165 lines
5.7 KiB
Diff
165 lines
5.7 KiB
Diff
From 0e44e1761b78d31665fbce073ce58f42a0ffd4de Mon Sep 17 00:00:00 2001
|
|
From: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
Date: Fri, 12 Apr 2019 15:39:28 -0500
|
|
Subject: [PATCH 23/30] cpu/speculation: Add 'mitigations=' cmdline option
|
|
|
|
commit 98af8452945c55652de68536afdde3b520fec429 upstream
|
|
|
|
Keeping track of the number of mitigations for all the CPU speculation
|
|
bugs has become overwhelming for many users. It's getting more and more
|
|
complicated to decide which mitigations are needed for a given
|
|
architecture. Complicating matters is the fact that each arch tends to
|
|
have its own custom way to mitigate the same vulnerability.
|
|
|
|
Most users fall into a few basic categories:
|
|
|
|
a) they want all mitigations off;
|
|
|
|
b) they want all reasonable mitigations on, with SMT enabled even if
|
|
it's vulnerable; or
|
|
|
|
c) they want all reasonable mitigations on, with SMT disabled if
|
|
vulnerable.
|
|
|
|
Define a set of curated, arch-independent options, each of which is an
|
|
aggregation of existing options:
|
|
|
|
- mitigations=off: Disable all mitigations.
|
|
|
|
- mitigations=auto: [default] Enable all the default mitigations, but
|
|
leave SMT enabled, even if it's vulnerable.
|
|
|
|
- mitigations=auto,nosmt: Enable all the default mitigations, disabling
|
|
SMT if needed by a mitigation.
|
|
|
|
Currently, these options are placeholders which don't actually do
|
|
anything. They will be fleshed out in upcoming patches.
|
|
|
|
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
|
|
Reviewed-by: Jiri Kosina <jkosina@suse.cz>
|
|
Cc: Borislav Petkov <bp@alien8.de>
|
|
Cc: "H . Peter Anvin" <hpa@zytor.com>
|
|
Cc: Andy Lutomirski <luto@kernel.org>
|
|
Cc: Peter Zijlstra <peterz@infradead.org>
|
|
Cc: Jiri Kosina <jikos@kernel.org>
|
|
Cc: Waiman Long <longman@redhat.com>
|
|
Cc: Andrea Arcangeli <aarcange@redhat.com>
|
|
Cc: Jon Masters <jcm@redhat.com>
|
|
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
|
Cc: Paul Mackerras <paulus@samba.org>
|
|
Cc: Michael Ellerman <mpe@ellerman.id.au>
|
|
Cc: linuxppc-dev@lists.ozlabs.org
|
|
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
|
|
Cc: linux-s390@vger.kernel.org
|
|
Cc: Catalin Marinas <catalin.marinas@arm.com>
|
|
Cc: Will Deacon <will.deacon@arm.com>
|
|
Cc: linux-arm-kernel@lists.infradead.org
|
|
Cc: linux-arch@vger.kernel.org
|
|
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Cc: Tyler Hicks <tyhicks@canonical.com>
|
|
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Cc: Randy Dunlap <rdunlap@infradead.org>
|
|
Cc: Steven Price <steven.price@arm.com>
|
|
Cc: Phil Auld <pauld@redhat.com>
|
|
Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com
|
|
---
|
|
.../admin-guide/kernel-parameters.txt | 24 +++++++++++++++++++
|
|
include/linux/cpu.h | 24 +++++++++++++++++++
|
|
kernel/cpu.c | 15 ++++++++++++
|
|
3 files changed, 63 insertions(+)
|
|
|
|
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
index df8d10668b11..6a1b94afb005 100644
|
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
|
@@ -2502,6 +2502,30 @@
|
|
in the "bleeding edge" mini2440 support kernel at
|
|
http://repo.or.cz/w/linux-2.6/mini2440.git
|
|
|
|
+ mitigations=
|
|
+ Control optional mitigations for CPU vulnerabilities.
|
|
+ This is a set of curated, arch-independent options, each
|
|
+ of which is an aggregation of existing arch-specific
|
|
+ options.
|
|
+
|
|
+ off
|
|
+ Disable all optional CPU mitigations. This
|
|
+ improves system performance, but it may also
|
|
+ expose users to several CPU vulnerabilities.
|
|
+
|
|
+ auto (default)
|
|
+ Mitigate all CPU vulnerabilities, but leave SMT
|
|
+ enabled, even if it's vulnerable. This is for
|
|
+ users who don't want to be surprised by SMT
|
|
+ getting disabled across kernel upgrades, or who
|
|
+ have other ways of avoiding SMT-based attacks.
|
|
+ This is the default behavior.
|
|
+
|
|
+ auto,nosmt
|
|
+ Mitigate all CPU vulnerabilities, disabling SMT
|
|
+ if needed. This is for users who always want to
|
|
+ be fully mitigated, even if it means losing SMT.
|
|
+
|
|
mminit_loglevel=
|
|
[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
|
|
parameter allows control of the logging verbosity for
|
|
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
|
|
index 3c87ad888ed3..57ae83c4d5f4 100644
|
|
--- a/include/linux/cpu.h
|
|
+++ b/include/linux/cpu.h
|
|
@@ -189,4 +189,28 @@ static inline void cpu_smt_disable(bool force) { }
|
|
static inline void cpu_smt_check_topology(void) { }
|
|
#endif
|
|
|
|
+/*
|
|
+ * These are used for a global "mitigations=" cmdline option for toggling
|
|
+ * optional CPU mitigations.
|
|
+ */
|
|
+enum cpu_mitigations {
|
|
+ CPU_MITIGATIONS_OFF,
|
|
+ CPU_MITIGATIONS_AUTO,
|
|
+ CPU_MITIGATIONS_AUTO_NOSMT,
|
|
+};
|
|
+
|
|
+extern enum cpu_mitigations cpu_mitigations;
|
|
+
|
|
+/* mitigations=off */
|
|
+static inline bool cpu_mitigations_off(void)
|
|
+{
|
|
+ return cpu_mitigations == CPU_MITIGATIONS_OFF;
|
|
+}
|
|
+
|
|
+/* mitigations=auto,nosmt */
|
|
+static inline bool cpu_mitigations_auto_nosmt(void)
|
|
+{
|
|
+ return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT;
|
|
+}
|
|
+
|
|
#endif /* _LINUX_CPU_H_ */
|
|
diff --git a/kernel/cpu.c b/kernel/cpu.c
|
|
index dc250ec2c096..bc6c880a093f 100644
|
|
--- a/kernel/cpu.c
|
|
+++ b/kernel/cpu.c
|
|
@@ -2278,3 +2278,18 @@ void __init boot_cpu_hotplug_init(void)
|
|
#endif
|
|
this_cpu_write(cpuhp_state.state, CPUHP_ONLINE);
|
|
}
|
|
+
|
|
+enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO;
|
|
+
|
|
+static int __init mitigations_parse_cmdline(char *arg)
|
|
+{
|
|
+ if (!strcmp(arg, "off"))
|
|
+ cpu_mitigations = CPU_MITIGATIONS_OFF;
|
|
+ else if (!strcmp(arg, "auto"))
|
|
+ cpu_mitigations = CPU_MITIGATIONS_AUTO;
|
|
+ else if (!strcmp(arg, "auto,nosmt"))
|
|
+ cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+early_param("mitigations", mitigations_parse_cmdline);
|