From nobody Sat Feb 7 09:42:27 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 456877FD for ; Sat, 20 Apr 2024 00:06:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713571565; cv=none; b=c/FE9GFD55GeFDsR4wO/Uy4Ngq0nrE83xXPQbmUp1I9SRsHKmCzt4gtRfhYSEFqS2g+wLYIl4kcFoh2oeehTf/ndrepme1/PvxktKxVUD+B4ve7cTnoJGjiwAdLevIICnOjivOLYTopN3qj6iAvnx+h1x0LFMY/eQGtViqpnyyc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713571565; c=relaxed/simple; bh=AbrNMuShjoqU+z+XVkR+06IatKvC9MN5XA8xptC1D9E=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VCDC12BCTpU8NpFOEamMGGLDTC6fPmPHo7/3gw1i+MQEcS6HoQUKC0urVBpb8MLQDdhaNtpcwxryUrjNpcXTwr2bCry2FRCspdOx4AzgQbJe9zD+QJou7r50hdZGKMcP66y2TaFz242ejPdWE/HFCjBYf69MGjPRycWnZsfaMkw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pUufDVQF; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pUufDVQF" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-5cfc2041cdfso2417148a12.2 for ; Fri, 19 Apr 2024 17:06:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713571563; x=1714176363; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=rPXhQd6B8lAQb9khLVf8qww1T68yj7WoIM319n91vX8=; b=pUufDVQF/Tj0B2Z2ICzAhyNuScWiNOko4kH6Wv3iEZZKyShU7RnVqefrx78WVG4EJc BgEqMrOLxXwgKqaG5QWQuyM7h3x7LTvLNOA9/viKScBTwTL9c/0QLJXJTlYihPGu++GU 9IBNl1i965CIdNec2zfZ+RyhKnqyhpE2mvzZypBvt3mdQMQejRuRy3B5AnlOnmmkcNdC F1U8L8B9knYqC12XgleuyBwwk7KfKQf0F6kj4FJIM+r73/t2wXorH9N0TeEOxWR4/PRi 8nEdh6RMjDtstc7LRSVc66MxLA52f11FwamFSMoSTaP9pR10yIsAuJP4BR58bCoDLArB qbRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713571563; x=1714176363; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rPXhQd6B8lAQb9khLVf8qww1T68yj7WoIM319n91vX8=; b=pvrFS4Upic6Z8owi8p2E2VkbF8DFumeIHC1EMUkwxIAMZs6IKMHXmSmHupkgGflBN4 eZpMFGYPB007t+lcgOBRhHf0dwIL2v3WNBYx2RVpQ3JobQy0sH1U3jok22UsC2eKdI68 +fwU5PybUk7yOq1Hd5mJLaZUBWLA9rCxLYJOLxJXx1q7YWB3C5lviF2HaLqYekEsUR3S ritVFPixB3ixI0EzaQ3Jd1wvRN5KMsW/IXGfNSjDb95oOYm5tSotdmSI40SvRa7qE2yB BuVZdEa2AFcmZHstojkhDJjxYpxDe+aKyVNzempZQdn5rcUgavtggAyZx0so22JsePIf BSYQ== X-Gm-Message-State: AOJu0Yze7narFhKrM9G7X4HzrUua2hT1OZeo7aBWFLyrsIlGoRgr/Md+ MjgouEcs6j0ZDvhgaYOT3ROO+rwJlGW1HOz62ARUMW6xWovyzQCRcXeTHFz1Qji75aZV8E/O21O cRg== X-Google-Smtp-Source: AGHT+IEmMmSUVgXU1tSXZ/MTXIV0RNptco5i3YMLAwQBt8RryWMQ+OH62EnrBkUaDrNS8iqLBb2QODocG/I= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:7782:0:b0:5d8:be91:930d with SMTP id s124-20020a637782000000b005d8be91930dmr10125pgc.0.1713571563532; Fri, 19 Apr 2024 17:06:03 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Apr 2024 17:05:54 -0700 In-Reply-To: <20240420000556.2645001-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240420000556.2645001-1-seanjc@google.com> X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240420000556.2645001-2-seanjc@google.com> Subject: [PATCH v2 1/2] cpu: Re-enable CPU mitigations by default for !X86 architectures From: Sean Christopherson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Peter Zijlstra Cc: linux-kernel@vger.kernel.org, Stephen Rothwell , Michael Ellerman , Geert Uytterhoeven , Josh Poimboeuf , Will Deacon , Linus Torvalds , Sean Christopherson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rename x86's to CPU_MITIGATIONS, define it in generic code, and force it on for all architectures exception x86. A recent commit to turn mitigations off by default if SPECULATION_MITIGATIONS=3Dn kinda sorta missed that "cpu_mitigations" is completely generic, whereas SPECULATION_MITIGATIONS is