From patchwork Thu Apr 4 16:44:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josh Poimboeuf X-Patchwork-Id: 10885951 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1213E1575 for ; Thu, 4 Apr 2019 16:45:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EB9E228ABE for ; Thu, 4 Apr 2019 16:45:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DF9A928AC6; Thu, 4 Apr 2019 16:45:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1E08028ABE for ; Thu, 4 Apr 2019 16:45:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=eKYUoAwkn0lsy0E9Jw/QH/Owg7iQOzg4+8MWWS2n1wc=; b=Y/IlGIxIqysIdm449VIFN+AKYN g5/ko1dyfbQ7CjPoSnSyvfZAKGiGal/meUPIbW0xgc01cnQ/NIe982f8ZD6x4sy48huzRm7f1xCko ABfX3ocxKZcXuFt6Dw9waAHkwXfWWtG7gybbHFn4MqvFsFqYQfWaNzJPpNMRmtC9sY6tu/fvvR6le g42q3OV+jT8WbFM6D6fr757/z+2d65Q3K1Fq3d2y94ujic7PvQEAxg8Zgen4DVkfZSxu2uqt1UHj9 XgtRMWWQWLb+S6ZQLeRqMeKg17aPdu09WVuBVDZlPinQNN4WSb+TSgqDWshIg6DHgc/1F7zAF6TM4 RyHsOeRA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5UP-0000bK-VP; Thu, 04 Apr 2019 16:45:21 +0000 Received: from mx1.redhat.com ([209.132.183.28]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5UD-0008WP-L0 for linux-arm-kernel@lists.infradead.org; Thu, 04 Apr 2019 16:45:11 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D8CB93078AAE; Thu, 4 Apr 2019 16:45:08 +0000 (UTC) Received: from treble.redhat.com (ovpn-125-158.rdu2.redhat.com [10.10.125.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1ED53608E5; Thu, 4 Apr 2019 16:45:06 +0000 (UTC) From: Josh Poimboeuf To: linux-kernel@vger.kernel.org Subject: [PATCH RFC 1/5] cpu/speculation: Add 'cpu_spec_mitigations=' cmdline options Date: Thu, 4 Apr 2019 11:44:11 -0500 Message-Id: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 04 Apr 2019 16:45:09 +0000 (UTC) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190404_094509_741040_E40C08C8 X-CRM114-Status: GOOD ( 15.71 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Zijlstra , Benjamin Herrenschmidt , Heiko Carstens , Paul Mackerras , "H . Peter Anvin" , Ingo Molnar , Andrea Arcangeli , linux-s390@vger.kernel.org, Michael Ellerman , x86@kernel.org, Will Deacon , Linus Torvalds , Catalin Marinas , Waiman Long , linux-arch@vger.kernel.org, Jon Masters , Jiri Kosina , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Greg Kroah-Hartman , Tyler Hicks , Martin Schwidefsky , linuxppc-dev@lists.ozlabs.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Keeping track of the number of mitigations for all the CPU speculation bugs has become overwhelming for many users. It's getting more and more complicated to decide which mitigations are needed for a given architecture. Complicating matters is the fact that each arch tends to their own custom way to mitigate the same vulnerability. Most users fall into a few basic categories: a) they want all mitigations off; b) they want all reasonable mitigations on, with SMT enabled even if it's vulnerable; or c) they want all reasonable mitigations on, with SMT disabled if vulnerable. Define a set of curated, arch-independent options, each of which is an aggregation of existing options: - cpu_spec_mitigations=off: Disable all mitigations. - cpu_spec_mitigations=auto: [default] Enable all the default mitigations, but leave SMT enabled, even if it's vulnerable. - cpu_spec_mitigations=auto,nosmt: Enable all the default mitigations, disabling SMT if needed by a mitigation. Currently, these options are placeholders which don't actually do anything. They will be fleshed out in upcoming patches. Signed-off-by: Josh Poimboeuf --- .../admin-guide/kernel-parameters.txt | 23 +++++++++++++++++++ include/linux/cpu.h | 8 +++++++ kernel/cpu.c | 15 ++++++++++++ 3 files changed, 46 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index c4d830003b21..ac42e510bd6e 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2544,6 +2544,29 @@ in the "bleeding edge" mini2440 support kernel at