]>
Commit | Line | Data |
---|---|---|
1f91e7a4 GKH |
1 | From foo@baz Tue 14 May 2019 08:29:35 PM CEST |
2 | From: Josh Poimboeuf <jpoimboe@redhat.com> | |
3 | Date: Fri, 12 Apr 2019 15:39:28 -0500 | |
4 | Subject: cpu/speculation: Add 'mitigations=' cmdline option | |
5 | ||
6 | From: Josh Poimboeuf <jpoimboe@redhat.com> | |
7 | ||
8 | commit 98af8452945c55652de68536afdde3b520fec429 upstream. | |
9 | ||
10 | Keeping track of the number of mitigations for all the CPU speculation | |
11 | bugs has become overwhelming for many users. It's getting more and more | |
12 | complicated to decide which mitigations are needed for a given | |
13 | architecture. Complicating matters is the fact that each arch tends to | |
14 | have its own custom way to mitigate the same vulnerability. | |
15 | ||
16 | Most users fall into a few basic categories: | |
17 | ||
18 | a) they want all mitigations off; | |
19 | ||
20 | b) they want all reasonable mitigations on, with SMT enabled even if | |
21 | it's vulnerable; or | |
22 | ||
23 | c) they want all reasonable mitigations on, with SMT disabled if | |
24 | vulnerable. | |
25 | ||
26 | Define a set of curated, arch-independent options, each of which is an | |
27 | aggregation of existing options: | |
28 | ||
29 | - mitigations=off: Disable all mitigations. | |
30 | ||
31 | - mitigations=auto: [default] Enable all the default mitigations, but | |
32 | leave SMT enabled, even if it's vulnerable. | |
33 | ||
34 | - mitigations=auto,nosmt: Enable all the default mitigations, disabling | |
35 | SMT if needed by a mitigation. | |
36 | ||
37 | Currently, these options are placeholders which don't actually do | |
38 | anything. They will be fleshed out in upcoming patches. | |
39 | ||
40 | Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> | |
41 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
42 | Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86) | |
43 | Reviewed-by: Jiri Kosina <jkosina@suse.cz> | |
44 | Cc: Borislav Petkov <bp@alien8.de> | |
45 | Cc: "H . Peter Anvin" <hpa@zytor.com> | |
46 | Cc: Andy Lutomirski <luto@kernel.org> | |
47 | Cc: Peter Zijlstra <peterz@infradead.org> | |
48 | Cc: Jiri Kosina <jikos@kernel.org> | |
49 | Cc: Waiman Long <longman@redhat.com> | |
50 | Cc: Andrea Arcangeli <aarcange@redhat.com> | |
51 | Cc: Jon Masters <jcm@redhat.com> | |
52 | Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> | |
53 | Cc: Paul Mackerras <paulus@samba.org> | |
54 | Cc: Michael Ellerman <mpe@ellerman.id.au> | |
55 | Cc: linuxppc-dev@lists.ozlabs.org | |
56 | Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> | |
57 | Cc: Heiko Carstens <heiko.carstens@de.ibm.com> | |
58 | Cc: linux-s390@vger.kernel.org | |
59 | Cc: Catalin Marinas <catalin.marinas@arm.com> | |
60 | Cc: Will Deacon <will.deacon@arm.com> | |
61 | Cc: linux-arm-kernel@lists.infradead.org | |
62 | Cc: linux-arch@vger.kernel.org | |
63 | Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
64 | Cc: Tyler Hicks <tyhicks@canonical.com> | |
65 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
66 | Cc: Randy Dunlap <rdunlap@infradead.org> | |
67 | Cc: Steven Price <steven.price@arm.com> | |
68 | Cc: Phil Auld <pauld@redhat.com> | |
69 | Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com | |
