| Message ID | 20190125180711.1970973-3-jeremy.linton@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: add system vulnerability sysfs entries | expand |
On Fri, 25 Jan 2019 12:07:01 -0600 Jeremy Linton <jeremy.linton@arm.com> wrote: Hi, > There are various reasons, including bencmarking, to disable spectrev2 > mitigation on a machine. Provide a command-line to do so. > > Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> > Cc: Jonathan Corbet <corbet@lwn.net> > Cc: linux-doc@vger.kernel.org Reviewed-by: Andre Przywara <andre.przywara@arm.com> Cheers, Andre > --- > Documentation/admin-guide/kernel-parameters.txt | 8 ++++---- > arch/arm64/kernel/cpu_errata.c | 11 +++++++++++ > 2 files changed, 15 insertions(+), 4 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt > b/Documentation/admin-guide/kernel-parameters.txt index > 9475f02c79da..2ae77979488e 100644 --- > a/Documentation/admin-guide/kernel-parameters.txt +++ > b/Documentation/admin-guide/kernel-parameters.txt @@ -2849,10 > +2849,10 @@ check bypass). With this option data leaks are possible > in the system. > > - nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all > mitigations for the Spectre variant 2 > - (indirect branch prediction) vulnerability. > System may > - allow data leaks with this option, which is > equivalent > - to spectre_v2=off. > + nospectre_v2 [X86,PPC_FSL_BOOK3E,ARM64] Disable all > mitigations for > + the Spectre variant 2 (indirect branch > prediction) > + vulnerability. System may allow data leaks > with this > + option. > > nospec_store_bypass_disable > [HW] Disable all mitigations for the > Speculative Store Bypass vulnerability diff --git > a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c > index 9950bb0cbd52..9a7b5fca51a0 100644 --- > a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c > @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void) > : "=&r" (tmp)); > } > > +static bool __nospectre_v2; > +static int __init parse_nospectre_v2(char *str) > +{ > + __nospectre_v2 = true; > + return 0; > +} > +early_param("nospectre_v2", parse_nospectre_v2); > + > static void > enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities > *entry) { > @@ -231,6 +239,9 @@ enable_smccc_arch_workaround_1(const struct > arm64_cpu_capabilities *entry) if (!entry->matches(entry, > SCOPE_LOCAL_CPU)) return; > > + if (__nospectre_v2) > + return; > + > if (psci_ops.smccc_version == SMCCC_VERSION_1_0) > return; >
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 9475f02c79da..2ae77979488e 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2849,10 +2849,10 @@ check bypass). With this option data leaks are possible in the system. - nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 - (indirect branch prediction) vulnerability. System may - allow data leaks with this option, which is equivalent - to spectre_v2=off. + nospectre_v2 [X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for + the Spectre variant 2 (indirect branch prediction) + vulnerability. System may allow data leaks with this + option. nospec_store_bypass_disable [HW] Disable all mitigations for the Speculative Store Bypass vulnerability diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 9950bb0cbd52..9a7b5fca51a0 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void) : "=&r" (tmp)); } +static bool __nospectre_v2; +static int __init parse_nospectre_v2(char *str) +{ + __nospectre_v2 = true; + return 0; +} +early_param("nospectre_v2", parse_nospectre_v2); + static void enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) { @@ -231,6 +239,9 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; + if (__nospectre_v2) + return; + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) return;
There are various reasons, including bencmarking, to disable spectrev2 mitigation on a machine. Provide a command-line to do so. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: linux-doc@vger.kernel.org --- Documentation/admin-guide/kernel-parameters.txt | 8 ++++---- arch/arm64/kernel/cpu_errata.c | 11 +++++++++++ 2 files changed, 15 insertions(+), 4 deletions(-)