Skip to content

Commit

Permalink
x86/speculation: Support 'mitigations=' cmdline option
Browse files Browse the repository at this point in the history
commit d68be4c upstream.

Configure x86 runtime CPU speculation bug mitigations in accordance with
the 'mitigations=' cmdline option.  This affects Meltdown, Spectre v2,
Speculative Store Bypass, and L1TF.

The default behavior is unchanged.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
Reviewed-by: Jiri Kosina <jkosina@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Waiman Long <longman@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Steven Price <steven.price@arm.com>
Cc: Phil Auld <pauld@redhat.com>
Link: https://lkml.kernel.org/r/6616d0ae169308516cfdf5216bedd169f8a8291b.1555085500.git.jpoimboe@redhat.com
[bwh: Backported to 3.16:
 - Drop the auto,nosmt option and the l1tf mitigation selection, which we can't
   support
 - Adjust filenames, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  • Loading branch information
Josh Poimboeuf authored and Ben Hutchings committed May 22, 2019
1 parent 48a145b commit ac8b525
Showing 3 changed files with 16 additions and 8 deletions.
14 changes: 9 additions & 5 deletions Documentation/kernel-parameters.txt
Original file line number Diff line number Diff line change
@@ -1907,23 +1907,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
http://repo.or.cz/w/linux-2.6/mini2440.git

mitigations=
Control optional mitigations for CPU vulnerabilities.
This is a set of curated, arch-independent options, each
of which is an aggregation of existing arch-specific
options.
[X86] Control optional mitigations for CPU
vulnerabilities. This is a set of curated,
arch-independent options, each of which is an
aggregation of existing arch-specific options.

off
Disable all optional CPU mitigations. This
improves system performance, but it may also
expose users to several CPU vulnerabilities.
Equivalent to: nopti [X86]
nospectre_v2 [X86]
spectre_v2_user=off [X86]
spec_store_bypass_disable=off [X86]

auto (default)
Mitigate all CPU vulnerabilities, but leave SMT
enabled, even if it's vulnerable. This is for
users who don't want to be surprised by SMT
getting disabled across kernel upgrades, or who
have other ways of avoiding SMT-based attacks.
This is the default behavior.
Equivalent to: (default behavior)

mminit_loglevel=
[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
6 changes: 4 additions & 2 deletions arch/x86/kernel/cpu/bugs.c
Original file line number Diff line number Diff line change
@@ -545,7 +545,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
char arg[20];
int ret, i;

if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") ||
cpu_mitigations_off())
return SPECTRE_V2_CMD_NONE;

ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
@@ -809,7 +810,8 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
char arg[20];
int ret, i;

if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) {
if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") ||
cpu_mitigations_off()) {
return SPEC_STORE_BYPASS_CMD_NONE;
} else {
ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
4 changes: 3 additions & 1 deletion arch/x86/mm/kaiser.c
Original file line number Diff line number Diff line change
@@ -10,6 +10,7 @@
#include <linux/mm.h>
#include <linux/uaccess.h>
#include <linux/ftrace.h>
#include <linux/cpu.h>
#include <xen/xen.h>

#undef pr_fmt
@@ -294,7 +295,8 @@ void __init kaiser_check_boottime_disable(void)
goto skip;
}

if (cmdline_find_option_bool(boot_command_line, "nopti"))
if (cmdline_find_option_bool(boot_command_line, "nopti") ||
cpu_mitigations_off())
goto disable;

skip:

0 comments on commit ac8b525

Please sign in to comment.