x86/cpu: Remove CONFIG_X86_SMAP and "nosmap"

+1 -1

Documentation/admin-guide/kernel-parameters.txt

··· 3461 3461 noexec=on: enable non-executable mappings (default) 3462 3462 noexec=off: disable non-executable mappings 3463 3463 3464 - nosmap [X86,PPC] 3464 + nosmap [PPC] 3465 3465 Disable SMAP (Supervisor Mode Access Prevention) 3466 3466 even if it is supported by processor. 3467 3467

+2 -3

Documentation/x86/cpuinfo.rst

··· 140 140 141 141 In addition, there exists a variety of custom command-line parameters that 142 142 disable specific features. The list of parameters includes, but is not limited 143 - to, nofsgsbase, nosmap, and nosmep. 5-level paging can also be disabled using 144 - "no5lvl". SMAP and SMEP are disabled with the aforementioned parameters, 145 - respectively. 143 + to, nofsgsbase, and nosmep. 5-level paging can also be disabled using 144 + "no5lvl". SMEP is disabled with the aforementioned parameter. 146 145 147 146 e: The feature was known to be non-functional. 148 147 ----------------------------------------------

-11

arch/x86/Kconfig

··· 1816 1816 If supported, this is a high bandwidth, cryptographically 1817 1817 secure hardware random number generator. 1818 1818 1819 - config X86_SMAP 1820 - def_bool y 1821 - prompt "Supervisor Mode Access Prevention" if EXPERT 1822 - help 1823 - Supervisor Mode Access Prevention (SMAP) is a security 1824 - feature in newer Intel processors. There is a small 1825 - performance cost if this enabled and turned on; there is 1826 - also a small increase in the kernel size if this is enabled. 1827 - 1828 - If unsure, say Y. 1829 - 1830 1819 config X86_UMIP 1831 1820 def_bool y 1832 1821 prompt "User Mode Instruction Prevention" if EXPERT

+1 -7

arch/x86/include/asm/disabled-features.h

··· 10 10 * cpu_feature_enabled(). 11 11 */ 12 12 13 - #ifdef CONFIG_X86_SMAP 14 - # define DISABLE_SMAP 0 15 - #else 16 - # define DISABLE_SMAP (1<<(X86_FEATURE_SMAP & 31)) 17 - #endif 18 - 19 13 #ifdef CONFIG_X86_UMIP 20 14 # define DISABLE_UMIP 0 21 15 #else ··· 74 80 #define DISABLED_MASK6 0 75 81 #define DISABLED_MASK7 (DISABLE_PTI) 76 82 #define DISABLED_MASK8 0 77 - #define DISABLED_MASK9 (DISABLE_SMAP|DISABLE_SGX) 83 + #define DISABLED_MASK9 (DISABLE_SGX) 78 84 #define DISABLED_MASK10 0 79 85 #define DISABLED_MASK11 0 80 86 #define DISABLED_MASK12 0

-24

arch/x86/include/asm/smap.h

··· 19 19 20 20 #ifdef __ASSEMBLY__ 21 21 22 - #ifdef CONFIG_X86_SMAP 23 - 24 22 #define ASM_CLAC \ 25 23 ALTERNATIVE "", __ASM_CLAC, X86_FEATURE_SMAP 26 24 27 25 #define ASM_STAC \ 28 26 ALTERNATIVE "", __ASM_STAC, X86_FEATURE_SMAP 29 27 30 - #else /* CONFIG_X86_SMAP */ 31 - 32 - #define ASM_CLAC 33 - #define ASM_STAC 34 - 35 - #endif /* CONFIG_X86_SMAP */ 36 - 37 28 #else /* __ASSEMBLY__ */ 38 - 39 - #ifdef CONFIG_X86_SMAP 40 29 41 30 static __always_inline void clac(void) 42 31 { ··· 64 75 ALTERNATIVE("", __ASM_CLAC, X86_FEATURE_SMAP) 65 76 #define ASM_STAC \ 66 77 ALTERNATIVE("", __ASM_STAC, X86_FEATURE_SMAP) 67 - 68 - #else /* CONFIG_X86_SMAP */ 69 - 70 - static inline void clac(void) { } 71 - static inline void stac(void) { } 72 - 73 - static inline unsigned long smap_save(void) { return 0; } 74 - static inline void smap_restore(unsigned long flags) { } 75 - 76 - #define ASM_CLAC 77 - #define ASM_STAC 78 - 79 - #endif /* CONFIG_X86_SMAP */ 80 78 81 79 #endif /* __ASSEMBLY__ */ 82 80

