| From 1a85023111931463125a6da902675facd3e00c21 Mon Sep 17 00:00:00 2001 |
| From: Josh Poimboeuf <jpoimboe@redhat.com> |
| Date: Fri, 12 Apr 2019 15:39:28 -0500 |
| Subject: [PATCH 23/30] cpu/speculation: Add 'mitigations=' cmdline option |
| |
| commit 98af8452945c55652de68536afdde3b520fec429 upstream |
| |
| Keeping track of the number of mitigations for all the CPU speculation |
| bugs has become overwhelming for many users. It's getting more and more |
| complicated to decide which mitigations are needed for a given |
| architecture. Complicating matters is the fact that each arch tends to |
| have its own custom way to mitigate the same vulnerability. |
| |
| Most users fall into a few basic categories: |
| |
| a) they want all mitigations off; |
| |
| b) they want all reasonable mitigations on, with SMT enabled even if |
| it's vulnerable; or |
| |
| c) they want all reasonable mitigations on, with SMT disabled if |
| vulnerable. |
| |
| Define a set of curated, arch-independent options, each of which is an |
| aggregation of existing options: |
| |
| - mitigations=off: Disable all mitigations. |
| |
| - mitigations=auto: [default] Enable all the default mitigations, but |
| leave SMT enabled, even if it's vulnerable. |
| |
| - mitigations=auto,nosmt: Enable all the default mitigations, disabling |
| SMT if needed by a mitigation. |
| |
| Currently, these options are placeholders which don't actually do |
| anything. They will be fleshed out in upcoming patches. |
| |
| Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86) |
| Reviewed-by: Jiri Kosina <jkosina@suse.cz> |
| Cc: Borislav Petkov <bp@alien8.de> |
| Cc: "H . Peter Anvin" <hpa@zytor.com> |
| Cc: Andy Lutomirski <luto@kernel.org> |
| Cc: Peter Zijlstra <peterz@infradead.org> |
| Cc: Jiri Kosina <jikos@kernel.org> |
| Cc: Waiman Long <longman@redhat.com> |
| Cc: Andrea Arcangeli <aarcange@redhat.com> |
| Cc: Jon Masters <jcm@redhat.com> |
| Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> |
| Cc: Paul Mackerras <paulus@samba.org> |
| Cc: Michael Ellerman <mpe@ellerman.id.au> |
| Cc: linuxppc-dev@lists.ozlabs.org |
| Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> |
| Cc: Heiko Carstens <heiko.carstens@de.ibm.com> |
| Cc: linux-s390@vger.kernel.org |
| Cc: Catalin Marinas <catalin.marinas@arm.com> |
| Cc: Will Deacon <will.deacon@arm.com> |
| Cc: linux-arm-kernel@lists.infradead.org |
| Cc: linux-arch@vger.kernel.org |
| Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Cc: Tyler Hicks <tyhicks@canonical.com> |
| Cc: Linus Torvalds <torvalds@linux-foundation.org> |
| Cc: Randy Dunlap <rdunlap@infradead.org> |
| Cc: Steven Price <steven.price@arm.com> |
| Cc: Phil Auld <pauld@redhat.com> |
| Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| .../admin-guide/kernel-parameters.txt | 24 +++++++++++++++++++ |
| include/linux/cpu.h | 24 +++++++++++++++++++ |
| kernel/cpu.c | 15 ++++++++++++ |
| 3 files changed, 63 insertions(+) |
| |
| diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt |
| index df8d10668b11..6a1b94afb005 100644 |
| --- a/Documentation/admin-guide/kernel-parameters.txt |
| +++ b/Documentation/admin-guide/kernel-parameters.txt |
| @@ -2502,6 +2502,30 @@ |
| in the "bleeding edge" mini2440 support kernel at |
| http://repo.or.cz/w/linux-2.6/mini2440.git |
| |
| + mitigations= |
| + Control optional mitigations for CPU vulnerabilities. |
| + This is a set of curated, arch-independent options, each |
| + of which is an aggregation of existing arch-specific |
| + options. |
| + |
| + off |
| + Disable all optional CPU mitigations. This |
| + improves system performance, but it may also |
| + expose users to several CPU vulnerabilities. |
| + |
| + auto (default) |
| + Mitigate all CPU vulnerabilities, but leave SMT |
| + enabled, even if it's vulnerable. This is for |
| + users who don't want to be surprised by SMT |
| + getting disabled across kernel upgrades, or who |
| + have other ways of avoiding SMT-based attacks. |
| + This is the default behavior. |
| + |
| + auto,nosmt |
| + Mitigate all CPU vulnerabilities, disabling SMT |
| + if needed. This is for users who always want to |
| + be fully mitigated, even if it means losing SMT. |
| + |
| mminit_loglevel= |
| [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this |
| parameter allows control of the logging verbosity for |
| diff --git a/include/linux/cpu.h b/include/linux/cpu.h |
| index 3c87ad888ed3..57ae83c4d5f4 100644 |
| --- a/include/linux/cpu.h |
| +++ b/include/linux/cpu.h |
| @@ -189,4 +189,28 @@ static inline void cpu_smt_disable(bool force) { } |
| static inline void cpu_smt_check_topology(void) { } |
| #endif |
| |
| +/* |
| + * These are used for a global "mitigations=" cmdline option for toggling |
| + * optional CPU mitigations. |
| + */ |
| +enum cpu_mitigations { |
| + CPU_MITIGATIONS_OFF, |
| + CPU_MITIGATIONS_AUTO, |
| + CPU_MITIGATIONS_AUTO_NOSMT, |
| +}; |
| + |
| +extern enum cpu_mitigations cpu_mitigations; |
| + |
| +/* mitigations=off */ |
| +static inline bool cpu_mitigations_off(void) |
| +{ |
| + return cpu_mitigations == CPU_MITIGATIONS_OFF; |
| +} |
| + |
| +/* mitigations=auto,nosmt */ |
| +static inline bool cpu_mitigations_auto_nosmt(void) |
| +{ |
| + return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT; |
| +} |
| + |
| #endif /* _LINUX_CPU_H_ */ |
| diff --git a/kernel/cpu.c b/kernel/cpu.c |
| index dc250ec2c096..bc6c880a093f 100644 |
| --- a/kernel/cpu.c |
| +++ b/kernel/cpu.c |
| @@ -2278,3 +2278,18 @@ void __init boot_cpu_hotplug_init(void) |
| #endif |
| this_cpu_write(cpuhp_state.state, CPUHP_ONLINE); |
| } |
| + |
| +enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO; |
| + |
| +static int __init mitigations_parse_cmdline(char *arg) |
| +{ |
| + if (!strcmp(arg, "off")) |
| + cpu_mitigations = CPU_MITIGATIONS_OFF; |
| + else if (!strcmp(arg, "auto")) |
| + cpu_mitigations = CPU_MITIGATIONS_AUTO; |
| + else if (!strcmp(arg, "auto,nosmt")) |
| + cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT; |
| + |
| + return 0; |
| +} |
| +early_param("mitigations", mitigations_parse_cmdline); |
| -- |
| 2.21.0 |
| |