From nobody Mon Feb 9 10:24:27 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3A2C1487D5 for ; Wed, 29 Jan 2025 15:37:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738165060; cv=none; b=XflTSETCQ8Pdwp+bfz+SAr7NsUHuCIKs0xzCM5/NzEflPRieP+sYRyC340FnRtn2Ml4WvUUQovqnGActR7PJ1tHshNlGJhdtFG3rpKaSVfCeecGd7MV0Njd+fanHo9W8D6VJmA7Pp7k6SykUkq3D8l5hIa4pLIjycgbeU0Fe0iY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738165060; c=relaxed/simple; bh=BZmxAaQXahWMAGEvFWqzbRoDmU6I6Ho2pJOhoYWv8jw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=X7bL9G+dzA2RdR6icPct7OMPGW0EJBMjeuO8AjsLLKdqjUq4NU/pDz20xQE/1XLQp1UP03US7gkZ+4N1UgZPzurM5mPDUQFQSb/uNieCKxXJrD+48qVYxWdlGUqBmHilrQDRJKhc+1QcySk5ZJuc4M26s9aj0w2iFu3Px2ksTuc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=OPhcWeDi; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OPhcWeDi" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4362153dcd6so35767015e9.2 for ; Wed, 29 Jan 2025 07:37:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738165057; x=1738769857; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=bNRDH65U+KPIQ2Ea8tJsCM/hD7W8WaedlyBZuv1YzAc=; b=OPhcWeDizaAy8jq43Vi0DgfqqNOh3kTw0OPVY4249892n0YelLTPP4Zs5LwLAEbgLC 7r6kRSos/ugYeWJKRFTs8GUrFF1EmsA/yQ8MPpev/17Rj5oMlJzXFtzh4J6V0ETtHDuR GdGPgzvesc3t1x5kRXKMFx/jQTB9Up8D5SjbmCKmx7S5mwUG4XL028LJgsa4HRRm1DiV 7DXRq/JqUoGnerF1RsfRbTeCV+fixz05rDaQZDE6rFrrQ/T5+mDAeE+d18YGYye+Jfdv /nTwaCRi9bYVhvZhUVxF4Y0s7bV3rw8wIp2AJ79UWMnw+6giqAsh8mzwrNR5GlN0V8KJ yBHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738165057; x=1738769857; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bNRDH65U+KPIQ2Ea8tJsCM/hD7W8WaedlyBZuv1YzAc=; b=WUdLD0qIMbfoyFIawCdKwRtBjlZzq+UAJ5OYyKITVxp+rhdzHUJxrnyho4qFc6BXyC 0u5n14ngBUL+zAJ8P3CceTFJsvWKXUAWPoUQaewYm2D1FZDiuEiX3VZ1u8DmCrVATa/f oXJPXVEVVEYiu+BGqJMBJzpadFYNcNfkF8nj3kO732a4eRvpVU4/jsJ5Lnb5/z9tEYlG ScIBcm4ETUl6YBHsdR0wYDDBp6/IUn3Jx7eN97UFPSJEXMv02yEnwJXamfNVxlQ6g/Lr W/Hdy9N51XhLD/i74Eu3BUPa+OR0AvJFUxCNS0mRO/K+okyH3k0PYGPglk4ZEEj2m+kQ G8rw== X-Forwarded-Encrypted: i=1; AJvYcCUtia7pobl3qCgeisvfOPjcvnAdssXlDHs0DY15ItudxaMvQ8Q2PncGG0+wJ1ssan1KVC82wpx7jZhArKc=@vger.kernel.org X-Gm-Message-State: AOJu0YxNvmIzjIsrw42prVzEyVIVTs9Iv0yyl/QfTNMxyiqAqUX8bQuN wKxSefDHN9oT4cMocLHubB9NzhNF1incmr2YfNs3mfMxNwtNTtqWAguaAQz+mHmNr0ri1WvawLB ho8q1bbdhyQ== X-Google-Smtp-Source: AGHT+IFOBmyOvb/DVGP1bzZYJVAn3Is2fDXC6A7dftPCqfzjxfVXdcMqq6KkQMUUFTs4gxZRfXSgae81Otqh6Q== X-Received: from wmqd1.prod.google.com ([2002:a05:600c:34c1:b0:434:f1d0:7dc9]) (user=jackmanb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:468e:b0:436:fb02:e68 with SMTP id 5b1f17b1804b1-438dc3a81ecmr33349965e9.2.1738165057049; Wed, 29 Jan 2025 07:37:37 -0800 (PST) Date: Wed, 29 Jan 2025 15:35:39 +0000 In-Reply-To: <20250129-force-cpu-bug-v2-0-5637b337b443@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250129-force-cpu-bug-v2-0-5637b337b443@google.com> X-Mailer: b4 0.15-dev Message-ID: <20250129-force-cpu-bug-v2-1-5637b337b443@google.com> Subject: [PATCH RESEND v2 1/3] x86/cpu: Create helper to parse clearcpuid param From: Brendan Jackman To: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Brendan Jackman Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is