Merge branch 'core/speculation' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into for-next/mitigations

+32

Documentation/admin-guide/kernel-parameters.txt

··· 2544 2544 in the "bleeding edge" mini2440 support kernel at 2545 2545 http://repo.or.cz/w/linux-2.6/mini2440.git 2546 2546 2547 + mitigations= 2548 + [X86,PPC,S390] Control optional mitigations for CPU 2549 + vulnerabilities. This is a set of curated, 2550 + arch-independent options, each of which is an 2551 + aggregation of existing arch-specific options. 2552 + 2553 + off 2554 + Disable all optional CPU mitigations. This 2555 + improves system performance, but it may also 2556 + expose users to several CPU vulnerabilities. 2557 + Equivalent to: nopti [X86,PPC] 2558 + nospectre_v1 [PPC] 2559 + nobp=0 [S390] 2560 + nospectre_v2 [X86,PPC,S390] 2561 + spectre_v2_user=off [X86] 2562 + spec_store_bypass_disable=off [X86,PPC] 2563 + l1tf=off [X86] 2564 + 2565 + auto (default) 2566 + Mitigate all CPU vulnerabilities, but leave SMT 2567 + enabled, even if it's vulnerable. This is for 2568 + users who don't want to be surprised by SMT 2569 + getting disabled across kernel upgrades, or who 2570 + have other ways of avoiding SMT-based attacks. 2571 + Equivalent to: (default behavior) 2572 + 2573 + auto,nosmt 2574 + Mitigate all CPU vulnerabilities, disabling SMT 2575 + if needed. This is for users who always want to 2576 + be fully mitigated, even if it means losing SMT. 2577 + Equivalent to: l1tf=flush,nosmt [X86] 2578 + 2547 2579 mminit_loglevel= 2548 2580 [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this 2549 2581 parameter allows control of the logging verbosity for

+3 -3

arch/powerpc/kernel/security.c

··· 57 57 enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && 58 58 security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR); 59 59 60 - if (!no_nospec) 60 + if (!no_nospec && !cpu_mitigations_off()) 61 61 enable_barrier_nospec(enable); 62 62 } 63 63 ··· 116 116 early_param("nospectre_v2", handle_nospectre_v2); 117 117 void setup_spectre_v2(void) 118 118 { 119 - if (no_spectrev2) 119 + if (no_spectrev2 || cpu_mitigations_off()) 120 120 do_btb_flush_fixups(); 121 121 else 122 122 btb_flush_enabled = true; ··· 300 300 301 301 stf_enabled_flush_types = type; 302 302 303 - if (!no_stf_barrier) 303 + if (!no_stf_barrier && !cpu_mitigations_off()) 304 304 stf_barrier_enable(enable); 305 305 } 306 306

+1 -1

arch/powerpc/kernel/setup_64.c

··· 932 932 933 933 enabled_flush_types = types; 934 934 935 - if (!no_rfi_flush) 935 + if (!no_rfi_flush && !cpu_mitigations_off()) 936 936 rfi_flush_enable(enable); 937 937 } 938 938

+2 -1

arch/s390/kernel/nospec-branch.c

··· 1 1 // SPDX-License-Identifier: GPL-2.0 2 2 #include <linux/module.h> 3 3 #include <linux/device.h> 4 + #include <linux/cpu.h> 4 5 #include <asm/nospec-branch.h> 5 6 6 7 static int __init nobp_setup_early(char *str) ··· 59 58 60 59 void __init nospec_auto_detect(void) 61 60 { 62 - if (test_facility(156)) { 61 + if (test_facility(156) || cpu_mitigations_off()) { 63 62 /* 64 63 * The machine supports etokens. 65 64 * Disable expolines and disable nobp.

+9 -2

arch/x86/kernel/cpu/bugs.c

··· 440 440 char arg[20]; 441 441 int ret, i; 442 442 443 - if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) 443 + if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") || 444 + cpu_mitigations_off()) 444 445 return SPECTRE_V2_CMD_NONE; 445 446 446 447 ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); ··· 673 672 char arg[20]; 674 673 int ret, i; 675 674 676 - if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) { 675 + if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") || 676 + cpu_mitigations_off()) { 677 677 return SPEC_STORE_BYPASS_CMD_NONE; 678 678 } else { 679 679 ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable", ··· 1009 1007 1010 1008 if (!boot_cpu_has_bug(X86_BUG_L1TF)) 1011 1009 return; 1010 + 1011 + if (cpu_mitigations_off()) 1012 + l1tf_mitigation = L1TF_MITIGATION_OFF; 1013 + else if (cpu_mitigations_auto_nosmt()) 1014 + l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT; 1012 1015 1013 1016 override_cache_bits(&boot_cpu_data); 1014 1017

+3 -1

arch/x86/mm/pti.c

··· 35 35 #include <linux/spinlock.h> 36 36 #include <linux/mm.h> 37 37 #include <linux/uaccess.h> 38 + #include <linux/cpu.h> 38 39 39 40 #include <asm/cpufeature.h> 40 41 #include <asm/hypervisor.h> ··· 116 115 } 117 116 } 118 117 119 - if (cmdline_find_option_bool(boot_command_line, "nopti")) { 118 + if (cmdline_find_option_bool(boot_command_line, "nopti") || 119 + cpu_mitigations_off()) { 120 120 pti_mode = PTI_FORCE_OFF; 121 121 pti_print_if_insecure("disabled on command line."); 122 122 return;

+24

include/linux/cpu.h

··· 187 187 static inline void cpu_smt_check_topology(void) { } 188 188 #endif 189 189 190 + /* 191 + * These are used for a global "mitigations=" cmdline option for toggling 192 + * optional CPU mitigations. 193 + */ 194 + enum cpu_mitigations { 195 + CPU_MITIGATIONS_OFF, 196 + CPU_MITIGATIONS_AUTO, 197 + CPU_MITIGATIONS_AUTO_NOSMT, 198 + }; 199 + 200 + extern enum cpu_mitigations cpu_mitigations; 201 + 202 + /* mitigations=off */ 203 + static inline bool cpu_mitigations_off(void) 204 + { 205 + return cpu_mitigations == CPU_MITIGATIONS_OFF; 206 + } 207 + 208 + /* mitigations=auto,nosmt */ 209 + static inline bool cpu_mitigations_auto_nosmt(void) 210 + { 211 + return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT; 212 + } 213 + 190 214 #endif /* _LINUX_CPU_H_ */

+15

kernel/cpu.c

··· 2304 2304 #endif 2305 2305 this_cpu_write(cpuhp_state.state, CPUHP_ONLINE); 2306 2306 } 2307 + 2308 + enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO; 2309 + 2310 + static int __init mitigations_parse_cmdline(char *arg) 2311 + { 2312 + if (!strcmp(arg, "off")) 2313 + cpu_mitigations = CPU_MITIGATIONS_OFF; 2314 + else if (!strcmp(arg, "auto")) 2315 + cpu_mitigations = CPU_MITIGATIONS_AUTO; 2316 + else if (!strcmp(arg, "auto,nosmt")) 2317 + cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT; 2318 + 2319 + return 0; 2320 + } 2321 + early_param("mitigations", mitigations_parse_cmdline);