From: Josh Poimboeuf Date: Fri, 12 Apr 2019 20:39:29 +0000 (-0500) Subject: x86/speculation: Support 'mitigations=' cmdline option X-Git-Tag: v4.1.12-124.31.3~174 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=b1ddbe8f251fbddf10e5c1b5072e44dd919a97ec;p=users%2Fjedix%2Flinux-maple.git x86/speculation: Support 'mitigations=' cmdline option commit d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812 upstream Configure x86 runtime CPU speculation bug mitigations in accordance with the 'mitigations=' cmdline option. This affects Meltdown, Spectre v2, Speculative Store Bypass, and L1TF. The default behavior is unchanged. Signed-off-by: Josh Poimboeuf Signed-off-by: Thomas Gleixner Tested-by: Jiri Kosina (on x86) Reviewed-by: Jiri Kosina Cc: Borislav Petkov Cc: "H . Peter Anvin" Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Jiri Kosina Cc: Waiman Long Cc: Andrea Arcangeli Cc: Jon Masters Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: linux-s390@vger.kernel.org Cc: Catalin Marinas Cc: Will Deacon Cc: linux-arm-kernel@lists.infradead.org Cc: linux-arch@vger.kernel.org Cc: Greg Kroah-Hartman Cc: Tyler Hicks Cc: Linus Torvalds Cc: Randy Dunlap Cc: Steven Price Cc: Phil Auld Link: https://lkml.kernel.org/r/6616d0ae169308516cfdf5216bedd169f8a8291b.1555085500.git.jpoimboe@redhat.com (cherry picked from commit aaa95f2f1112dd4ec31ae13c4cf877dc7c7fcbc8) Orabug: 29526900 CVE: CVE-2018-12126 CVE: CVE-2018-12130 CVE: CVE-2018-12127 Signed-off-by: Mihai Carabas Reviewed-by: Boris Ostrovsky Conflicts: Documentation/admin-guide/kernel-parameters.txt arch/x86/kernel/cpu/bugs.c arch/x86/mm/pti.c Documentation/admin-guide/kernel-parameters.txt: different location arch/x86/kernel/cpu/bugs.c: different name (bugs_64.c). Also we have different logic in nospectre_v2. arch/x86/mm/pti.c: different location for mitigation arch/x86/mm/kaiser.c. --- diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index e3b53ab90b45..f6f3d7528f57 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -2190,15 +2190,20 @@ bytes respectively. Such letter suffixes can also be entirely omitted. http://repo.or.cz/w/linux-2.6/mini2440.git mitigations= - Control optional mitigations for CPU vulnerabilities. - This is a set of curated, arch-independent options, each - of which is an aggregation of existing arch-specific - options. + [X86] Control optional mitigations for CPU + vulnerabilities. This is a set of curated, + arch-independent options, each of which is an + aggregation of existing arch-specific options. off Disable all optional CPU mitigations. This improves system performance, but it may also expose users to several CPU vulnerabilities. + Equivalent to: nopti [X86] + nospectre_v2 [X86] + spectre_v2_user=off [X86] + spec_store_bypass_disable=off [X86] + l1tf=off [X86] auto (default) Mitigate all CPU vulnerabilities, but leave SMT @@ -2206,12 +2211,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. users who don't want to be surprised by SMT getting disabled across kernel upgrades, or who have other ways of avoiding SMT-based attacks. - This is the default behavior. + Equivalent to: (default behavior) auto,nosmt Mitigate all CPU vulnerabilities, disabling SMT if needed. This is for users who always want to be fully mitigated, even if it means losing SMT. + Equivalent to: l1tf=flush,nosmt [X86] mminit_loglevel= [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c index ddb51c6d4103..d8fded128e9a 100644 --- a/arch/x86/kernel/cpu/bugs_64.c +++ b/arch/x86/kernel/cpu/bugs_64.c @@ -678,7 +678,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) } } - if (!cmdline_find_option_bool(boot_command_line, "nospectre_v2")) + if (!cmdline_find_option_bool(boot_command_line, "nospectre_v2") && + !cpu_mitigations_off()) return SPECTRE_V2_CMD_AUTO; disable: spec2_print_if_insecure("disabled on command line."); @@ -961,7 +962,8 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) char arg[20]; int ret, i; - if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) { + if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") || + cpu_mitigations_off()) { return SPEC_STORE_BYPASS_CMD_NONE; } else { ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable", @@ -1248,6 +1250,11 @@ static void __init l1tf_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_L1TF)) return; + if (cpu_mitigations_off()) + l1tf_mitigation = L1TF_MITIGATION_OFF; + else if (cpu_mitigations_auto_nosmt()) + l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT; + parse_l1tf_cmdline(); override_cache_bits(&boot_cpu_data); diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c index ed7e2949a58c..7c7273d3fc05 100644 --- a/arch/x86/mm/kaiser.c +++ b/arch/x86/mm/kaiser.c @@ -1,4 +1,5 @@ #include +#include #include #include #include @@ -285,7 +286,8 @@ void __init kaiser_check_boottime_disable(void) goto skip; } - if (cmdline_find_option_bool(boot_command_line, "nopti")) + if (cmdline_find_option_bool(boot_command_line, "nopti") || + cpu_mitigations_off()) goto disable; skip: