ?
> SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
> >
> >  enum spectre_v2_user_mitigation_cmd {
> >       SPECTRE_V2_USER_CMD_NONE,
> > @@ -2035,112 +2036,118 @@ static const char * const spectre_v2_strings[] = {
> >       [SPECTRE_V2_IBRS]                       = "Mitigation: IBRS",
> >  };
> >
> > -static const struct {
> > -     const char *option;
> > -     enum spectre_v2_mitigation_cmd cmd;
> > -     bool secure;
> > -} mitigation_options[] __initconst = {
> > -     { "off",                SPECTRE_V2_CMD_NONE,              false },
> > -     { "on",                 SPECTRE_V2_CMD_FORCE,             true  },
> > -     { "retpoline",          SPECTRE_V2_CMD_RETPOLINE,         false },
> > -     { "retpoline,amd",      SPECTRE_V2_CMD_RETPOLINE_LFENCE,  false },
> > -     { "retpoline,lfence",   SPECTRE_V2_CMD_RETPOLINE_LFENCE,  false },
> > -     { "retpoline,generic",  SPECTRE_V2_CMD_RETPOLINE_GENERIC, false },
> > -     { "eibrs",              SPECTRE_V2_CMD_EIBRS,             false },
> > -     { "eibrs,lfence",       SPECTRE_V2_CMD_EIBRS_LFENCE,      false },
> > -     { "eibrs,retpoline",    SPECTRE_V2_CMD_EIBRS_RETPOLINE,   false },
> > -     { "auto",               SPECTRE_V2_CMD_AUTO,              false },
> > -     { "ibrs",               SPECTRE_V2_CMD_IBRS,              false },
> > -};
> > -
> >  static void __init spec_v2_print_cond(const char *reason, bool secure)
> >  {
> >       if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
> >               pr_info("%s selected on command line.\n", reason);
> >  }
> >
> > -static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
> > -{
> > -     enum spectre_v2_mitigation_cmd cmd;
> > -     char arg[20];
> > -     int ret, i;
> > +static bool nospectre_v2 __ro_after_init;
> >
> > -     cmd = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ?
> SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
> > -     if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
> > -             return SPECTRE_V2_CMD_NONE;
> > +static int __init nospectre_v2_parse_cmdline(char *str)
> > +{
> > +     nospectre_v2 = true;
> > +     spectre_v2_cmd = SPECTRE_V2_CMD_NONE;
> > +     return 0;
> > +}
> > +early_param("nospectre_v2", nospectre_v2_parse_cmdline);
> >
> > -     ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
> > -     if (ret < 0)
> > -             return cmd;
> > +static int __init spectre_v2_parse_cmdline(char *str)
> > +{
> > +     if (!str)
> > +             return -EINVAL;
> >
> > -     for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) {
> > -             if (!match_option(arg, ret, mitigation_options[i].option))
> > -                     continue;
> > -             cmd = mitigation_options[i].cmd;
> > -             break;
> > -     }
> > +     if (nospectre_v2)
> > +             return 0;
> >
> > -     if (i >= ARRAY_SIZE(mitigation_options)) {
> > -             pr_err("unknown option (%s). Switching to default mode\n", arg);
> > -             return cmd;
> > -     }
> > +     if (!strcmp(str, "off"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_NONE;
> > +     else if (!strcmp(str, "on"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_FORCE;
> > +     else if (!strcmp(str, "retpoline"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE;
> > +     else if (!strcmp(str, "retpoline,amd") ||
> > +              !strcmp(str, "retpoline,lfence"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE_LFENCE;
> > +     else if (!strcmp(str, "retpoline,generic"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE_GENERIC;
> > +     else if (!strcmp(str, "eibrs"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS;
> > +     else if (!strcmp(str, "eibrs,lfence"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS_LFENCE;
> > +     else if (!strcmp(str, "eibrs,retpoline"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS_RETPOLINE;
> > +     else if (!strcmp(str, "auto"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
> > +     else if (!strcmp(str, "ibrs"))
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_IBRS;
> > +     else
> > +             pr_err("Ignoring unknown spectre_v2 option (%s).", str);
>
> All of the below should go in spectre_v2_select_mitigation() after all
> features are detected because ...
>
> > -     if ((cmd == SPECTRE_V2_CMD_RETPOLINE ||
> > -          cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
> > -          cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
> > -          cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
> > -          cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
> > +     if ((spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE ||
> > +          spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
> > +          spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
> > +          spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
> > +          spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
> >           !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) {
> >               pr_err("%s selected but not compiled in. Switching to AUTO select\n",
> > -                    mitigation_options[i].option);
> > -             return SPECTRE_V2_CMD_AUTO;
> > +                     str);
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
> >       }
> >
> > -     if ((cmd == SPECTRE_V2_CMD_EIBRS ||
> > -          cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
> > -          cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
> > +     if ((spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS ||
> > +          spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
> > +          spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
> >           !boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {
>
> ... X86_FEATURE_IBRS_ENHANCED is not enumerated yet in early_param
> processing.