70 | [bwh: Backported to 4.4: | |
71 | - Drop the auto,nosmt option which we can't support | |
72 | - Adjust filename] | |
73 | Signed-off-by: Ben Hutchings <ben@decadent.org.uk> | |
74 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
75 | --- | |
76 | Documentation/kernel-parameters.txt | 19 +++++++++++++++++++ | |
77 | include/linux/cpu.h | 17 +++++++++++++++++ | |
78 | kernel/cpu.c | 13 +++++++++++++ | |
79 | 3 files changed, 49 insertions(+) | |
80 | ||
81 | --- a/Documentation/kernel-parameters.txt | |
82 | +++ b/Documentation/kernel-parameters.txt | |
83 | @@ -2173,6 +2173,25 @@ bytes respectively. Such letter suffixes | |
84 | in the "bleeding edge" mini2440 support kernel at | |
85 | http://repo.or.cz/w/linux-2.6/mini2440.git | |
86 | ||
87 | + mitigations= | |
88 | + Control optional mitigations for CPU vulnerabilities. | |
89 | + This is a set of curated, arch-independent options, each | |
90 | + of which is an aggregation of existing arch-specific | |
91 | + options. | |
92 | + | |
93 | + off | |
94 | + Disable all optional CPU mitigations. This | |
95 | + improves system performance, but it may also | |
96 | + expose users to several CPU vulnerabilities. | |
97 | + | |
98 | + auto (default) | |
99 | + Mitigate all CPU vulnerabilities, but leave SMT | |
100 | + enabled, even if it's vulnerable. This is for | |
101 | + users who don't want to be surprised by SMT | |
102 | + getting disabled across kernel upgrades, or who | |
103 | + have other ways of avoiding SMT-based attacks. | |
104 | + This is the default behavior. | |
105 | + | |
106 | mminit_loglevel= | |
107 | [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this | |
108 | parameter allows control of the logging verbosity for | |
109 | --- a/include/linux/cpu.h | |
110 | +++ b/include/linux/cpu.h | |
111 | @@ -296,4 +296,21 @@ bool cpu_wait_death(unsigned int cpu, in | |
112 | bool cpu_report_death(void); | |
113 | #endif /* #ifdef CONFIG_HOTPLUG_CPU */ | |
114 | ||
115 | +/* | |
116 | + * These are used for a global "mitigations=" cmdline option for toggling | |
117 | + * optional CPU mitigations. | |
118 | + */ | |
119 | +enum cpu_mitigations { | |
120 | + CPU_MITIGATIONS_OFF, | |
121 | + CPU_MITIGATIONS_AUTO, | |
122 | +}; | |
123 | + | |
124 | +extern enum cpu_mitigations cpu_mitigations; | |
125 | + | |
126 | +/* mitigations=off */ | |
127 | +static inline bool cpu_mitigations_off(void) | |
128 | +{ | |
129 | + return cpu_mitigations == CPU_MITIGATIONS_OFF; | |
130 | +} | |
131 | + | |
132 | #endif /* _LINUX_CPU_H_ */ | |
133 | --- a/kernel/cpu.c | |
134 | +++ b/kernel/cpu.c | |
135 | @@ -842,3 +842,16 @@ void init_cpu_online(const struct cpumas | |
136 | { | |
137 | cpumask_copy(to_cpumask(cpu_online_bits), src); | |
138 | } | |
139 | + | |
140 | +enum cpu_mitigations cpu_mitigations = CPU_MITIGATIONS_AUTO; | |
141 | + | |
142 | +static int __init mitigations_parse_cmdline(char *arg) | |
143 | +{ | |
144 | + if (!strcmp(arg, "off")) | |
145 | + cpu_mitigations = CPU_MITIGATIONS_OFF; | |
146 | + else if (!strcmp(arg, "auto")) | |
147 | + cpu_mitigations = CPU_MITIGATIONS_AUTO; | |
148 | + | |
149 | + return 0; | |
150 | +} | |
151 | +early_param("mitigations", mitigations_parse_cmdline); |