diff mbox series

[v5,01/10] arm64: Provide a command line to disable spectre_v2 mitigation

Message ID 20190227010544.597579-2-jeremy.linton@arm.com (mailing list archive)
State New, archived
Headers show
Series arm64: add system vulnerability sysfs entries | expand

Commit Message

Jeremy Linton Feb. 27, 2019, 1:05 a.m. UTC 
There are various reasons, including bencmarking, to disable spectrev2
mitigation on a machine. Provide a command-line to do so.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: linux-doc@vger.kernel.org
---
 Documentation/admin-guide/kernel-parameters.txt |  8 ++++----
 arch/arm64/kernel/cpu_errata.c                  | 13 +++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

Comments

Suzuki K Poulose Feb. 28, 2019, 6:14 p.m. UTC | #1 
Hi Jeremy

On 27/02/2019 01:05, Jeremy Linton wrote:
> There are various reasons, including bencmarking, to disable spectrev2
> mitigation on a machine. Provide a command-line to do so.
> 
> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
> Cc: Jonathan Corbet <corbet@lwn.net>
> Cc: linux-doc@vger.kernel.org


> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> index 9950bb0cbd52..d2b2c69d31bb 100644
> --- a/arch/arm64/kernel/cpu_errata.c
> +++ b/arch/arm64/kernel/cpu_errata.c
> @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
>   		     : "=&r" (tmp));
>   }
>   
> +static bool __nospectre_v2;
> +static int __init parse_nospectre_v2(char *str)
> +{
> +	__nospectre_v2 = true;
> +	return 0;
> +}
> +early_param("nospectre_v2", parse_nospectre_v2);
> +
>   static void
>   enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
>   {
> @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
>   	if (!entry->matches(entry, SCOPE_LOCAL_CPU))
>   		return;
>   
> +	if (__nospectre_v2) {
> +		pr_info_once("spectrev2 mitigation disabled by command line option\n");
> +		return;
> +	}
> +

Could we not disable the "cap" altogether instead, rather than disabling the
work around ? Or do we need that information ?

Cheers
Suzuki
Catalin Marinas Feb. 28, 2019, 6:21 p.m. UTC | #2 
On Thu, Feb 28, 2019 at 06:14:34PM +0000, Suzuki K Poulose wrote:
> On 27/02/2019 01:05, Jeremy Linton wrote:
> > There are various reasons, including bencmarking, to disable spectrev2
> > mitigation on a machine. Provide a command-line to do so.
> > 
> > Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
> > Cc: Jonathan Corbet <corbet@lwn.net>
> > Cc: linux-doc@vger.kernel.org
> 
> 
> > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> > index 9950bb0cbd52..d2b2c69d31bb 100644
> > --- a/arch/arm64/kernel/cpu_errata.c
> > +++ b/arch/arm64/kernel/cpu_errata.c
> > @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
> >   		     : "=&r" (tmp));
> >   }
> > +static bool __nospectre_v2;
> > +static int __init parse_nospectre_v2(char *str)
> > +{
> > +	__nospectre_v2 = true;
> > +	return 0;
> > +}
> > +early_param("nospectre_v2", parse_nospectre_v2);
> > +
> >   static void
> >   enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
> >   {
> > @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
> >   	if (!entry->matches(entry, SCOPE_LOCAL_CPU))
> >   		return;
> > +	if (__nospectre_v2) {
> > +		pr_info_once("spectrev2 mitigation disabled by command line option\n");
> > +		return;
> > +	}
> > +
> 
> Could we not disable the "cap" altogether instead, rather than disabling the
> work around ? Or do we need that information ?

There are a few ideas here but I think we settled on always reporting in
sysfs even if the mitigation is disabled in .config. So I guess we need
the "cap" around for the reporting part.
Suzuki K Poulose Feb. 28, 2019, 6:25 p.m. UTC | #3 
On 28/02/2019 18:21, Catalin Marinas wrote:
> On Thu, Feb 28, 2019 at 06:14:34PM +0000, Suzuki K Poulose wrote:
>> On 27/02/2019 01:05, Jeremy Linton wrote:
>>> There are various reasons, including bencmarking, to disable spectrev2
>>> mitigation on a machine. Provide a command-line to do so.
>>>
>>> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
>>> Cc: Jonathan Corbet <corbet@lwn.net>
>>> Cc: linux-doc@vger.kernel.org
>>
>>
>>> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
>>> index 9950bb0cbd52..d2b2c69d31bb 100644
>>> --- a/arch/arm64/kernel/cpu_errata.c
>>> +++ b/arch/arm64/kernel/cpu_errata.c
>>> @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
>>>    		     : "=&r" (tmp));
>>>    }
>>> +static bool __nospectre_v2;
>>> +static int __init parse_nospectre_v2(char *str)
>>> +{
>>> +	__nospectre_v2 = true;
>>> +	return 0;
>>> +}
>>> +early_param("nospectre_v2", parse_nospectre_v2);
>>> +
>>>    static void
>>>    enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
>>>    {
>>> @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
>>>    	if (!entry->matches(entry, SCOPE_LOCAL_CPU))
>>>    		return;
>>> +	if (__nospectre_v2) {
>>> +		pr_info_once("spectrev2 mitigation disabled by command line option\n");
>>> +		return;
>>> +	}
>>> +
>>
>> Could we not disable the "cap" altogether instead, rather than disabling the
>> work around ? Or do we need that information ?
> 
> There are a few ideas here but I think we settled on always reporting in
> sysfs even if the mitigation is disabled in .config. So I guess we need
> the "cap" around for the reporting part.
> 

