From nobody Sat Feb 7 23:29:06 2026 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3705218E94 for ; Fri, 20 Dec 2024 15:18:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734707925; cv=none; b=b0UsWxtRopOC7n0LYZQchYkKCFJpDDLHw97g9cY9uBUQkUC6m0/pfmp+K4PpUV7MOV1YAOp4Pz9UBFwWTtzD2p2UhRD/V2Kin3t2rvDik9tIKUJ1O0id5+EgxmlIiv+Slw3wrQGb65Wq8jivwmzAt3a9Yd3QeAQd9BOC0ESsFv8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734707925; c=relaxed/simple; bh=Rgam4aIj/iyJnWb3M3aIcnUTrrMUTjRHc3xReXaArS8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=egxf1C8Ouuwl7Bo1PYVHD9eUZmNzsgtCjGaCDEX+GDcTNR8psb9Xs920FFJzGWjPrgF1YxAYpurDoBk7dl77Thb2bfPFKdUW8BvpLlfurEiJeT3HUURvOHviKQV1EK3NRbtd3uh7FC53bGD5rEiA6JgUqSf64yLISNCp4OfhcPY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pz+A4Hn5; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pz+A4Hn5" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3878ad4bf8cso1311898f8f.1 for ; Fri, 20 Dec 2024 07:18:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734707922; x=1735312722; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=lHK3n7motfVsk2sPpow6ifPryE0nazMyoiE01W835zQ=; b=pz+A4Hn5fWDW0wJn9XIfFHqc9s/phXxXBTWIgMOp7qsOu0xeLQyaIBDyj7rjSX02Uh lQkWwFvJlk2xrHh2cjWwcanmt/7HKdAGs96xHXIRrANtO5OvsNuakz50Ew9DqbewPZh4 rcCbksq8pfIfpZIhB3qmRMWHPHtk8cR2lLJswIsUo12Y/W2IWqiUqbEcObkjpssPG6eh XodJuvc/RNikaqxyaaWA/sVxdDmhJlQLniUJeDZuTEWp2mP4KJ9pf7aLT/SFJczDi+rD kHOPPXRli4yB9Buh7fx+bMv/opef59q5X43+LEsrLxR8nloKJS09vUU0Fuzt6tL+ChCi 8okA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734707922; x=1735312722; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lHK3n7motfVsk2sPpow6ifPryE0nazMyoiE01W835zQ=; b=j28QefFRMxVOSq1j1h6ISI1BwPZk6FtmFDwmQzfGvAT2FojT7JWx3TUbFmicQ1A69J tznuJ90NGXohCwKEvJ68XRPE/wbwOgLwVV3zI6kAquhe4icxjNPThZt/6UHH99qT8eFg C6x1+F0OL+GUl5DEeMBX2bQmv3ARoE/NGikvSnU2lR2LnZoMUvZ6K8Y8O1A0OIuq2Cu/ IebdLNRAxLlseMzz0HmyCzhOlw4F0nYrFYuy86n60JwPd9XQZUQSyO7vCr1upPXvDT5L aFpQiAMAJD5rNyvT6WiG40wdimFDzIkDJANOmn/B3bmowJTyJLIfS9CxzhZEMR8O7GWM 3Ngg== X-Forwarded-Encrypted: i=1; AJvYcCXBDGxVLh4gWN2FABlN/IU4S22PTJxxcgzTv4+GezLbsRKvR+rFvPCPY9DqpEMtmGPLTXM9RBZj8YofCX8=@vger.kernel.org X-Gm-Message-State: AOJu0YzNJqUdMIvfBL8pEQW+0V8fD8dwFkhFGpyJgFJj6H53NXy8Tihl aO2W9nX6vkfpQpckreSxyWtBqNXlzy/9mHVoLp85916AAmWzM3nDmUovEMrgPxorQh/hwJqi2R8 pHQFHXOalcg== X-Google-Smtp-Source: AGHT+IF2n3gk1JJb4op4k4ElYoC+EAd3ufs4GsI81wLCGV2SJvMVSrNHU6tMvyO4o+LxscVQSV1OEtrbXvua5g== X-Received: from wmdd20.prod.google.com ([2002:a05:600c:a214:b0:434:fd41:173c]) (user=jackmanb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:1882:b0:385:e9de:d52a with SMTP id ffacd0b85a97d-38a2240838dmr3509054f8f.48.1734707922320; Fri, 20 Dec 2024 07:18:42 -0800 (PST) Date: Fri, 20 Dec 2024 15:18:31 +0000 In-Reply-To: <20241220-force-cpu-bug-v2-0-7dc71bce742a@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241220-force-cpu-bug-v2-0-7dc71bce742a@google.com> X-Mailer: b4 0.15-dev Message-ID: <20241220-force-cpu-bug-v2-1-7dc71bce742a@google.com> Subject: [PATCH v2 1/3] x86/cpu: Create helper to parse clearcpuid param From: Brendan Jackman To: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Brendan Jackman Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is in preparation for a later commit that will reuse this code, to make review convenient. Factor out a helper function which does the full handling for this arg including printing info to the console. No functional change intended. Signed-off-by: Brendan Jackman --- arch/x86/kernel/cpu/common.c | 96 ++++++++++++++++++++++++----------------= ---- 1 file changed, 52 insertions(+), 44 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 3e9037690814b331b3433a4abdecc25368c2a662..87ea1a6f7835592e560aae3442b= bea881123ac64 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1477,56 +1477,18 @@ static void detect_nopl(void) #endif } =20 -/* - * We parse cpu parameters early because fpu__init_system() is executed - * before parse_early_param(). - */ -static void __init cpu_parse_early_param(void) +static inline void parse_clearcpuid(char *arg) { - char arg[128]; - char *argptr =3D arg, *opt; - int arglen, taint =3D 0; - -#ifdef CONFIG_X86_32 - if (cmdline_find_option_bool(boot_command_line, "no387")) -#ifdef CONFIG_MATH_EMULATION - setup_clear_cpu_cap(X86_FEATURE_FPU); -#else - pr_err("Option 'no387' required CONFIG_MATH_EMULATION enabled.\n"); -#endif - - if (cmdline_find_option_bool(boot_command_line, "nofxsr")) - setup_clear_cpu_cap(X86_FEATURE_FXSR); -#endif - - if (cmdline_find_option_bool(boot_command_line, "noxsave")) - setup_clear_cpu_cap(X86_FEATURE_XSAVE); - - if (cmdline_find_option_bool(boot_command_line, "noxsaveopt")) - setup_clear_cpu_cap(X86_FEATURE_XSAVEOPT); - - if (cmdline_find_option_bool(boot_command_line, "noxsaves")) - setup_clear_cpu_cap(X86_FEATURE_XSAVES); - - if (cmdline_find_option_bool(boot_command_line, "nousershstk")) - setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK); - - /* Minimize the gap between FRED is available and available but disabled.= */ - arglen =3D cmdline_find_option(boot_command_line, "fred", arg, sizeof(arg= )); - if (arglen !=3D 2 || strncmp(arg, "on", 2)) - setup_clear_cpu_cap(X86_FEATURE_FRED); - - arglen =3D cmdline_find_option(boot_command_line, "clearcpuid", arg, size= of(arg)); - if (arglen <=3D 0) - return; + char *opt; + int taint =3D 0; =20 pr_info("Clearing CPUID bits:"); =20 - while (argptr) { + while (arg) { bool found __maybe_unused =3D false; unsigned int bit; =20 - opt =3D strsep(&argptr, ","); + opt =3D strsep(&arg, ","); =20 /* * Handle naked numbers first for feature flags which don't @@ -1568,10 +1530,56 @@ static void __init cpu_parse_early_param(void) if (!found) pr_cont(" (unknown: %s)", opt); } - pr_cont("\n"); =20 if (taint) add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); + + pr_cont("\n"); +} + + +/* + * We parse cpu parameters early because fpu__init_system() is executed + * before parse_early_param(). + */ +static void __init cpu_parse_early_param(void) +{ + char arg[128]; + int arglen; + +#ifdef CONFIG_X86_32 + if (cmdline_find_option_bool(boot_command_line, "no387")) +#ifdef CONFIG_MATH_EMULATION + setup_clear_cpu_cap(X86_FEATURE_FPU); +#else + pr_err("Option 'no387' required CONFIG_MATH_EMULATION enabled.\n"); +#endif + + if (cmdline_find_option_bool(boot_command_line, "nofxsr")) + setup_clear_cpu_cap(X86_FEATURE_FXSR); +#endif + + if (cmdline_find_option_bool(boot_command_line, "noxsave")) + setup_clear_cpu_cap(X86_FEATURE_XSAVE); + + if (cmdline_find_option_bool(boot_command_line, "noxsaveopt")) + setup_clear_cpu_cap(X86_FEATURE_XSAVEOPT); + + if (cmdline_find_option_bool(boot_command_line, "noxsaves")) + setup_clear_cpu_cap(X86_FEATURE_XSAVES); + + if (cmdline_find_option_bool(boot_command_line, "nousershstk")) + setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK); + + /* Minimize the gap between FRED is available and available but disabled.= */ + arglen =3D cmdline_find_option(boot_command_line, "fred", arg, sizeof(arg= )); + if (arglen !=3D 2 || strncmp(arg, "on", 2)) + setup_clear_cpu_cap(X86_FEATURE_FRED); + + arglen =3D cmdline_find_option(boot_command_line, "clearcpuid", arg, size= of(arg)); + if (arglen <=3D 0) + return; + parse_clearcpuid(arg); } =20 /* --=20 2.47.1.613.gc27f4b7a9f-goog From nobody Sat Feb 7 23:29:06 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA88F218E8B for ; Fri, 20 Dec 2024 15:18:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734707927; cv=none; b=ZI2PZOiyKRhyrrhlnTBPvgjjJLZNS0r0fCw+NTuXgX9tuRpS5fYjyfcNYLfSrGOFsjSxFvmxPCiZqjOzPRCLexVaV+6aDDvnXJqV0KLtss+hHCBkAVu8hXQgWRKfvCQehUDPRP5YtPZm13xLZIaSkJ6kRnuKH+EH/oXCjjGX6Jg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734707927; c=relaxed/simple; bh=AWK+7iN53OVaeFVDPrERdrguHzQlAh78pqE6/4zjd60=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Mbt6Rx1yKMpca3HVudH3f3Apdwd4btDaZ+MfJUhtPfvkStoVTWntMoy6gZZWZfW6me6ZnGsD5rQarpMcANyRxfIEkJ/7KGcC2/sFnM2XAKecCqI1CO/19YOgWRM4Id8DebA9LoBRQ5GPkVnNoYZOyfmlj2S4EAptNyESbhyNpFI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=azLkLT+B; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="azLkLT+B" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4362b9c15d8so11619695e9.3 for ; Fri, 20 Dec 2024 07:18:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734707924; x=1735312724; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=qWPOc7xIhFDGLEtk8GLKpv1buFdXWfkpopummLRHjqA=; b=azLkLT+B8yNqTR6x59xcmOxjU5aFGs5yF8onyY8auLI9iIpsjTKgdxHT8vzjO0Vtpe Yqcf2G42yx0tUbrII4KkBmpxY2/+9urQlgbHQt+D4JW5vFDKprnHwiGxZsdnnv3XjGw/ gkfWUXskGfGmUDV6WB4Dy3avF0678BD1+iYwDm7PMsU/443H30llyD8wsijmvqfMKYCj akqdYFFEmTko2m2aDZ8ROUlEu6mjQVLls8nEQ/gDS7UqUyHVWDSKltSVFmSPiYWIlOFd QX+Ea1c1H9QLr0WKlGyuaypZkyp36SayuZIHouZCd6j0Ugdw2HqN2MapFsqRUJbET5LF /UXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734707924; x=1735312724; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qWPOc7xIhFDGLEtk8GLKpv1buFdXWfkpopummLRHjqA=; b=sUcCbut9HW4kYyofiPK9chv+9Br3PQmkIIwc/JXAAU0460OWsqb6Y/7A4i+vpaM4BF QxDcBrDpW6V40owXOCKl4jGyDpI2t+SEYQ2qOhV564dDtvbm1fEpG8msC0aMVhZhpK13 CWTYNp8fx3ZZo736txr3Zb95a9tNU29wFvrnBw7O3CLWH9EYk+D3hqZ2cGJ3GHEFxAml nH0xKM6ii9t+FMm7Z0YnvYOJeClmu/OzxUaqTrmAd6GOuFAvwewU+FafuTsN9y77E9Pq 2WRDFLzZ1epMqy8Q3fl0cP7oSdyrHErpdf3NH2oNQQ7G/cPE/bK9zyoSuVU+OC86RuS2 PJCQ== X-Forwarded-Encrypted: i=1; AJvYcCWyJWK/nELQ6Q5OparLRWNPzhTcCNMUp7ScdARsGJO62A5DIRCD/yJvlODat5l6h5kXy+uLHsOCo8ckn68=@vger.kernel.org X-Gm-Message-State: AOJu0YzPlEfAdxbximGcUCJFunaLZ673xhIV+g2LAYVIdv4FKNIj5W+X xWDmmIZdEvFh2NdAvQcsj7pRc46P8jpB+sC9aCO0lZBBJHoI+XOFS5C8VxYDi+gLf1pGo4QpuA5 