Linus, I Cc'd you on this as patch 1 fixes a goof that causes mitigations
to be completely disabled on all !x86 architectures, and it'd be nice to
fix that in rc5. There was a decent bit of discussion on how exactly to
juggle the Kconfigs, and so I don't expect anyone to include this in a pull
request for rc5.
The discussion didn't fully resolve, i.e. this hasn't gotten a thumbs up
from the affected parties, but I think/hope my approach here is minimal
enough for other architectures (just restores previous behavior), and
shouldn't result in a huge amount of churn if we decide to go in a
different direction.
TL;DR: please grab patch 1 directly if you think it's worth squeezing into
rc5, and isn't completely crazy.
Thanks!
Patch 2 is probably 6.9 material, but is definitely not rc5 material. It
disallows retroactively enabling mitigations via command line if the kernel
was built with CPU_MITIGATIONS=n, as it's infeasible for x86 to provide
sane, predictable behavior for this scenario.
v2:
- Rework the Kconfigs so that there's a single user-visible CPU_MITIGATION
config. [Everyone]
- Define CPU_MITIGATIONS in arch/Kconfig. [Josh]
- Completely compile out the cpu_mitigations code if CPU_MITIGATIONS=n,
e.g. to make impossible to end up in a half-baked state where
cpu_mitigations ends up enabled but the kernel wasn't compiled with
mitigations enabled.
v1: https://lore.kernel.org/all/20240417001507.2264512-1-seanjc@google.com
Sean Christopherson (2):
cpu: Re-enable CPU mitigations by default for !X86 architectures
cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n
.../admin-guide/kernel-parameters.txt | 3 +++
arch/Kconfig | 8 ++++++++
arch/x86/Kconfig | 19 ++++++++++++-------
include/linux/cpu.h | 11 +++++++++++
kernel/cpu.c | 13 ++++++++++---
5 files changed, 44 insertions(+), 10 deletions(-)
base-commit: 96fca68c4fbf77a8185eb10f7557e23352732ea2
--
2.44.0.769.g3c40516874-goog