x86 specific. Rename x86's SPECULATIVE_MITIGATIONS instead of keeping both and have it select CPU_MITIGATIONS, as having two configs for the same thing is unnecessary and confusing. This will also allow x86 to use the knob to manage mitigations that aren't strictly related to speculative execution. Use another Kconfig to communicate to common code that CPU_MITIGATIONS is already defined instead of having x86's menu depend on the common CPU_MITIGATIONS. This allows keeping a single point of contact for all of x86's mitigations, and it's not clear that other architectures *want* to allow disabling mitigations at compile-time. Reported-by: Stephen Rothwell Reported-by: Michael Ellerman Reported-by: Geert Uytterhoeven Closes: https://lkml.kernel.org/r/20240413115324.53303a68%40canb.auug.org.au Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for= SPECULATION_MITIGATIONS=3Dn") Cc: Josh Poimboeuf Cc: Will Deacon Cc: Linus Torvalds Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Acked-by: Borislav Petkov (AMD) Acked-by: Josh Poimboeuf --- arch/Kconfig | 8 ++++++++ arch/x86/Kconfig | 11 ++++++----- kernel/cpu.c | 4 ++-- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index 65afb1de48b3..30f7930275d8 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -9,6 +9,14 @@ # source "arch/$(SRCARCH)/Kconfig" =20 +config ARCH_CONFIGURES_CPU_MITIGATIONS + bool + +if !ARCH_CONFIGURES_CPU_MITIGATIONS +config CPU_MITIGATIONS + def_bool y +endif + menu "General architecture-dependent options" =20 config ARCH_HAS_SUBPAGE_FAULTS diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4474bf32d0a4..619a04d5c131 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -62,6 +62,7 @@ config X86 select ACPI_HOTPLUG_CPU if ACPI_PROCESSOR && HOTPLUG_CPU select ARCH_32BIT_OFF_T if X86_32 select ARCH_CLOCKSOURCE_INIT + select ARCH_CONFIGURES_CPU_MITIGATIONS select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRAT= ION select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64 @@ -2488,17 +2489,17 @@ config PREFIX_SYMBOLS def_bool y depends on CALL_PADDING && !CFI_CLANG =20 -menuconfig SPECULATION_MITIGATIONS - bool "Mitigations for speculative execution vulnerabilities" +menuconfig CPU_MITIGATIONS + bool "Mitigations for CPU vulnerabilities" default y help - Say Y here to enable options which enable mitigations for - speculative execution hardware vulnerabilities. + Say Y here to enable options which enable mitigations for hardware + vulnerabilities (usually related to speculative execution). =20 If you say N, all mitigations will be disabled. You really should know what you are doing to say so. =20 -if SPECULATION_MITIGATIONS +if CPU_MITIGATIONS =20 config MITIGATION_PAGE_TABLE_ISOLATION bool "Remove the kernel mapping in user mode" diff --git a/kernel/cpu.c b/kernel/cpu.c index 07ad53b7f119..bb0ff275fb46 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3207,8 +3207,8 @@ enum cpu_mitigations { }; =20 static enum cpu_mitigations cpu_mitigations __ro_after_init =3D - IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : - CPU_MITIGATIONS_OFF; + IS_ENABLED(CONFIG_CPU_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : + CPU_MITIGATIONS_OFF; =20 static int __init mitigations_parse_cmdline(char *arg) { --=20 2.44.0.769.g3c40516874-goog From nobody Sat Feb 7 09:42:27 2026 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54A8B320A for ; Sat, 20 Apr 2024 