http://repo.or.cz/w/linux-2.6/mini2440.git + cpu_spec_mitigations= + [KNL] Control mitigations for CPU speculation + vulnerabilities on affected CPUs. This is a set of + curated, arch-independent options, each of which is an + aggregation of existing options. + + off + Disable all speculative CPU mitigations. + + auto (default) + Mitigate all speculative CPU vulnerabilities, + but leave SMT enabled, even if it's vulnerable. + This is useful for users who don't want to be + surprised by SMT getting disabled across kernel + upgrades, or who have other ways of avoiding + SMT-based attacks. + + auto,nosmt + Mitigate all speculative CPU vulnerabilities, + disabling SMT if needed. This is for users who + always want to be fully mitigated, even if it + means losing SMT. + mminit_loglevel= [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this parameter allows control of the logging verbosity for diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 5041357d0297..3a1740fda2e2 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -187,4 +187,12 @@ static inline void cpu_smt_disable(bool force) { } static inline void cpu_smt_check_topology(void) { } #endif +enum cpu_spec_mitigations { + CPU_SPEC_MITIGATIONS_OFF, + CPU_SPEC_MITIGATIONS_AUTO, + CPU_SPEC_MITIGATIONS_AUTO_NOSMT, +}; + +extern enum cpu_spec_mitigations cpu_spec_mitigations; + #endif /* _LINUX_CPU_H_ */ diff --git a/kernel/cpu.c b/kernel/cpu.c index 6c959aea0f9e..0a9d66b90a00 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -2306,3 +2306,18 @@ void __init boot_cpu_hotplug_init(void) #endif this_cpu_write(cpuhp_state.state, CPUHP_ONLINE); } + +enum cpu_spec_mitigations cpu_spec_mitigations __ro_after_init = CPU_SPEC_MITIGATIONS_AUTO; + +static int __init cpu_spec_mitigations_setup(char *arg) +{ + if (!strcmp(arg, "off")) + cpu_spec_mitigations = CPU_SPEC_MITIGATIONS_OFF; + else if (!strcmp(arg, "auto")) + cpu_spec_mitigations = CPU_SPEC_MITIGATIONS_AUTO; + else if (!strcmp(arg, "auto,nosmt")) + cpu_spec_mitigations = CPU_SPEC_MITIGATIONS_AUTO_NOSMT; + + return 0; +} +early_param("cpu_spec_mitigations", cpu_spec_mitigations_setup); From patchwork Thu Apr 4 16:44:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josh Poimboeuf X-Patchwork-Id: 10885953 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AE80E17EE for ; Thu, 4 Apr 2019 16:45:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 927D528AB3 for ; Thu, 4 Apr 2019 16:45:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 84E1628AC6; Thu, 4 Apr 2019 16:45:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E425328AB3 for ; Thu, 4 Apr 2019 16:45:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=V14fltEPhny1UVu4GRwW4pYyP9Bh0Rj7nAGhYa05Wuw=; b=V79XhbtrW3O+byYJLXMrMd7Asa CEVpdTbP6ySHapnL9XasIANbcbmJIooVbaozay28BUtg6SR5nIoeJv3nLbPhJ/gTTTBOiI2D1aeDk lBHr+MdsKArEN2mFKijwJ8wajl0kjgrcltjWQ0HRdv5KLyYQmrJ4Nk4xCXXA1ji14kEYBgBg+9Xa5 1gMPSH1hXPUKO26iUQutAgFHu86H3w3dPJ1zI/BnbVVSKaED3QoEI5tK4HygDKzQcI+PsArARzCAR /Kx0+AX0GYbQqMilIlkLzISJXimCkiazS07Ewwn5xtXriW7NtTA0z8muH5B3I+3a6Fg+mv3BR4pza 7F4zUDYA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5Ud-0000ve-Od; Thu, 04 Apr 2019 16:45:35 +0000 Received: from mx1.redhat.com ([209.132.183.28]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5UG-0000QF-Fb for linux-arm-kernel@lists.infradead.org; Thu, 04 Apr 2019 16:45:27 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ACF3B3005148; Thu, 4 Apr 2019 16:45:11 +0000 (UTC) Received: from treble.redhat.com (ovpn-125-158.rdu2.redhat.com [10.10.125.