Thanks Catalin.

Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Andre Przywara March 1, 2019, 6:54 a.m. UTC | #4 
Hi,

On 2/26/19 7:05 PM, Jeremy Linton wrote:
> There are various reasons, including bencmarking, to disable spectrev2
> mitigation on a machine. Provide a command-line to do so.
> 
> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

Reviewed-by: Andre Przywara <andre.przywara@arm.com>

Cheers,
Andre.

> Cc: Jonathan Corbet <corbet@lwn.net>
> Cc: linux-doc@vger.kernel.org
> ---
>   Documentation/admin-guide/kernel-parameters.txt |  8 ++++----
>   arch/arm64/kernel/cpu_errata.c                  | 13 +++++++++++++
>   2 files changed, 17 insertions(+), 4 deletions(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 858b6c0b9a15..4d4d6a9537ae 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2842,10 +2842,10 @@
>   			check bypass). With this option data leaks are possible
>   			in the system.
>   
> -	nospectre_v2	[X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2
> -			(indirect branch prediction) vulnerability. System may
> -			allow data leaks with this option, which is equivalent
> -			to spectre_v2=off.
> +	nospectre_v2	[X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for
> +			the Spectre variant 2 (indirect branch prediction)
> +			vulnerability. System may allow data leaks with this
> +			option.
>   
>   	nospec_store_bypass_disable
>   			[HW] Disable all mitigations for the Speculative Store Bypass vulnerability
> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> index 9950bb0cbd52..d2b2c69d31bb 100644
> --- a/arch/arm64/kernel/cpu_errata.c
> +++ b/arch/arm64/kernel/cpu_errata.c
> @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
>   		     : "=&r" (tmp));
>   }
>   
> +static bool __nospectre_v2;
> +static int __init parse_nospectre_v2(char *str)
> +{
> +	__nospectre_v2 = true;
> +	return 0;
> +}
> +early_param("nospectre_v2", parse_nospectre_v2);
> +
>   static void
>   enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
>   {
> @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
>   	if (!entry->matches(entry, SCOPE_LOCAL_CPU))
>   		return;
>   
> +	if (__nospectre_v2) {
> +		pr_info_once("spectrev2 mitigation disabled by command line option\n");
> +		return;
> +	}
> +
>   	if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
>   		return;
>   
>
diff mbox series

Patch

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 858b6c0b9a15..4d4d6a9537ae 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2842,10 +2842,10 @@ 
 			check bypass). With this option data leaks are possible
 			in the system.
 
-	nospectre_v2	[X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2
-			(indirect branch prediction) vulnerability. System may
-			allow data leaks with this option, which is equivalent
-			to spectre_v2=off.
+	nospectre_v2	[X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for
+			the Spectre variant 2 (indirect branch prediction)
+			vulnerability. System may allow data leaks with this
+			option.
 
 	nospec_store_bypass_disable
 			[HW] Disable all mitigations for the Speculative Store Bypass vulnerability
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 9950bb0cbd52..d2b2c69d31bb 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -220,6 +220,14 @@  static void qcom_link_stack_sanitization(void)
 		     : "=&r" (tmp));
 }
 
+static bool __nospectre_v2;
+static int __init parse_nospectre_v2(char *str)
+{
+	__nospectre_v2 = true;
+	return 0;
+}
+early_param("nospectre_v2", parse_nospectre_v2);
+
 static void
 enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
 {
@@ -231,6 +239,11 @@  enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
 	if (!entry->matches(entry, SCOPE_LOCAL_CPU))
 		return;
 
+	if (__nospectre_v2) {
+		pr_info_once("spectrev2 mitigation disabled by command line option\n");
+		return;
+	}
+
 	if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
 		return;