OBnOb/8cHEg== X-Google-Smtp-Source: AGHT+IHnM4cjBLpNbxQ4rYKl46Annm92PyUUmtYKAGk/2xW5saX0wCnE+zSeqfN9yYDNkWVjwMa9sQrNHEDx7w== X-Received: from wrbgx10.prod.google.com ([2002:a05:6000:470a:b0:382:2090:8340]) (user=jackmanb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:70a:b0:385:e0d6:fb48 with SMTP id ffacd0b85a97d-38a221f109amr3277616f8f.7.1734707924367; Fri, 20 Dec 2024 07:18:44 -0800 (PST) Date: Fri, 20 Dec 2024 15:18:32 +0000 In-Reply-To: <20241220-force-cpu-bug-v2-0-7dc71bce742a@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241220-force-cpu-bug-v2-0-7dc71bce742a@google.com> X-Mailer: b4 0.15-dev Message-ID: <20241220-force-cpu-bug-v2-2-7dc71bce742a@google.com> Subject: [PATCH v2 2/3] x86/cpu: Add setcpuid cmdline param From: Brendan Jackman To: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Brendan Jackman Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable In preparation for adding support to fake out CPU bugs, add a general facility to force enablement of CPU flags. The flag taints the kernel and the documentation attempts to be clear that this is highly unsuitable for uses outside of kernel development and platform experimentation. The new arg is parsed just like clearcpuid, but instead of leading to setup_clear_cpu_cap() it leads to setup_force_cpu_cap(). I've tested this by booting a nested QEMU guest on an Intel host, which with setcpuid=3Dsvm will claim that it supports AMD virtualization. Signed-off-by: Brendan Jackman --- arch/x86/kernel/cpu/common.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 87ea1a6f7835592e560aae3442bbea881123ac64..e26cf8789f0e1a27ad126f531e0= 5afee0fdebbb8 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1477,12 +1477,12 @@ static void detect_nopl(void) #endif } =20 -static inline void parse_clearcpuid(char *arg) +static inline void parse_set_clear_cpuid(char *arg, bool set) { char *opt; int taint =3D 0; =20 - pr_info("Clearing CPUID bits:"); + pr_info("%s CPUID bits:", set ? "Force-enabling" : "Clearing"); =20 while (arg) { bool found __maybe_unused =3D false; @@ -1503,7 +1503,10 @@ static inline void parse_clearcpuid(char *arg) else pr_cont(" " X86_CAP_FMT, x86_cap_flag(bit)); =20 - setup_clear_cpu_cap(bit); + if (set) + setup_force_cpu_cap(bit); + else + setup_clear_cpu_cap(bit); taint++; } /* @@ -1521,7 +1524,10 @@ static inline void parse_clearcpuid(char *arg) continue; =20 pr_cont(" %s", opt); - setup_clear_cpu_cap(bit); + if (set) + setup_force_cpu_cap(bit); + else + setup_clear_cpu_cap(bit); taint++; found =3D true; break; @@ -1577,9 +1583,12 @@ static void __init cpu_parse_early_param(void) setup_clear_cpu_cap(X86_FEATURE_FRED); =20 arglen =3D cmdline_find_option(boot_command_line, "clearcpuid", arg, size= of(arg)); - if (arglen <=3D 0) - return; - parse_clearcpuid(arg); + if (arglen > 0) + parse_set_clear_cpuid(arg, false); + + arglen =3D cmdline_find_option(boot_command_line, "setcpuid", arg, sizeof= (arg)); + if (arglen > 0) + parse_set_clear_cpuid(arg, true); } =20 /* @@ -2011,15 +2020,23 @@ void print_cpu_info(struct cpuinfo_x86 *c) } =20 /* - * clearcpuid=3D was already parsed in cpu_parse_early_param(). This dummy - * function prevents it from becoming an