in preparation for a later commit that will reuse this code, to make review convenient. Factor out a helper function which does the full handling for this arg including printing info to the console. No functional change intended. Signed-off-by: Brendan Jackman --- arch/x86/kernel/cpu/common.c | 96 ++++++++++++++++++++++++----------------= ---- 1 file changed, 52 insertions(+), 44 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 3e9037690814b331b3433a4abdecc25368c2a662..87ea1a6f7835592e560aae3442b= bea881123ac64 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1477,56 +1477,18 @@ static void detect_nopl(void) #endif } =20 -/* - * We parse cpu parameters early because fpu__init_system() is executed - * before parse_early_param(). - */ -static void __init cpu_parse_early_param(void) +static inline void parse_clearcpuid(char *arg) { - char arg[128]; - char *argptr =3D arg, *opt; - int arglen, taint =3D 0; - -#ifdef CONFIG_X86_32 - if (cmdline_find_option_bool(boot_command_line, "no387")) -#ifdef CONFIG_MATH_EMULATION - setup_clear_cpu_cap(X86_FEATURE_FPU); -#else - pr_err("Option 'no387' required CONFIG_MATH_EMULATION enabled.\n"); -#endif - - if (cmdline_find_option_bool(boot_command_line, "nofxsr")) - setup_clear_cpu_cap(X86_FEATURE_FXSR); -#endif - - if (cmdline_find_option_bool(boot_command_line, "noxsave")) - setup_clear_cpu_cap(X86_FEATURE_XSAVE); - - if (cmdline_find_option_bool(boot_command_line, "noxsaveopt")) - setup_clear_cpu_cap(X86_FEATURE_XSAVEOPT); - - if (cmdline_find_option_bool(boot_command_line, "noxsaves")) - setup_clear_cpu_cap(X86_FEATURE_XSAVES); - - if (cmdline_find_option_bool(boot_command_line, "nousershstk")) - setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK); - - /* Minimize the gap between FRED is available and available but disabled.= */ - arglen =3D cmdline_find_option(boot_command_line, "fred", arg, sizeof(arg= )); - if (arglen !=3D 2 || strncmp(arg, "on", 2)) - setup_clear_cpu_cap(X86_FEATURE_FRED); - - arglen =3D cmdline_find_option(boot_command_line, "clearcpuid", arg, size= of(arg)); - if (arglen <=3D 0) - return; + char *opt; + int taint =3D 0; =20 pr_info("Clearing CPUID bits:"); =20 - while (argptr) { + while (arg) { bool found __maybe_unused =3D false; unsigned int bit; =20 - opt =3D strsep(&argptr, ","); + opt =3D strsep(&arg, ","); =20 /* * Handle naked numbers first for feature flags which don't @@ -1568,10 +1530,56 @@ static void __init cpu_parse_early_param(void) if (!found) pr_cont(" (unknown: %s)", opt); } - pr_cont("\n"); =20 if (taint) add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); + + pr_cont("\n"); +} + + +/* + * We parse cpu parameters early because fpu__init_system() is executed + * before parse_early_param(). + */ +static void __init cpu_parse_early_param(void) +{ + char arg[128]; + int arglen; + +#ifdef CONFIG_X86_32 + if (cmdline_find_option_bool(boot_command_line, "no387")) +#ifdef CONFIG_MATH_EMULATION + setup_clear_cpu_cap(X86_FEATURE_FPU); +#else + pr_err("Option 'no387' required CONFIG_MATH_EMULATION enabled.