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0AED0608EB; Thu, 4 Apr 2019 16:45:08 +0000 (UTC) From: Josh Poimboeuf To: linux-kernel@vger.kernel.org Subject: [PATCH RFC 2/5] x86/speculation: Add support for 'cpu_spec_mitigations=' cmdline options Date: Thu, 4 Apr 2019 11:44:12 -0500 Message-Id: <78c63cb08f36f55407f534d49cc2543079e44dbb.1554396090.git.jpoimboe@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 04 Apr 2019 16:45:12 +0000 (UTC) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190404_094512_811738_E56D91B3 X-CRM114-Status: GOOD ( 19.75 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Zijlstra , Benjamin Herrenschmidt , Heiko Carstens , Paul Mackerras , "H . Peter Anvin" , Ingo Molnar , Andrea Arcangeli , linux-s390@vger.kernel.org, Michael Ellerman , x86@kernel.org, Will Deacon , Linus Torvalds , Catalin Marinas , Waiman Long , linux-arch@vger.kernel.org, Jon Masters , Jiri Kosina , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Greg Kroah-Hartman , Tyler Hicks , Martin Schwidefsky , linuxppc-dev@lists.ozlabs.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Configure x86 runtime CPU speculation bug mitigations in accordance with the 'cpu_spec_mitigations=' cmdline options. This affects Meltdown, Spectre v2, Speculative Store Bypass, and L1TF. The default behavior is unchanged. Signed-off-by: Josh Poimboeuf --- .../admin-guide/kernel-parameters.txt | 15 +++++++++ arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/cpu/bugs.c | 32 ++++++++++++++++--- arch/x86/kvm/vmx/vmx.c | 2 ++ arch/x86/mm/pti.c | 4 ++- 5 files changed, 49 insertions(+), 5 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index ac42e510bd6e..29dc03971630 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2552,6 +2552,11 @@ off Disable all speculative CPU mitigations. + Equivalent to: nopti [x86] + nospectre_v2 [x86] + spectre_v2_user=off [x86] + spec_store_bypass_disable=off [x86] + l1tf=off [x86] auto (default) Mitigate all speculative CPU vulnerabilities, @@ -2560,12 +2565,22 @@ surprised by SMT getting disabled across kernel upgrades, or who have other ways of avoiding SMT-based attacks. + Equivalent to: pti=auto [x86] + spectre_v2=auto [x86] + spectre_v2_user=auto [x86] + spec_store_bypass_disable=auto [x86] + l1tf=flush [x86] auto,nosmt Mitigate all speculative CPU vulnerabilities, disabling SMT if needed. This is for users who always want to be fully mitigated, even if it means losing SMT. + Equivalent to: pti=auto [x86] + spectre_v2=auto [x86] + spectre_v2_user=auto [x86] + spec_store_bypass_disable=auto [x86] + l1tf=flush,nosmt [x86] mminit_loglevel= [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 2bb3a648fc12..7e95b310f869 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -982,6 +982,7 @@ void microcode_check(void); enum l1tf_mitigations { L1TF_MITIGATION_OFF, + L1TF_MITIGATION_DEFAULT, L1TF_MITIGATION_FLUSH_NOWARN, L1TF_MITIGATION_FLUSH, L1TF_MITIGATION_FLUSH_NOSMT, diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 2da82eff0eb4..65b95fb95ba5 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -308,8 +308,11 @@ spectre_v2_parse_user_cmdline(enum spectre_v2_mitigation_cmd v2_cmd) ret = cmdline_find_option(boot_command_line, "spectre_v2_user", arg, sizeof(arg)); - if (ret < 0) + if (ret < 0) { + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) + return SPECTRE_V2_USER_CMD_NONE; return SPECTRE_V2_USER_CMD_AUTO; + } for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { if (match_option(arg, ret, v2_user_options[i].option)) { @@ -444,8 +447,11 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) return SPECTRE_V2_CMD_NONE; ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); - if (ret < 0) + if (ret < 0) { + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) + return SPECTRE_V2_CMD_NONE; return SPECTRE_V2_CMD_AUTO; + } for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { if (!match_option(arg, ret, mitigation_options[i].option)) @@ -677,8 +683,11 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) } else { ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable", arg, sizeof(arg)); - if (ret < 0) + if (ret < 0) { + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) + return SPEC_STORE_BYPASS_CMD_NONE; return SPEC_STORE_BYPASS_CMD_AUTO; + } for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { if (!match_option(arg, ret, ssb_mitigation_options[i].option)) @@ -955,7 +964,7 @@ void x86_spec_ctrl_setup_ap(void) #define pr_fmt(fmt) "L1TF: " fmt /* Default mitigation for L1TF-affected CPUs */ -enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH; +enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_DEFAULT; #if IS_ENABLED(CONFIG_KVM_INTEL) EXPORT_SYMBOL_GPL(l1tf_mitigation); #endif @@ -1010,8 +1019,23 @@ static void __init l1tf_select_mitigation(void) override_cache_bits(&boot_cpu_data); + if (l1tf_mitigation == L1TF_MITIGATION_DEFAULT) { + switch (cpu_spec_mitigations) { + case CPU_SPEC_MITIGATIONS_OFF: + l1tf_mitigation = L1TF_MITIGATION_OFF; + break; + case CPU_SPEC_MITIGATIONS_AUTO: + l1tf_mitigation = L1TF_MITIGATION_FLUSH; + break; + case CPU_SPEC_MITIGATIONS_AUTO_NOSMT: + l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT; + break; + } + } + switch (l1tf_mitigation) { case L1TF_MITIGATION_OFF: + case L1TF_MITIGATION_DEFAULT: case L1TF_MITIGATION_FLUSH_NOWARN: case L1TF_MITIGATION_FLUSH: break; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index ab432a930ae8..83b5bdc3c777 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -233,6 +233,7 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf) case L1TF_MITIGATION_FLUSH_NOWARN: case L1TF_MITIGATION_FLUSH: case L1TF_MITIGATION_FLUSH_NOSMT: + case L1TF_MITIGATION_DEFAULT: l1tf = VMENTER_L1D_FLUSH_COND; break; case L1TF_MITIGATION_FULL: @@ -6686,6 +6687,7 @@ static int vmx_vm_init(struct kvm *kvm) case L1TF_MITIGATION_FLUSH: case L1TF_MITIGATION_FLUSH_NOSMT: case L1TF_MITIGATION_FULL: + case L1TF_MITIGATION_DEFAULT: /* * Warn upon starting the first VM in a potentially * insecure environment. diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 139b28a01ce4..6d3bf680bf95 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include @@ -115,7 +116,8 @@ void __init pti_check_boottime_disable(void) } } - if (cmdline_find_option_bool(boot_command_line, "nopti")) { + if (cmdline_find_option_bool(boot_command_line, "nopti") || + cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) { pti_mode = PTI_FORCE_OFF; pti_print_if_insecure("disabled on command line."); return; From patchwork Thu Apr 4 16:44:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josh Poimboeuf X-Patchwork-Id: 10885963 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E8BFC1708 for ; Thu, 4 Apr 2019 16:52:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CE7DF28446 for ; Thu, 4 Apr 2019 16:52:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C21B2288B4; Thu, 4 Apr 2019 16:52:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id BD26A28446 for ; Thu, 4 Apr 2019 16:52:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=zQE0RuhXPqTzQBuwoalPF0ELsm5UHW9/TP0g+bJKyVs=; b=pFQb2Sz3uUraFTUKARrHu3nzB6 G3zwwpCgZh9voZiq4j8e88zYvb3Ncd9JFA839erCVwAGVJLlacbNmW+P8e+2e15jZ4+Jfzf59JC+a mBioPOfa6mwtQr1TZyKXAyWx2mkuRfbbF1UnOueKYdo9WfZr7AI8sYcEto8ELDkTo2XSmwuz7MGEy PP3y6V8yf7M1Hu9BD+bN/TjzYL2SncMb51bpU0Zjdew60TdgaCSVWQo48mUYg1zo4Xw//D4yjIgQ9 ++1lmBk9sRe3iqKr3eY/whdYPLjBlDa3AxJikBkhku7Fq1Qb9rQWjeWWrQvGcFzj7caSn4/DI0uRr MTOsBq0g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5bW-0004Xf-4w; Thu, 04 Apr 2019 16:52:42 +0000 Received: from mx1.redhat.com ([209.132.183.28]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5UJ-0000To-7Q for linux-arm-kernel@lists.infradead.org; Thu, 04 Apr 2019 16:45:28 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7F3023082B45; Thu, 4 Apr 2019 16:45:14 +0000 (UTC) Received: from treble.redhat.com (ovpn-125-158.rdu2.redhat.com [10.10.125.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id D2AB9608BB; Thu, 4 Apr 2019 16:45:11 +0000 (UTC) From: Josh Poimboeuf To: linux-kernel@vger.kernel.org Subject: [PATCH RFC 3/5] powerpc/speculation: Add support for 'cpu_spec_mitigations=' cmdline options Date: Thu, 4 Apr 2019 11:44:13 -0500 Message-Id: <91b92d8182d2f114d92c95689fcd4bb1a8dda1b0.1554396090.git.jpoimboe@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Thu, 04 Apr 2019 16:45:14 +0000 (UTC) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190404_094515_971175_6408C696 X-CRM114-Status: GOOD ( 16.