environment variable for init. + * clearcpuid=3D and setcpuid=3D were already parsed in cpu_parse_early_pa= ram(). + * These dummy functions prevent them from becoming an environment variabl= e for + * init. */ + static __init int setup_clearcpuid(char *arg) { return 1; } __setup("clearcpuid=3D", setup_clearcpuid); =20 +static __init int setup_setcpuid(char *arg) +{ + return 1; +} +__setup("setcpuid=3D", setup_setcpuid); + DEFINE_PER_CPU_ALIGNED(struct pcpu_hot, pcpu_hot) =3D { .current_task =3D &init_task, .preempt_count =3D INIT_PREEMPT_COUNT, --=20 2.47.1.613.gc27f4b7a9f-goog From nobody Sat Feb 7 23:29:06 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18B27219A99 for ; Fri, 20 Dec 2024 15:18:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734707929; cv=none; b=SOD6xawlRQ3TOAlbY8ducJfCsIibVnNovsotAZ+BSFGYOu0EqUyilGluH3sSY7F+d+q5oGAoQJsNjC2monfRPd1S+boBwQqJJpkMTT/CzXp30b3CVB74d4h/41COoWBT7NUFhKVBPk0smYNbO8N3+ZzhXJ/OEwILVUymCARr2nI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734707929; c=relaxed/simple; bh=oThVPD2dCz6FEITp98z0p5bIvKwL+bLy4ZZKbY4UMpE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=E33lpop9EhyUiijm+4s7UoY0/zHEMjbV6QyHWsidoiiBvg4SzBPyORwH4zlk87U9zf1rlaRlOiNTZhlvzRo7F+o52EQvTb2j+8p7keBjIZgW2APftqWuZ0VkePCRMJLc6qmHb5PhDgUXtZXOgNsei9F0cFOPo83nO48BSOP11qI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TJnHjL0M; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TJnHjL0M" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4362b9c1641so11146175e9.3 for ; Fri, 20 Dec 2024 07:18:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734707926; x=1735312726; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=TQYPwEi1P8zD0KN4PVlV8UdloBYMnQ3bYGd5a7zJTWk=; b=TJnHjL0MiF5hPCoTav/4ZLvVTHucKc1W/cIjVbULFvY3Xtva4p/L7TFpOR6bpd9QU/ sRd1CeyUnwLxNV9tUMBg6JGlbKwXlx3lSbJbnl1fpUr2D34pugLrJ8O7xXEz8ay2ueU8 npD8r5Hs5gQGURUpMhakqn3HY+im+hD5Kg9VeL0j1aMO7Y/hGetOLQpa5x5bzoG1o1RD eSfghjUo6nerCsVnb6wPiZuKO1Yd6vU+IkWRS2jPZJCwDDRicXVoy0ekDGp0xhtD5nPc M+bbJbn58IyWkZ3QSrQhJJRgH4X8Z12QCo3Do5pVsD/kxznuyEVw/MtG9wRflWQRgo40 XLuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734707926; x=1735312726; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=TQYPwEi1P8zD0KN4PVlV8UdloBYMnQ3bYGd5a7zJTWk=; b=MlQirbIXlyHGm7Q4giMUI6KilgRuPta/mAkkJlEt+uKcyyHM7SugLjuoStfLR567fd YBGfyKRXz7cjD9SYcH5m8OEvvwl/l/F8pdsXRpZdxpy9RSvOllsgCR1x0fuwO9TwbWzU b9YTQH4bEoMZ0hWLq81T2d69hQUJO3NFitGTqZiHuznvMVKRSq2Vx32d+40BRFER3TZt 3oLXbqLx2rGr8YRuq0u41bWQEa8wg6dxxfadeohJqTgITmm89Rro/TZG7DvFKZPkNrlm uG6D5D0NxlQt+wTxFd8kFOnMAi/C0sLpjxdcet5Zjsp5RxMkqmTVORyy4cCJZ0IHtyMd 608A== X-Forwarded-Encrypted: i=1; AJvYcCWF3X6FP4j13WE83xOUoAtwHUdQSHbKczKSmtWN58Yy8bssusfAG54lEQlDBJk0yNbvBJjHGllPVggzi6w=@vger.kernel.org X-Gm-Message-State: AOJu0YynQSTMVXwN9Yvb0P7poXccH4xGfeXpW4vWLXdk3il9DFdpDHJ6 bI4EPqjJyOwhvIuhqGHp0/NoFZ5WVCJC9Yvfm/d8Sgcz+1HozfpONRp/gwc0T4in5s6EdbZCa2f JpDgblPQvcQ== X-Google-Smtp-Source: AGHT+IGJG4Q/geQKLzHCTaktxXnVc3JQRg8i+PPz0xETEOleL/U8DPQLi8R1VX2hC7vhEotKe/pSmReOmJuiTA== X-Received: from wmbjg21.prod.google.com ([2002:a05:600c:a015:b0:434:f1d0:7dc9]) (user=jackmanb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c1a:b0:434:f0df:a14 with SMTP id 