Ah, thanks for catching that.

>
> >               pr_err("%s selected but CPU doesn't have Enhanced or Automatic IBRS.
> Switching to AUTO select\n",
> > -                    mitigation_options[i].option);
> > -             return SPECTRE_V2_CMD_AUTO;
> > +                    str);
> > +             spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
> >       }
> >
> > -     if ((cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
> > -          cmd == SPECTRE_V2_CMD_EIBRS_LFENCE) &&
> > +     if ((spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
> > +          spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE) &&
> >           !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {
>
> and this. So in essence, spectre_v2_parse_cmdline() should only record what
> user wanted.

Yeah makes sense, I'll work on fixing that.

--David Kaplan

Re: [PATCH 3/3] x86/bugs: Simplify SSB cmdline parsing

[Pawan Gupta]

On Mon, Aug 11, 2025 at 09:26:59AM -0500, David Kaplan wrote:
> Simplify the SSB command line parsing by selecting a mitigation directly,
> as is done in most of the simpler vulnerabilities.  Use early_param instead
> of cmdline_find_option for consistency with the other mitigation
> selections.
> 
> Signed-off-by: David Kaplan <david.kaplan@amd.com>
> ---
>  arch/x86/kernel/cpu/bugs.c | 118 ++++++++++++-------------------------
>  1 file changed, 39 insertions(+), 79 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 19a3891953c3..3766dff9a699 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -2625,16 +2625,8 @@ void cpu_bugs_smt_update(void)
>  #undef pr_fmt
>  #define pr_fmt(fmt)	"Speculative Store Bypass: " fmt
>  
> -static enum ssb_mitigation ssb_mode __ro_after_init = SPEC_STORE_BYPASS_NONE;
> -
> -/* The kernel command line selection */
> -enum ssb_mitigation_cmd {
> -	SPEC_STORE_BYPASS_CMD_NONE,
> -	SPEC_STORE_BYPASS_CMD_AUTO,
> -	SPEC_STORE_BYPASS_CMD_ON,
> -	SPEC_STORE_BYPASS_CMD_PRCTL,
> -	SPEC_STORE_BYPASS_CMD_SECCOMP,
> -};
> +static enum ssb_mitigation ssb_mode __ro_after_init =
> +	IS_ENABLED(CONFIG_MITIGATION_SSB) ? SPEC_STORE_BYPASS_PRCTL : SPEC_STORE_BYPASS_NONE;

Other mitigations default to "AUTO", but not this one. Isn't that something
that attack-vector controls rely on?

RE: [PATCH 3/3] x86/bugs: Simplify SSB cmdline parsing

[Kaplan, David]

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> Sent: Monday, August 18, 2025 12:42 PM
> To: Kaplan, David <David.Kaplan@amd.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>; Borislav Petkov <bp@alien8.de>; Peter
> Zijlstra <peterz@infradead.org>; Josh Poimboeuf <jpoimboe@kernel.org>; Ingo
> Molnar <mingo@redhat.com>; Dave Hansen <dave.hansen@linux.intel.com>;
> x86@kernel.org; H . Peter Anvin <hpa@zytor.com>; linux-kernel@vger.kernel.org
> Subject: Re: [PATCH 3/3] x86/bugs: Simplify SSB cmdline parsing
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Aug 11, 2025 at 09:26:59AM -0500, David Kaplan wrote:
> > Simplify the SSB command line parsing by selecting a mitigation directly,
> > as is done in most of the simpler vulnerabilities.  Use early_param instead
> > of cmdline_find_option for consistency with the other mitigation
> > selections.
> >
> > Signed-off-by: David Kaplan <david.kaplan@amd.com>
> > ---
> >  arch/x86/kernel/cpu/bugs.c | 118 ++++++++++++-------------------------
> >  1 file changed, 39 insertions(+), 79 deletions(-)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 19a3891953c3..3766dff9a699 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -2625,16 +2625,8 @@ void cpu_bugs_smt_update(void)
> >  #undef pr_fmt
> >  #define pr_fmt(fmt)  "Speculative Store Bypass: " fmt
> >
> > -static enum ssb_mitigation ssb_mode __ro_after_init =
> SPEC_STORE_BYPASS_NONE;
> > -
> > -/* The kernel command line selection */
> > -enum ssb_mitigation_cmd {
> > -     SPEC_STORE_BYPASS_CMD_NONE,
> > -     SPEC_STORE_BYPASS_CMD_AUTO,
> > -     SPEC_STORE_BYPASS_CMD_ON,
> > -     SPEC_STORE_BYPASS_CMD_PRCTL,
> > -     SPEC_STORE_BYPASS_CMD_SECCOMP,
> > -};
> > +static enum ssb_mitigation ssb_mode __ro_after_init =
> > +     IS_ENABLED(CONFIG_MITIGATION_SSB) ?
> SPEC_STORE_BYPASS_PRCTL : SPEC_STORE_BYPASS_NONE;
>
> Other mitigations default to "AUTO", but not this one. Isn't that something
> that attack-vector controls rely on?