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Zijlstra , Benjamin Herrenschmidt , Heiko Carstens , Paul Mackerras , "H . Peter Anvin" , Ingo Molnar , Andrea Arcangeli , linux-s390@vger.kernel.org, Michael Ellerman , x86@kernel.org, Will Deacon , Linus Torvalds , Catalin Marinas , Waiman Long , linux-arch@vger.kernel.org, Jon Masters , Jiri Kosina , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Greg Kroah-Hartman , Tyler Hicks , Martin Schwidefsky , linuxppc-dev@lists.ozlabs.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Configure powerpc CPU runtime speculation bug mitigations in accordance with the 'cpu_spec_mitigations=' cmdline options. This affects Meltdown, Spectre v1, Spectre v2, and Speculative Store Bypass. The default behavior is unchanged. Signed-off-by: Josh Poimboeuf Acked-by: Michael Ellerman (powerpc) --- Documentation/admin-guide/kernel-parameters.txt | 9 +++++---- arch/powerpc/kernel/security.c | 6 +++--- arch/powerpc/kernel/setup_64.c | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 29dc03971630..0e8eae1e8a25 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2552,10 +2552,11 @@ off Disable all speculative CPU mitigations. - Equivalent to: nopti [x86] + Equivalent to: nopti [x86, powerpc] + nospectre_v1 [powerpc] nospectre_v2 [x86] spectre_v2_user=off [x86] - spec_store_bypass_disable=off [x86] + spec_store_bypass_disable=off [x86, powerpc] l1tf=off [x86] auto (default) @@ -2568,7 +2569,7 @@ Equivalent to: pti=auto [x86] spectre_v2=auto [x86] spectre_v2_user=auto [x86] - spec_store_bypass_disable=auto [x86] + spec_store_bypass_disable=auto [x86, powerpc] l1tf=flush [x86] auto,nosmt @@ -2579,7 +2580,7 @@ Equivalent to: pti=auto [x86] spectre_v2=auto [x86] spectre_v2_user=auto [x86] - spec_store_bypass_disable=auto [x86] + spec_store_bypass_disable=auto [x86, powerpc] l1tf=flush,nosmt [x86] mminit_loglevel= diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index b33bafb8fcea..5aed4ad729ba 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -57,7 +57,7 @@ void setup_barrier_nospec(void) enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR); - if (!no_nospec) + if (!no_nospec && cpu_spec_mitigations != CPU_SPEC_MITIGATIONS_OFF) enable_barrier_nospec(enable); } @@ -116,7 +116,7 @@ static int __init handle_nospectre_v2(char *p) early_param("nospectre_v2", handle_nospectre_v2); void setup_spectre_v2(void) { - if (no_spectrev2) + if (no_spectrev2 || cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) do_btb_flush_fixups(); else btb_flush_enabled = true; @@ -300,7 +300,7 @@ void setup_stf_barrier(void) stf_enabled_flush_types = type; - if (!no_stf_barrier) + if (!no_stf_barrier && cpu_spec_mitigations != CPU_SPEC_MITIGATIONS_OFF) stf_barrier_enable(enable); } diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index ba404dd9ce1d..d9d796a66a79 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -932,7 +932,7 @@ void setup_rfi_flush(enum l1d_flush_type types, bool enable) enabled_flush_types = types; - if (!no_rfi_flush) + if (!no_rfi_flush || cpu_spec_mitigations != CPU_SPEC_MITIGATIONS_OFF) rfi_flush_enable(enable); } From patchwork Thu Apr 4 16:44:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josh Poimboeuf X-Patchwork-Id: 10885955 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7279517EE for ; Thu, 4 Apr 2019 16:45:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5633328AC6 for ; Thu, 4 Apr 2019 16:45:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4A11328AD0; Thu, 4 Apr 2019 16:45:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E5A8C28AC6 for ; Thu, 4 Apr 2019 16:45:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=gNc+UNTNZB/U9lD9yGZmb/L3Mg0XL7PwiXCKWmPHu2g=; b=sDmyVSG0spxqZy4m0J6lLgKVwh