\n"); +#endif + + if (cmdline_find_option_bool(boot_command_line, "nofxsr")) + setup_clear_cpu_cap(X86_FEATURE_FXSR); +#endif + + if (cmdline_find_option_bool(boot_command_line, "noxsave")) + setup_clear_cpu_cap(X86_FEATURE_XSAVE); + + if (cmdline_find_option_bool(boot_command_line, "noxsaveopt")) + setup_clear_cpu_cap(X86_FEATURE_XSAVEOPT); + + if (cmdline_find_option_bool(boot_command_line, "noxsaves")) + setup_clear_cpu_cap(X86_FEATURE_XSAVES); + + if (cmdline_find_option_bool(boot_command_line, "nousershstk")) + setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK); + + /* Minimize the gap between FRED is available and available but disabled.= */ + arglen =3D cmdline_find_option(boot_command_line, "fred", arg, sizeof(arg= )); + if (arglen !=3D 2 || strncmp(arg, "on", 2)) + setup_clear_cpu_cap(X86_FEATURE_FRED); + + arglen =3D cmdline_find_option(boot_command_line, "clearcpuid", arg, size= of(arg)); + if (arglen <=3D 0) + return; + parse_clearcpuid(arg); } =20 /* --=20 2.48.1.262.g85cc9f2d1e-goog From nobody Mon Feb 9 10:24:27 2026 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AFB311DE3A4 for ; Wed, 29 Jan 2025 15:37:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738165062; cv=none; b=K3mwjxbxslaGXEuGMTaZPAjCdwSjhf6jxhkOMZ7Mx23C38kKVDJJfV39H2Cl+QSCdQNOVv1K8GVYOo/4NdRvi48bE+zI4ivoayzZVHTMT5OzuzLKsxSGE1X4Aa9mUdDzbb3wdiVjeTY0AeEcfyNBVfl4LHPjZCPW0CDaltcNHzs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738165062; c=relaxed/simple; bh=gdBovry03gRQ2jo/pwWR/ZzpkMVUfuNAHxGPvhrwrUc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=c9P9XnFwfhWIOQy3rQ1iQbh3qV2+ugIy5yr/FGqjTIzLreQiTAD8TU9SrEAdRWJVhSqgzpyQ/zFzWgpYjqjiSDPqaBh84a7HRCgDtettuKZ1PqBMER3Dpl2OjBxRtw3VdgsVUuWj05RD2Ho+umBBpA8JO4IqcPL3pnPQ46HqWmg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=AoL1TxE2; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="AoL1TxE2" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-38639b4f19cso4646317f8f.0 for ; Wed, 29 Jan 2025 07:37:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738165059; x=1738769859; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=L+s1KHHREFY8ZoAqR1zvTdRFPoZXeYCIfHHlwzj8F0s=; b=AoL1TxE2MPYL58bOUTAO4HI8a6+tJDi6c/pEa4KL4gyW+Lk8VQActDqLfgzSvOMsnw qNLoSSWRNkAj1c0QOgVqotUwbW7Yq3sMblS/ssur9M7pMHgJdPhgNrot7LN/iksXbsFB J4VmYpEn+a3jdXsKmOkHDe0xI58HsTiHi6+DBUEOAQKZlYJAhO0i/ZaLRv9lBxRSQq3d Avnv+3w5lVTMjGWOfEC+xh5ennG+2bZgEbpsWDGbimahHi9N0ZdosMuTbDNSOqAwTjnc aJSwGY66BDxl6iznz+WQ5F0BcELEelqz6x/Eak79XXMkYFvQM3feDYsq90pwRh3rE62Y Fhrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738165059; x=1738769859; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=L+s1KHHREFY8ZoAqR1zvTdRFPoZXeYCIfHHlwzj8F0s=; b=wE4cfuf5zOqHJuBYbchxqhJqP28qi0zAtDM5g2JnC5f/aCBit+H2rdOiBXQPqAUnwj l9as6+whx0BZVMgQaQc68ICjjK0K/w77sNLnfvzB/acle/BurDBh1f6gI0DxY63FSqII ohjW1k/qpwIIqyNspg42zYzXvVfobR7ijcj5CDtxTN9k1UlBrjfkcp4DXR50yPW/4p8H 8BRpun8xUMeH7aelqv+az1Nun0MTwusixxwkGgIWvZFNlsiFoL33eijrmLrPVnPlnRNv BPS5StBNZ+xG7+ACDs7qSvlnr9WdsBGht0B9pZ9VKxykQx0yCaa0tpTUl8XwVVeOzPmY 8T6w== X-Forwarded-Encrypted: i=1; AJvYcCWAFgoJGmoguX77aCDs2qfsDGdT/7dMjZxOVyH1D/MCCF/PIk3pbZJVrA2tf7RltPK44wIGthFM1OoRFx4=@vger.kernel.org X-Gm-Message-State: AOJu0Yyw2uMksRLRIlmiRbqxaeFif0yoGJqPNor9V386CaVz5VEg0qXw j19ari60Zpeknm94eo3H7y9pJ2kFMGQOZ9MuAHJHZ4FtRkPJgBA9BV4rv20mrQj9N1Oz3LymykQ 7XZ09oXFqXw== X-Google-Smtp-Source: AGHT+IFnOSpb3+XAj1dKbSXxUUhTZpVJoK3dKLgr7uSGWR6MrWg71j1v/OVyr1KYDAVEk3F87iiQlDJ7b/Y1qg== X-Received: from wmrn40.prod.google.com ([2002:a05:600c:5028:b0:438:da36:ed35]) (user=jackmanb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:56d0:0:b0:38b:5e14:23e7 with SMTP id ffacd0b85a97d-38c519698a1mr2951136f8f.23.1738165059058; Wed, 29 Jan 2025 07:37:39 -0800 (PST) Date: Wed, 29 Jan 2025 15:35:40 +0000 In-Reply-To: <20250129-force-cpu-bug-v2-0-5637b337b443@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250129-force-cpu-bug-v2-0-5637b337b443@google.com> X-Mailer: b4 0.15-dev Message-ID: <20250129-force-cpu-bug-v2-2-5637b337b443@google.com> Subject: [PATCH RESEND v2 2/3] x86/cpu: Add setcpuid cmdline param From: Brendan Jackman To: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Brendan Jackman Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable In preparation for adding support to fake out CPU bugs, add a general facility to force enablement of CPU flags. The flag taints the kernel and the documentation attempts to be clear that this is highly unsuitable for uses outside of kernel development and platform experimentation. The new arg is parsed just like clearcpuid, but instead of leading to setup_clear_cpu_cap() it leads to setup_force_cpu_cap(). I've tested this by booting a nested QEMU guest on an Intel host, which with setcpuid=3Dsvm will claim that it supports AMD virtualization. Signed-off-by: Brendan Jackman --- arch/x86/kernel/cpu/common.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 87ea1a6f7835592e560aae3442bbea881123ac64..e26cf8789f0e1a27ad126f531e0= 5afee0fdebbb8 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1477,12 +1477,12 @@ static void detect_nopl(void) #endif } =20 -static inline void parse_clearcpuid(char *arg) +static inline void parse_set_clear_cpuid(char *arg, bool set) { char *opt; int taint =3D 0; =20 - pr_info("Clearing CPUID bits:"); + pr_info("%s CPUID bits:", set ? "Force-enabling" : "Clearing"); =20 while (arg) { bool found __maybe_unused =3D false; @@ -1503,7 +1503,10 @@ static inline void parse_clearcpuid(char *arg) else pr_cont(" " X86_CAP_FMT, x86_cap_flag(bit)); =20 - setup_clear_cpu_cap(bit); + if (set) + setup_force_cpu_cap(bit); + else + setup_clear_cpu_cap(bit); taint++; } /* @@ -1521,7 +1524,10 @@ static inline void parse_clearcpuid(char *arg) continue; =20 pr_cont(" %s", opt); - setup_clear_cpu_cap(bit); + if (set) + setup_force_cpu_cap(bit); + else + setup_clear_cpu_cap(bit); taint++; found =3D true; break; @@ -1577,9 +1583,12 @@ static void __init cpu_parse_early_param(void) setup_clear_cpu_cap(X86_FEATURE_FRED); =20 arglen =3D cmdline_find_option(boot_command_line, "clearcpuid", arg, size= of(arg)); - if (arglen <=3D 0) - return; - parse_clearcpuid(arg); + if (arglen > 0) + parse_set_clear_cpuid(arg, false); + + arglen =3D cmdline_find_option(boot_command_line, "setcpuid", arg, sizeof= (arg)); + if (arglen > 0) + parse_set_clear_cpuid(arg, true); } =20 /* @@ -2011,15 +2020,23 @@ void print_cpu_info(struct cpuinfo_x86 *c) } =20 /* - * clearcpuid=3D was already parsed in cpu_parse_early_param(). This dummy - * function prevents it from becoming an environment variable for init. + * clearcpuid=3D