[PATCH] x86: Kill some chicken bits

[PATCH] x86: Kill some chicken bits

[Borislav Petkov]

From: Borislav Petkov <bp@suse.de>

Those were added as, well, chicken bits in case some of those features
are b0rked and as a way for us to "chicken" out and disable them. Remove
those chicken bits now, as they're not needed anymore.

Requested-by: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
---
 Documentation/kernel-parameters.txt | 10 ----------
 arch/x86/kernel/cpu/common.c        | 22 ----------------------
 2 files changed, 32 deletions(-)

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 22a4b687ea5b..0448d63e3269 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2362,8 +2362,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 
 	nocache		[ARM]
 
-	noclflush	[BUGS=X86] Don't use the CLFLUSH instruction
-
 	nodelayacct	[KNL] Disable per-task delay accounting
 
 	nodisconnect	[HW,SCSI,M68K] Disables SCSI disconnects.
@@ -2379,14 +2377,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 			noexec=on: enable non-executable mappings (default)
 			noexec=off: disable non-executable mappings
 
-	nosmap		[X86]
-			Disable SMAP (Supervisor Mode Access Prevention)
-			even if it is supported by processor.
-
-	nosmep		[X86]
-			Disable SMEP (Supervisor Mode Execution Prevention)
-			even if it is supported by processor.
-
 	noexec32	[X86-64]
 			This affects only 32-bit executables.
 			noexec32=on: enable non-executable mappings (default)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index de22ea7ff82f..610c84379d87 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -251,26 +251,12 @@ static inline void squash_the_stupid_serial_number(struct cpuinfo_x86 *c)
 }
 #endif
 
-static __init int setup_disable_smep(char *arg)
-{
-	setup_clear_cpu_cap(X86_FEATURE_SMEP);
-	return 1;
-}
-__setup("nosmep", setup_disable_smep);
-
 static __always_inline void setup_smep(struct cpuinfo_x86 *c)
 {
 	if (cpu_has(c, X86_FEATURE_SMEP))
 		cr4_set_bits(X86_CR4_SMEP);
 }
 
-static __init int setup_disable_smap(char *arg)
-{
-	setup_clear_cpu_cap(X86_FEATURE_SMAP);
-	return 1;
-}
-__setup("nosmap", setup_disable_smap);
-
 static __always_inline void setup_smap(struct cpuinfo_x86 *c)
 {
 	unsigned long eflags;
@@ -1083,14 +1069,6 @@ static __init int setup_show_msr(char *arg)
 }
 __setup("show_msr=", setup_show_msr);
 
-static __init int setup_noclflush(char *arg)
-{
-	setup_clear_cpu_cap(X86_FEATURE_CLFLUSH);
-	setup_clear_cpu_cap(X86_FEATURE_CLFLUSHOPT);
-	return 1;
-}
-__setup("noclflush", setup_noclflush);
-
 void print_cpu_info(struct cpuinfo_x86 *c)
 {
 	const char *vendor = NULL;
-- 
2.3.5

Re: [PATCH] x86: Kill some chicken bits

[H. Peter Anvin]