00:06:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713571567; cv=none; b=Iz2Y21UWm+7MrVELqNoaDeNpfNyfJsjqk/kXGYrW37SM46qn2TSSyvuOd2xFesa87L3TUHnmeGOaoGARtDf8iTs3anomQpC8GFj0ErGtizzCtZlVVIQ8+qz0ktcXLOjliG87lrqN1a7p2jHWu0evf5aq5jAMELQQ5NFku/leEZ4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713571567; c=relaxed/simple; bh=hQsIpaNlyBty75DD7t5jIwQA87JdgxVtOi6IDRwsKy4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CUfSvohAf1d4fsjkEBEL8Vfo5gBgAfAsAU/AiFFJ9Gqt3XYZZVLdx/qy0HuUgORo0QKDcpM7LKDexOqbM5doJeyvyhwosedtcZ66fZYJQFI8TgGFfN8Qq32hg+JNYvsyEPfLm70N2LIvKh8FHVXGjeTVvLjnS4cOstfb2fwU21o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1jzCIeCR; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1jzCIeCR" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-de45d36b049so4289098276.0 for ; Fri, 19 Apr 2024 17:06:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713571565; x=1714176365; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=so8727EOvkSPZlRuAoZTn7r1JdCzB1JDrFmlKMuMW0M=; b=1jzCIeCRpfd+WI0zdHODEm0B1SdpfOKT5yd5ZnLLLx1abPTcQ8vGn+dhyvP32XCjl2 pIUOonDCNoj86ox4gS+IA87GXaOIjRaw2HVpEsnHK2ULiMvpjFRg6X/USfq3pMJuN3aB hyZU8Symy9Mw0hZwqOULirL/gRG/QxemgpjhSUqgIGWjpvald1ZvKw2yRQAF7CnaV7QL 5m1H8G73XFfr/zCYX6a3mWELPFu3kJO0150CdtCO2nzkKDkljJLAyNmX8zo7CETUOWPv jZAJqoxbiv9BkaiO1k21fm2OdNr71wrj/EI18CsjpYB16i4qmp77LOAcpeqcuxgS2FGw 7QQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713571565; x=1714176365; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=so8727EOvkSPZlRuAoZTn7r1JdCzB1JDrFmlKMuMW0M=; b=TbFXXGZqh4v6bdVCRuygvL57vW6aZ5aaSo3atANXBbPHNMVwt0+Z26buA1zvqog94e ujfCKTBlLxs7eKuuf8oz9ELLyE90wcgH/fwGwmpxFme/sE1lv+2lYmKFJ9rnpELJaV5X +h7WEfQO7v0UBI+Tc/fTrXQ3xoQ7GUKZewyYGUjN6ypRwWwbkReK2NL8uhZH+p4Tc9Ct t7x+fDLYeY1KSzGvYy24mJH2XKVdH7MJZx9AOIXKKwU+gqmflj/686WabCfKDpx0fwEM 69bfCJVvZaniS40rDddy3ISNdoFHXlKkz+H+otGFX7kKhF+YJB4dmkdX6XcDNPEkmOz3 CNIg== X-Gm-Message-State: AOJu0YyYKkp9mk4ML2o7bmK6edw2YJo6nD5ldS+KnU7RFGQ5M9113zgv /i7HpslH0ZHKQ5RKePYnaQ5YSv/Qrrm0u1EsEPjJCPb1da4PuxLVcF5Eq6P+vLBMMaIyIEkL70T PDA== X-Google-Smtp-Source: AGHT+IFgLX8xvAEMDGPH8AnOUBpUl1qkxujuj6ddKlxpGhWPlfU76CDq07UHgTgXIVvSFL3qIhW2wLJ5JI8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:1883:b0:de0:ecc6:4681 with SMTP id cj3-20020a056902188300b00de0ecc64681mr332829ybb.1.1713571565367; Fri, 19 Apr 2024 17:06:05 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Apr 2024 17:05:55 -0700 In-Reply-To: <20240420000556.2645001-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240420000556.2645001-1-seanjc@google.com> X-Mailer: git-send-email 2.44.0.769.g3c40516874-goog Message-ID: <20240420000556.2645001-3-seanjc@google.com> Subject: [PATCH v2 2/2] cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n From: Sean Christopherson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Peter Zijlstra Cc: linux-kernel@vger.kernel.org, Stephen Rothwell , Michael Ellerman , Geert Uytterhoeven , Josh Poimboeuf , Will Deacon , Linus Torvalds , Sean Christopherson Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Explicitly disallow enabling mitigations at runtime for kernels that were built with CONFIG_CPU_MITIGATIONS=3Dn, as some architectures may omit code entirely if mitigations are disabled at compile time. E.g. on x86, a large pile of Kconfigs are buried behind CPU_MITIGATIONS, and trying to provide sane behavior for retroactively enabling mitigations is extremely difficult, bordering on impossible. E.g. page table isolation and call depth tracking requrie