and setcpuid=3D were already parsed in cpu_parse_early_pa= ram(). + * These dummy functions prevent them from becoming an environment variabl= e for + * init. */ + static __init int setup_clearcpuid(char *arg) { return 1; } __setup("clearcpuid=3D", setup_clearcpuid); =20 +static __init int setup_setcpuid(char *arg) +{ + return 1; +} +__setup("setcpuid=3D", setup_setcpuid); + DEFINE_PER_CPU_ALIGNED(struct pcpu_hot, pcpu_hot) =3D { .current_task =3D &init_task, .preempt_count =3D INIT_PREEMPT_COUNT, --=20 2.48.1.262.g85cc9f2d1e-goog From nobody Mon Feb 9 10:24:27 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8D301DE897 for ; Wed, 29 Jan 2025 15:37:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738165064; cv=none; b=oodXImGZcbmHiRX8JfzhHQ+DVqV67YYiuyCff7p89rz6qqkJdOQcY/H7TNY1p9/lQhwSQmlHq5iyw6iwu/0WyWBpOTpIh6WTD5Acmn94Ls8IQPymKySPUmZ5OWAjoHGa41qE6ZfgvuYqkXyN2EcWFuKDtiIb6wfPTRpgRz+DXOc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738165064; c=relaxed/simple; bh=shB99yKi5vWEH+8+OXtdyhEm1G9t9Sk17HD6+WU+oX8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=TQNCDpr6eMrDahS2oXBf7MWLpNdPPsVBAXzL6iUuZggsJhD0eOQl10AMnD17aRPvTK+2jB4VpINnCNeQdt5hsW45Ibd7Xb1OuH1cI6jpMH4rD2RTkkFrvr0SdmGlauncY9wTtLeNIakOc3TUqL6Zr3yhNH9RwNvrrjh83XzO/aA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FU/ATliR; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jackmanb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FU/ATliR" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4361eb83f46so54004045e9.3 for ; Wed, 29 Jan 2025 07:37:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738165061; x=1738769861; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=0WkGn8BdmJiDbCxxoZ+/ZnfVoLZzk2No95ZbwF5AtQQ=; b=FU/ATliRO8lj+QyF3blotutTgcLDW3QGgECYL3jjMvMHwbFWqJ5NFp8lOdUW22K/bi iOtTxWpeKgonMwqIhXk1cAFIf+wfwr0U70687a6kzppVpM6H6b5hOBKKurtYDyo2z1Rx 5pBjQ7yDenwFmlatQxO0M4gsi9jGDLRbWt0NIVzT368dkf0WgdXDdE9cyVi3h64m0FkF ZxcgH+5IWcYRLVcvGbbBaEFiHg7L5QYNnk1RuNDhZU4kL9xsTT4tGGCxFjOt6Nr8cQG5 77zY6mp2RAYqCrDEpjX1l5QDskitzAtmap5tIWVMOpnP4WyBP1c5w8HOTlPpXO7KaraN 2KYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738165061; x=1738769861; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0WkGn8BdmJiDbCxxoZ+/ZnfVoLZzk2No95ZbwF5AtQQ=; b=OREqZtrpzVXwOej+smO4eNmPIpwmjKfQl1ozlXk6K9wyLjgZayhl0UT1i+Zg3vNhdH yxccFfGx9kU/Xrw4mDML+dw2peip7rRNm3tPWfZC+iAcEG/TchyirbJDfuVW9wXPrKyo 7JtrIneLnGb8bdtkaZOVNN/nQUPw7YhxnbR2oopf3QMjaSdgmV86xTK1mbyRyb6Fu0q4 MXW9PLvyTIdXOMj9QTcEzPD+JOMyIqpqmT0/XUfZ3l3vEz9N1jYbkasIB84T8f4aDCo9 SEikTgmeC6rR18Me8efimNgD6WeqOBRlNVWK0810bSmKmi8lr8zvv+5e3w3b4ahV8xr9 PXMw== X-Forwarded-Encrypted: i=1; AJvYcCW75wfH9hGtrDSUsBeMBt3ekE17h0ZLPHUb0h3xkOWSCR3IP6XZyvS7bd3jqARl9/6Vq24EOW90PoBZj+I=@vger.kernel.org X-Gm-Message-State: AOJu0Ywof/FJYHIjLwB/JTfgwPLiGG/G75cfnp8MpFqNXDc3EQFRc9ch 1cVv4ZX0MX/ZiCRWTEVqSbebYIJKzFnBcsoMqvDc3vXBAaKhcHvwKvGl1acxfY4WfawLfP52UPp +CZx3yXXMlw== X-Google-Smtp-Source: AGHT+IFK6Tt+YJvPuuRl3HlxobT9+iPyETyzyxGNBZNhBzoy5JLYkUOI7BUveErMjhcLXbOkzUc46yGIxkQArg== X-Received: from wmbay29.prod.google.com ([2002:a05:600c:1e1d:b0:434:f018:dd30]) (user=jackmanb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4f15:b0:434:a30b:5455 with SMTP id 