I hadn't modified SSB in the initial attack vector series because SSB mitigation was never actually turned on (set to SPEC_STORE_BYPASS_DISABLE) by default.  The default option requires applications to opt-in to mitigation.

However this probably could be done better by saying that ssb defaults to SPEC_STORE_BYPASS_PRCTL if the user->user vector is enabled...and otherwise it is SPEC_STORE_BYPASS_NONE, since the default ssb mitigation is only for applications that want to protect themselves.

I can do that in a separate patch in this series after this clean-up patch if that sounds reasonable.

Thanks
--David Kaplan

Re: [PATCH 3/3] x86/bugs: Simplify SSB cmdline parsing

[Pawan Gupta]

On Mon, Aug 18, 2025 at 05:55:35PM +0000, Kaplan, David wrote:
> [AMD Official Use Only - AMD Internal Distribution Only]
> 
> > -----Original Message-----
> > From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> > Sent: Monday, August 18, 2025 12:42 PM
> > To: Kaplan, David <David.Kaplan@amd.com>
> > Cc: Thomas Gleixner <tglx@linutronix.de>; Borislav Petkov <bp@alien8.de>; Peter
> > Zijlstra <peterz@infradead.org>; Josh Poimboeuf <jpoimboe@kernel.org>; Ingo
> > Molnar <mingo@redhat.com>; Dave Hansen <dave.hansen@linux.intel.com>;
> > x86@kernel.org; H . Peter Anvin <hpa@zytor.com>; linux-kernel@vger.kernel.org
> > Subject: Re: [PATCH 3/3] x86/bugs: Simplify SSB cmdline parsing
> >
> > Caution: This message originated from an External Source. Use proper caution
> > when opening attachments, clicking links, or responding.
> >
> >
> > On Mon, Aug 11, 2025 at 09:26:59AM -0500, David Kaplan wrote:
> > > Simplify the SSB command line parsing by selecting a mitigation directly,
> > > as is done in most of the simpler vulnerabilities.  Use early_param instead
> > > of cmdline_find_option for consistency with the other mitigation
> > > selections.
> > >
> > > Signed-off-by: David Kaplan <david.kaplan@amd.com>
> > > ---
> > >  arch/x86/kernel/cpu/bugs.c | 118 ++++++++++++-------------------------
> > >  1 file changed, 39 insertions(+), 79 deletions(-)
> > >
> > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > > index 19a3891953c3..3766dff9a699 100644
> > > --- a/arch/x86/kernel/cpu/bugs.c
> > > +++ b/arch/x86/kernel/cpu/bugs.c
> > > @@ -2625,16 +2625,8 @@ void cpu_bugs_smt_update(void)
> > >  #undef pr_fmt
> > >  #define pr_fmt(fmt)  "Speculative Store Bypass: " fmt
> > >
> > > -static enum ssb_mitigation ssb_mode __ro_after_init =
> > SPEC_STORE_BYPASS_NONE;
> > > -
> > > -/* The kernel command line selection */
> > > -enum ssb_mitigation_cmd {
> > > -     SPEC_STORE_BYPASS_CMD_NONE,
> > > -     SPEC_STORE_BYPASS_CMD_AUTO,
> > > -     SPEC_STORE_BYPASS_CMD_ON,
> > > -     SPEC_STORE_BYPASS_CMD_PRCTL,
> > > -     SPEC_STORE_BYPASS_CMD_SECCOMP,
> > > -};
> > > +static enum ssb_mitigation ssb_mode __ro_after_init =
> > > +     IS_ENABLED(CONFIG_MITIGATION_SSB) ?
> > SPEC_STORE_BYPASS_PRCTL : SPEC_STORE_BYPASS_NONE;
> >
> > Other mitigations default to "AUTO", but not this one. Isn't that something
> > that attack-vector controls rely on?
> 
> I hadn't modified SSB in the initial attack vector series because SSB
> mitigation was never actually turned on (set to
> SPEC_STORE_BYPASS_DISABLE) by default.  The default option requires
> applications to opt-in to mitigation.

I think of it as mitigation being conditionally enabled (for applications
opting in).

> However this probably could be done better by saying that ssb defaults to
> SPEC_STORE_BYPASS_PRCTL if the user->user vector is enabled...and
> otherwise it is SPEC_STORE_BYPASS_NONE, since the default ssb mitigation
> is only for applications that want to protect themselves.
>
> I can do that in a separate patch in this series after this clean-up
> patch if that sounds reasonable.

Sounds good to me. Thanks.