gACQItZCRuPMUFz2LEqmfql6p/4RKdzUHLEGrQAw4b9AlK+bndEm5xIisXFMRzveUUfrGFRe/lMWx BiuDWbREBBvNuMaJoer3BFPJduExnuUPqpjFnEsmDPiAo74QUYk/iJEDlpacttAqYdpCu7d+9pAXf z4HlunKHsc+rmRh1QEkhxF5IhyaLDT0/hXB1JSHIy7jNPQpsbZKbZXCNtw5RTincIyQYHSCribZlH BpLMpNGLKa1rUWK1u/kQwdJ0JFWXJ3/U7FI6n8gTx9TtcfdbQ++QvWNkzjBlnLrSCR8w29Gc00bLK giHcyuyw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5Uv-0001HF-H0; Thu, 04 Apr 2019 16:45:53 +0000 Received: from mx1.redhat.com ([209.132.183.28]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5UL-0000Yl-To for linux-arm-kernel@lists.infradead.org; Thu, 04 Apr 2019 16:45:32 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4DD193007432; Thu, 4 Apr 2019 16:45:17 +0000 (UTC) Received: from treble.redhat.com (ovpn-125-158.rdu2.redhat.com [10.10.125.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id A26E5608E2; Thu, 4 Apr 2019 16:45:14 +0000 (UTC) From: Josh Poimboeuf To: linux-kernel@vger.kernel.org Subject: [PATCH RFC 4/5] s390/speculation: Add support for 'cpu_spec_mitigations=' cmdline options Date: Thu, 4 Apr 2019 11:44:14 -0500 Message-Id: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Thu, 04 Apr 2019 16:45:17 +0000 (UTC) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190404_094518_279833_2F610DE8 X-CRM114-Status: GOOD ( 16.03 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Zijlstra , Benjamin Herrenschmidt , Heiko Carstens , Paul Mackerras , "H . Peter Anvin" , Ingo Molnar , Andrea Arcangeli , linux-s390@vger.kernel.org, Michael Ellerman , x86@kernel.org, Will Deacon , Linus Torvalds , Catalin Marinas , Waiman Long , linux-arch@vger.kernel.org, Jon Masters , Jiri Kosina , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Greg Kroah-Hartman , Tyler Hicks , Martin Schwidefsky , linuxppc-dev@lists.ozlabs.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Configure s390 runtime CPU speculation bug mitigations in accordance with the 'cpu_spec_mitigations=' cmdline options. This affects Spectre v1 and Spectre v2. The default behavior is unchanged. Signed-off-by: Josh Poimboeuf --- Documentation/admin-guide/kernel-parameters.txt | 7 ++++--- arch/s390/kernel/nospec-branch.c | 4 +++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 0e8eae1e8a25..e838af96daa4 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2554,8 +2554,9 @@ Disable all speculative CPU mitigations. Equivalent to: nopti [x86, powerpc] nospectre_v1 [powerpc] - nospectre_v2 [x86] + nospectre_v2 [x86, powerpc, s390] spectre_v2_user=off [x86] + nobp=0 [s390] spec_store_bypass_disable=off [x86, powerpc] l1tf=off [x86] @@ -2567,7 +2568,7 @@ upgrades, or who have other ways of avoiding SMT-based attacks. Equivalent to: pti=auto [x86] - spectre_v2=auto [x86] + spectre_v2=auto [x86, s390] spectre_v2_user=auto [x86] spec_store_bypass_disable=auto [x86, powerpc] l1tf=flush [x86] @@ -2578,7 +2579,7 @@ always want to be fully mitigated, even if it means losing SMT. Equivalent to: pti=auto [x86] - spectre_v2=auto [x86] + spectre_v2=auto [x86, s390] spectre_v2_user=auto [x86] spec_store_bypass_disable=auto [x86, powerpc] l1tf=flush,nosmt [x86] diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c index bdddaae96559..c40eb672b43a 100644 --- a/arch/s390/kernel/nospec-branch.c +++ b/arch/s390/kernel/nospec-branch.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include #include +#include #include static int __init nobp_setup_early(char *str) @@ -58,7 +59,8 @@ early_param("nospectre_v2", nospectre_v2_setup_early); void __init nospec_auto_detect(void) { - if (test_facility(156)) { + if (test_facility(156) || + cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) { /* * The machine supports etokens. * Disable expolines and disable nobp. From patchwork Thu Apr 4 16:44:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josh Poimboeuf X-Patchwork-Id: 10885959 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7A16C17EE for ; Thu, 4 