5b1f17b1804b1-438dc41db3dmr27860695e9.27.1738165061056; Wed, 29 Jan 2025 07:37:41 -0800 (PST) Date: Wed, 29 Jan 2025 15:35:41 +0000 In-Reply-To: <20250129-force-cpu-bug-v2-0-5637b337b443@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250129-force-cpu-bug-v2-0-5637b337b443@google.com> X-Mailer: b4 0.15-dev Message-ID: <20250129-force-cpu-bug-v2-3-5637b337b443@google.com> Subject: [PATCH RESEND v2 3/3] x86/cpu: Enable modifying bug flags with {clear,set}puid From: Brendan Jackman To: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Brendan Jackman Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sometimes it can be very useful to run CPU vulnerability mitigations on systems where they aren't known to mitigate any real-world vulnerabilities. This can be handy for mundane reasons like debugging HW-agnostic logic on whatever machine is to hand, but also for research reasons: while some mitigations are focused on individual vulns and uarches, others are fairly general, and it's strategically useful to have an idea how they'd perform on systems where they aren't currently needed. As evidence for this being useful, a flag specifically for Retbleed was added in commit 5c9a92dec323 ("x86/bugs: Add retbleed=3Dforce"). Since CPU bugs are tracked using the same basic mechanism as features, and there are already parameters for manipulating them by hand, extend that mechanism to support bug as well as capabilities. With this patch and setcpuid=3Dsrso, a QEMU guest running on an Intel host will boot with Safe-RET enabled. Signed-off-by: Brendan Jackman --- arch/x86/include/asm/cpufeature.h | 1 + arch/x86/kernel/cpu/common.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufe= ature.h index 0b9611da6c53f19ae6c45d85d1ee191118ad1895..6e17f47ab0521acadb7db38ce59= 34c4717d457ba 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h @@ -50,6 +50,7 @@ extern const char * const x86_power_flags[32]; * X86_BUG_ - NCAPINTS*32. */ extern const char * const x86_bug_flags[NBUGINTS*32]; +#define x86_bug_flag(flag) x86_bug_flags[flag] =20 #define test_cpu_cap(c, bit) \ arch_test_bit(bit, (unsigned long *)((c)->x86_capability)) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index e26cf8789f0e1a27ad126f531e05afee0fdebbb8..d94d7ebff42dadae30f77af1ef6= 75d1a83ba6c3f 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1492,7 +1492,8 @@ static inline void parse_set_clear_cpuid(char *arg, b= ool set) =20 /* * Handle naked numbers first for feature flags which don't - * have names. + * have names. It doesn't make sense for a bug not to have a + * name so don't handle bug flags here. */ if (!kstrtouint(opt, 10, &bit)) { if (bit < NCAPINTS * 32) { @@ -1516,11 +1517,18 @@ static inline void parse_set_clear_cpuid(char *arg,= bool set) continue; } =20 - for (bit =3D 0; bit < 32 * NCAPINTS; bit++) { - if (!x86_cap_flag(bit)) + for (bit =3D 0; bit < 32 * (NCAPINTS + NBUGINTS); bit++) { + const char *flag; + + if (bit < 32 * NCAPINTS) + flag =3D x86_cap_flag(bit); + else + flag =3D x86_bug_flag(bit - (32 * NCAPINTS)); + + if (!flag) continue; =20 - if (strcmp(x86_cap_flag(bit), opt)) + if (strcmp(flag, opt)) continue; =20 pr_cont(" %s", opt); --=20 2.48.1.262.g85cc9f2d1e-goog