On October 20, 2015 9:33:30 AM PDT, Borislav Petkov <bp@alien8.de> wrote:
>From: Borislav Petkov <bp@suse.de>
>
>Those were added as, well, chicken bits in case some of those features
>are b0rked and as a way for us to "chicken" out and disable them.
>Remove
>those chicken bits now, as they're not needed anymore.
>
>Requested-by: "H. Peter Anvin" <hpa@zytor.com>
>Signed-off-by: Borislav Petkov <bp@suse.de>
>---
> Documentation/kernel-parameters.txt | 10 ----------
> arch/x86/kernel/cpu/common.c        | 22 ----------------------
> 2 files changed, 32 deletions(-)
>
>diff --git a/Documentation/kernel-parameters.txt
>b/Documentation/kernel-parameters.txt
>index 22a4b687ea5b..0448d63e3269 100644
>--- a/Documentation/kernel-parameters.txt
>+++ b/Documentation/kernel-parameters.txt
>@@ -2362,8 +2362,6 @@ bytes respectively. Such letter suffixes can also
>be entirely omitted.
> 
> 	nocache		[ARM]
> 
>-	noclflush	[BUGS=X86] Don't use the CLFLUSH instruction
>-
> 	nodelayacct	[KNL] Disable per-task delay accounting
> 
> 	nodisconnect	[HW,SCSI,M68K] Disables SCSI disconnects.
>@@ -2379,14 +2377,6 @@ bytes respectively. Such letter suffixes can
>also be entirely omitted.
> 			noexec=on: enable non-executable mappings (default)
> 			noexec=off: disable non-executable mappings
> 
>-	nosmap		[X86]
>-			Disable SMAP (Supervisor Mode Access Prevention)
>-			even if it is supported by processor.
>-
>-	nosmep		[X86]
>-			Disable SMEP (Supervisor Mode Execution Prevention)
>-			even if it is supported by processor.
>-
> 	noexec32	[X86-64]
> 			This affects only 32-bit executables.
> 			noexec32=on: enable non-executable mappings (default)
>diff --git a/arch/x86/kernel/cpu/common.c
>b/arch/x86/kernel/cpu/common.c
>index de22ea7ff82f..610c84379d87 100644
>--- a/arch/x86/kernel/cpu/common.c
>+++ b/arch/x86/kernel/cpu/common.c
>@@ -251,26 +251,12 @@ static inline void
>squash_the_stupid_serial_number(struct cpuinfo_x86 *c)
> }
> #endif
> 
>-static __init int setup_disable_smep(char *arg)
>-{
>-	setup_clear_cpu_cap(X86_FEATURE_SMEP);
>-	return 1;
>-}
>-__setup("nosmep", setup_disable_smep);
>-
> static __always_inline void setup_smep(struct cpuinfo_x86 *c)
> {
> 	if (cpu_has(c, X86_FEATURE_SMEP))
> 		cr4_set_bits(X86_CR4_SMEP);
> }
> 
>-static __init int setup_disable_smap(char *arg)
>-{
>-	setup_clear_cpu_cap(X86_FEATURE_SMAP);
>-	return 1;
>-}
>-__setup("nosmap", setup_disable_smap);
>-
> static __always_inline void setup_smap(struct cpuinfo_x86 *c)
> {
> 	unsigned long eflags;
>@@ -1083,14 +1069,6 @@ static __init int setup_show_msr(char *arg)
> }
> __setup("show_msr=", setup_show_msr);
> 
>-static __init int setup_noclflush(char *arg)
>-{
>-	setup_clear_cpu_cap(X86_FEATURE_CLFLUSH);
>-	setup_clear_cpu_cap(X86_FEATURE_CLFLUSHOPT);
>-	return 1;
>-}
>-__setup("noclflush", setup_noclflush);
>-
> void print_cpu_info(struct cpuinfo_x86 *c)
> {
> 	const char *vendor = NULL;

I would like to keep nosmap until SMAP hardware is more ubiquitous since SMAP is vulnerable to kernel bugs.  We have already had a case where a maintainer pushed "cleanup" code straight to Linus, bypassing the x86 maintainers, which broke booting on SMAP hardware.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [PATCH] x86: Kill some chicken bits

[Borislav Petkov]

On Tue, Oct 20, 2015 at 09:58:18AM -0700, H. Peter Anvin wrote:
> I would like to keep nosmap until SMAP hardware is more ubiquitous
> since SMAP is vulnerable to kernel bugs. We have already had a case
> where a maintainer pushed "cleanup" code straight to Linus, bypassing
> the x86 maintainers, which broke booting on SMAP hardware.

Right, so the thought came to my mind while going through those, that we
don't really know what they're going to be good for and what we're going
to need them for in the future. So maybe we want to keep them after all
- you never know.

For example, luto made me use "nosep" recently even though that's an
ancient chicken bit.

So maybe we want to not remove them ever - the cleanup win is not that
great to even care...

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.

Re: [PATCH] x86: Kill some chicken bits

[H. Peter Anvin]

On 10/20/2015 10:04 AM, Borislav Petkov wrote:
> On Tue, Oct 20, 2015 at 09:58:18AM -0700, H. Peter Anvin wrote:
>> I would like to keep nosmap until SMAP hardware is more ubiquitous
>> since SMAP is vulnerable to kernel bugs. We have already had a case
>> where a maintainer pushed "cleanup" code straight to Linus, bypassing
>> the x86 maintainers, which broke booting on SMAP hardware.
> 
> Right, so the thought came to my mind while going through those, that we
> don't really know what they're going to be good for and what we're going
> to need them for in the future. So maybe we want to keep them after all
> - you never know.
> 
> For example, luto made me use "nosep" recently even though that's an
> ancient chicken bit.
> 
> So maybe we want to not remove them ever - the cleanup win is not that
> great to even care...
> 

Some chicken bits may be better than others, though.

	-hpa