Apr 2019 16:46:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5EAA128AC6 for ; Thu, 4 Apr 2019 16:46:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5136228AD0; Thu, 4 Apr 2019 16:46:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D85CC28AC6 for ; Thu, 4 Apr 2019 16:46:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=QfB1/U8/6Lf84sFfmxQWnbYF6HCXLF1uG2hiwcNwNOo=; b=tXsQz3KBV+yE3IDtb8J/Lylyp9 ZluhNfR+PugZIWgwLmPhYJplPEtSyBU5MIx2QOvEfAjGeqAUjwFZy8LCpTZNFC/rBh2bUJEgzJaoq jKBXHYfCw0wwTFYPqdXSCHR2WTUbw2F0aBJZfsrjKAAwzOiaae/2wgS/Pk0IQetu2SCePHU8fcIJL uL/gr6TPlm5BbkIp1LzXQUi29Wo/08ZvSgowNeoIU9GDMHoFtBoG9+siM249gvRtft74pPI5DPaUT aMZkvnfCRAU5ktzAsgzBrlUN4MJBBZEY0MpCzKz8enWLdWt3fW11/YN55FgsFYyVQRwGp38Ucyn1P BLT0t+RA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5VG-0001gD-Rm; Thu, 04 Apr 2019 16:46:14 +0000 Received: from mx1.redhat.com ([209.132.183.28]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hC5UR-0000gd-6a for linux-arm-kernel@lists.infradead.org; Thu, 04 Apr 2019 16:45:37 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 939ED30832C9; Thu, 4 Apr 2019 16:45:22 +0000 (UTC) Received: from treble.redhat.com (ovpn-125-158.rdu2.redhat.com [10.10.125.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7568C608EB; Thu, 4 Apr 2019 16:45:17 +0000 (UTC) From: Josh Poimboeuf To: linux-kernel@vger.kernel.org Subject: [PATCH RFC 5/5] arm64/speculation: Add support for 'cpu_spec_mitigations=' cmdline options Date: Thu, 4 Apr 2019 11:44:15 -0500 Message-Id: <5f70df57b19bbccc4a0d5d76134b4681c9a50b0b.1554396090.git.jpoimboe@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Thu, 04 Apr 2019 16:45:22 +0000 (UTC) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190404_094523_811658_C2F9B7CF X-CRM114-Status: GOOD ( 15.86 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Zijlstra , Benjamin Herrenschmidt , Heiko Carstens , Paul Mackerras , "H . Peter Anvin" , Ingo Molnar , Andrea Arcangeli , linux-s390@vger.kernel.org, Michael Ellerman , x86@kernel.org, Will Deacon , Linus Torvalds , Catalin Marinas , Waiman Long , linux-arch@vger.kernel.org, Jon Masters , Jiri Kosina , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Greg Kroah-Hartman , Tyler Hicks , Martin Schwidefsky , linuxppc-dev@lists.ozlabs.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Configure arm64 runtime CPU speculation bug mitigations in accordance with the 'cpu_spec_mitigations=' cmdline options. This affects Meltdown and Speculative Store Bypass. The default behavior is unchanged. Signed-off-by: Josh Poimboeuf --- Documentation/admin-guide/kernel-parameters.txt | 2 ++ arch/arm64/kernel/cpu_errata.c | 4 ++++ arch/arm64/kernel/cpufeature.c | 6 ++++++ 3 files changed, 12 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index e838af96daa4..0b54385ee7a8 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2553,11 +2553,13 @@ off Disable all speculative CPU mitigations. Equivalent to: nopti [x86, powerpc] + kpti=0 [arm64] nospectre_v1 [powerpc] nospectre_v2 [x86, powerpc, s390] spectre_v2_user=off [x86] nobp=0 [s390] spec_store_bypass_disable=off [x86, powerpc] + ssbd=force-off [arm64] l1tf=off [x86] auto (default) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 9950bb0cbd52..db8d27e3fb1c 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -385,6 +386,9 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return false; } + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) + ssbd_state = ARM64_SSBD_FORCE_DISABLE; + switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4061de10cea6..4512b582d50f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -978,6 +979,11 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, __kpti_forced = -1; } + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) { + str = "cpu_spec_mitigations=off"; + __kpti_forced = -1; + } + /* Forced? */ if (__kpti_forced) { pr_info_once("kernel page table isolation forced %s by %s\n",