5b1f17b1804b1-43668548500mr27493685e9.2.1734707926615; Fri, 20 Dec 2024 07:18:46 -0800 (PST) Date: Fri, 20 Dec 2024 15:18:33 +0000 In-Reply-To: <20241220-force-cpu-bug-v2-0-7dc71bce742a@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241220-force-cpu-bug-v2-0-7dc71bce742a@google.com> X-Mailer: b4 0.15-dev Message-ID: <20241220-force-cpu-bug-v2-3-7dc71bce742a@google.com> Subject: [PATCH v2 3/3] x86/cpu: Enable modifying bug flags with {clear,set}puid From: Brendan Jackman To: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Brendan Jackman Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sometimes it can be very useful to run CPU vulnerability mitigations on systems where they aren't known to mitigate any real-world vulnerabilities. This can be handy for mundane reasons like debugging HW-agnostic logic on whatever machine is to hand, but also for research reasons: while some mitigations are focused on individual vulns and uarches, others are fairly general, and it's strategically useful to have an idea how they'd perform on systems where they aren't currently needed. As evidence for this being useful, a flag specifically for Retbleed was added in commit 5c9a92dec323 ("x86/bugs: Add retbleed=3Dforce"). Since CPU bugs are tracked using the same basic mechanism as features, and there are already parameters for manipulating them by hand, extend that mechanism to support bug as well as capabilities. With this patch and setcpuid=3Dsrso, a QEMU guest running on an Intel host will boot with Safe-RET enabled. Signed-off-by: Brendan Jackman --- arch/x86/include/asm/cpufeature.h | 1 + arch/x86/kernel/cpu/common.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufe= ature.h index 0b9611da6c53f19ae6c45d85d1ee191118ad1895..6e17f47ab0521acadb7db38ce59= 34c4717d457ba 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h @@ -50,6 +50,7 @@ extern const char * const x86_power_flags[32]; * X86_BUG_ - NCAPINTS*32. */ extern const char * const x86_bug_flags[NBUGINTS*32]; +#define x86_bug_flag(flag) x86_bug_flags[flag] =20 #define test_cpu_cap(c, bit) \ arch_test_bit(bit, (unsigned long *)((c)->x86_capability)) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index e26cf8789f0e1a27ad126f531e05afee0fdebbb8..d94d7ebff42dadae30f77af1ef6= 75d1a83ba6c3f 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1492,7 +1492,8 @@ static inline void parse_set_clear_cpuid(char *arg, b= ool set) =20 /* * Handle naked numbers first for feature flags which don't - * have names. + * have names. It doesn't make sense for a bug not to have a + * name so don't handle bug flags here. */ if (!kstrtouint(opt, 10, &bit)) { if (bit < NCAPINTS * 32) { @@ -1516,11 +1517,18 @@ static inline void parse_set_clear_cpuid(char *arg,= bool set) continue; } =20 - for (bit =3D 0; bit < 32 * NCAPINTS; bit++) { - if (!x86_cap_flag(bit)) + for (bit =3D 0; bit < 32 * (NCAPINTS + NBUGINTS); bit++) { + const char *flag; + + if (bit < 32 * NCAPINTS) + flag =3D x86_cap_flag(bit); + else + flag =3D x86_bug_flag(bit - (32 * NCAPINTS)); + + if (!flag) continue; =20 - if (strcmp(x86_cap_flag(bit), opt)) + if (strcmp(flag, opt)) continue; =20 pr_cont(" %s", opt); --=20 2.47.1.613.gc27f4b7a9f-goog