From nobody Tue Feb 10 20:14:46 2026 Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CDFB154C12 for ; Mon, 22 Apr 2024 16:58:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713805140; cv=none; b=mqHBwB2ECECBURLax9TGEWnDzAymAGPy1zP9rlBG3Y11SbIPctlwNa8WNVV0+mG49cza9xCYsh3ib8qTw/5vs9yaj6zQlqV+67Sb4iOtZbSG1NZUHsbQifUv/2Mh0b7b53n28rIo08xZAfuvKD1ZwZM/04fMKeEVjWQAKy2AwWI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713805140; c=relaxed/simple; bh=Fjjwd9JMyXBtYEIPinJUKp5+nS7NszZndg1YDzHArOo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rgPeMWrEbpKxodE01uXT7+lE1GP1ZIHP1Ituecvwl49ExfPFZUP8n/x+zHTEkeH9ZSFlJ5qdjKNrg1BikBc8JpxFlBzCxDP1+/NSkafBa8uK0F3ADXzLSYEvmguSqCT/Z23q+oyRU0riokcXHgY6yyBezo//56TPBDkTe2t/4eA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.221.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-34665dd7744so3539565f8f.1 for ; Mon, 22 Apr 2024 09:58:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713805137; x=1714409937; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RcxZMik0TKevJdYhFoU/PQpjeiPff+g7faQ8eEohWOM=; b=DpqUhgxNAKxqw0WOjyhFje6iaJ6GnMSAPXiZXS6SVxix4m/OSUjFHX4MB+ohdw39J6 LljkQ0i3zrMaxu5EDgpqZVgZL7UMirL9bH/6pPtzgIfcYNZ6Rz9KURpq2s2u+0qPR2wF hOjMPj1gi1oQBVRF5L5ewZyo90EWPCaajinQ0Lc7qTeWZZWc55EAKyJlccr5y0f74CoO Tt+Wrz8k5Siu5YBt/DnGM6PhrRyqIYjnQjEobLakm+NMPrVje7gynBhzj/lyNmWIe788 NHsovbFkFGOzlsEoOGs63erhyyO4CB5qqYBiXD63d2JD5pbNWoogoWGRPg8anAyx4kI6 ygjg== X-Gm-Message-State: AOJu0YzPO7cyH2naCq+ZnnUeb6CuRmx9zLWOs1h3gDiMJJDP+/MJbJc9 6XvF4vkKuUh30xPMKeM9ONA6xPlNU/dmmBzmxF4HCEuYPjlfvW5T X-Google-Smtp-Source: AGHT+IFqbwGIM5IHp0KMW3LoQg1VfO9D2TyJ2R2GVaZE4/ZnvqlBuYGGKO/fTTHY3crNhp52NwKRhw== X-Received: by 2002:a05:6000:1212:b0:349:c76f:c737 with SMTP id e18-20020a056000121200b00349c76fc737mr6751728wrx.47.1713805136761; Mon, 22 Apr 2024 09:58:56 -0700 (PDT) Received: from localhost (fwdproxy-lla-008.fbsv.net. [2a03:2880:30ff:8::face:b00c]) by smtp.gmail.com with ESMTPSA id l9-20020a17090615c900b00a555be38aaasm5941202ejd.164.2024.04.22.09.58.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Apr 2024 09:58:56 -0700 (PDT) From: Breno Leitao To: jpoimboe@kernel.org, mingo@redhat.com, Thomas Gleixner , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Pawan Gupta Cc: linux-kernel@vger.kernel.org Subject: [PATCH v3 05/10] x86/bugs: Add a separate config for L1TF Date: Mon, 22 Apr 2024 09:58:19 -0700 Message-ID: <20240422165830.2142904-6-leitao@debian.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240422165830.2142904-1-leitao@debian.org> References: <20240422165830.2142904-1-leitao@debian.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently, the CONFIG_SPECULATION_MITIGATIONS is halfway populated, where some mitigations have entries in Kconfig, and they could be modified, while others mitigations do not have Kconfig entries, and could not be controlled at build time. Create an entry for the L1TF CPU mitigation under CONFIG_SPECULATION_MITIGATIONS. This allow users to enable or disable it at compilation time. Signed-off-by: Breno Leitao Acked-by: Josh Poimboeuf --- arch/x86/Kconfig | 10 ++++++++++ arch/x86/kernel/cpu/bugs.c | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index bba5b65034dc..192d20348b41 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2685,6 +2685,16 @@ config MITIGATION_MMIO_STALE_DATA attacker to have access to MMIO. See also + +config MITIGATION_L1TF + bool "Mitigate L1 Terminal Fault (L1TF) hardware bug" + depends on CPU_SUP_INTEL + default y + help + Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a + hardware vulnerability which allows unprivileged speculative access to = data + available in the Level 1 Data Cache. + See