build-time support, BHI mitigations will still be off without additional kernel parameters, etc. Signed-off-by: Sean Christopherson Acked-by: Borislav Petkov (AMD) --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/x86/Kconfig | 8 ++++++-- include/linux/cpu.h | 11 +++++++++++ kernel/cpu.c | 13 ++++++++++--- 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentatio= n/admin-guide/kernel-parameters.txt index 902ecd92a29f..213d0719e2b7 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -3423,6 +3423,9 @@ arch-independent options, each of which is an aggregation of existing arch-specific options. =20 + Note, "mitigations" is supported if and only if the + kernel was built with CPU_MITIGATIONS=3Dy. + off Disable all optional CPU mitigations. This improves system performance, but it may also diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 619a04d5c131..928820e61cb5 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2495,9 +2495,13 @@ menuconfig CPU_MITIGATIONS help Say Y here to enable options which enable mitigations for hardware vulnerabilities (usually related to speculative execution). + Mitigations can be disabled or restricted to SMT systems at runtime + via the "mitigations" kernel parameter. =20 - If you say N, all mitigations will be disabled. You really - should know what you are doing to say so. + If you say N, all mitigations will be disabled. This CANNOT be + overridden at runtime. + + Say 'Y', unless you really know what you are doing. =20 if CPU_MITIGATIONS =20 diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 272e4e79e15c..ee0a3b4e0769 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -221,7 +221,18 @@ void cpuhp_report_idle_dead(void); static inline void cpuhp_report_idle_dead(void) { } #endif /* #ifdef CONFIG_HOTPLUG_CPU */ =20 +#ifdef CONFIG_CPU_MITIGATIONS extern bool cpu_mitigations_off(void); extern bool cpu_mitigations_auto_nosmt(void); +#else +static inline bool cpu_mitigations_off(void) +{ + return false; +} +static inline bool cpu_mitigations_auto_nosmt(void) +{ + return false; +} +#endif =20 #endif /* _LINUX_CPU_H_ */ diff --git a/kernel/cpu.c b/kernel/cpu.c index bb0ff275fb46..24235c1d6e82 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3196,6 +3196,7 @@ void __init boot_cpu_hotplug_init(void) this_cpu_write(cpuhp_state.target, CPUHP_ONLINE); } =20 +#ifdef CONFIG_CPU_MITIGATIONS /* * These are used for a global "mitigations=3D" cmdline option for toggling * optional CPU mitigations. @@ -3207,8 +3208,7 @@ enum cpu_mitigations { }; =20 static enum cpu_mitigations cpu_mitigations __ro_after_init =3D - IS_ENABLED(CONFIG_CPU_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : - CPU_MITIGATIONS_OFF; + CPU_MITIGATIONS_AUTO; =20 static int __init mitigations_parse_cmdline(char *arg) { @@ -3224,7 +3224,6 @@ static int __init mitigations_parse_cmdline(char *arg) =20 return 0; } -early_param("mitigations", mitigations_parse_cmdline); =20 /* mitigations=3Doff */ bool cpu_mitigations_off(void) @@ -3239,3 +3238,11 @@ bool cpu_mitigations_auto_nosmt(void) return cpu_mitigations =3D=3D CPU_MITIGATIONS_AUTO_NOSMT; } EXPORT_SYMBOL_GPL(cpu_mitigations_auto_nosmt); +#else +static int __init mitigations_parse_cmdline(char *arg) +{ + pr_crit("Kernel compiled without mitigations, ignoring 'mitigations'; sys= tem may still be vulnerable\n"); + return 0; +} +#endif +early_param("mitigations", mitigations_parse_cmdline); --=20 2.44.0.769.g3c40516874-goog