+1 -14

arch/x86/kernel/cpu/common.c

··· 382 382 cr4_set_bits(X86_CR4_SMEP); 383 383 } 384 384 385 - static __init int setup_disable_smap(char *arg) 386 - { 387 - setup_clear_cpu_cap(X86_FEATURE_SMAP); 388 - return 1; 389 - } 390 - __setup("nosmap", setup_disable_smap); 391 - 392 385 static __always_inline void setup_smap(struct cpuinfo_x86 *c) 393 386 { 394 387 unsigned long eflags = native_save_fl(); ··· 389 396 /* This should have been cleared long ago */ 390 397 BUG_ON(eflags & X86_EFLAGS_AC); 391 398 392 - if (cpu_has(c, X86_FEATURE_SMAP)) { 393 - #ifdef CONFIG_X86_SMAP 399 + if (cpu_has(c, X86_FEATURE_SMAP)) 394 400 cr4_set_bits(X86_CR4_SMAP); 395 - #else 396 - clear_cpu_cap(c, X86_FEATURE_SMAP); 397 - cr4_clear_bits(X86_CR4_SMAP); 398 - #endif 399 - } 400 401 } 401 402 402 403 static __always_inline void setup_umip(struct cpuinfo_x86 *c)

+1 -1

scripts/Makefile.build

··· 233 233 $(if $(CONFIG_FRAME_POINTER),, --no-fp) \ 234 234 $(if $(CONFIG_GCOV_KERNEL)$(CONFIG_LTO_CLANG), --no-unreachable)\ 235 235 $(if $(CONFIG_RETPOLINE), --retpoline) \ 236 - $(if $(CONFIG_X86_SMAP), --uaccess) \ 236 + --uaccess \ 237 237 $(if $(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL), --mcount) \ 238 238 $(if $(CONFIG_SLS), --sls) 239 239

+3 -3

scripts/link-vmlinux.sh

··· 146 146 if is_enabled CONFIG_RETPOLINE; then 147 147 objtoolopt="${objtoolopt} --retpoline" 148 148 fi 149 - if is_enabled CONFIG_X86_SMAP; then 150 - objtoolopt="${objtoolopt} --uaccess" 151 - fi 149 + 150 + objtoolopt="${objtoolopt} --uaccess" 151 + 152 152 if is_enabled CONFIG_SLS; then 153 153 objtoolopt="${objtoolopt} --sls" 154 154 fi

+1 -7

tools/arch/x86/include/asm/disabled-features.h

··· 10 10 * cpu_feature_enabled(). 11 11 */ 12 12 13 - #ifdef CONFIG_X86_SMAP 14 - # define DISABLE_SMAP 0 15 - #else 16 - # define DISABLE_SMAP (1<<(X86_FEATURE_SMAP & 31)) 17 - #endif 18 - 19 13 #ifdef CONFIG_X86_UMIP 20 14 # define DISABLE_UMIP 0 21 15 #else ··· 74 80 #define DISABLED_MASK6 0 75 81 #define DISABLED_MASK7 (DISABLE_PTI) 76 82 #define DISABLED_MASK8 0 77 - #define DISABLED_MASK9 (DISABLE_SMAP|DISABLE_SGX) 83 + #define DISABLED_MASK9 (DISABLE_SGX) 78 84 #define DISABLED_MASK10 0 79 85 #define DISABLED_MASK11 0 80 86 #define DISABLED_MASK12 0