From nobody Sat Oct 4 06:34:46 2025 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2043.outbound.protection.outlook.com [40.107.93.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E926326D5E for ; Tue, 19 Aug 2025 19:22:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.43 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631343; cv=fail; b=BwnA2oeoSaTZd4q7de3bZ9sKafRl/EA044Q4XyfNAFU2I1+cv1wX2SMoXkdQ0bb62tPQNKmlmRs8kqhKIvlqFqfaHhR3+d6VmAbHdBaB30cKvWUG6pXEfaLCHCzGf5+RsN6OQ9WSL+mxVOno3QJqazzL46mGz3dcYBbYRgWxcPc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631343; c=relaxed/simple; bh=nNEzNgX88p6/MaVISM3+4s4fB6qVdzVP9GWauEGT5JY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cXj2CwFugIJbJrXqYYCFrDABbp5nTPhpYwJl89WYQaijemgTxF8kTGA4AcZDR0zhgcIPikvKo6WNniOpnSBdesDkcHo7jCdMkKN+dpvR96QIVPHpI7TcztOFfRIg4okp/uk7vi/sewglgA9nIHhCKN9lJIBTpf1/O8cByBc55p8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=b8JPz8uS; arc=fail smtp.client-ip=40.107.93.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="b8JPz8uS" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Yi6kxkKKWl+4EqxOFI3Hj/YZrD7MWyYcMO8QGnjVxrQsjmfBUvNVMOi/7rSI41D1T3kVbgfviz2XZoWiMgRzYrRgEdKQwLuuJ+LrxoWZCebgL3NvGP5A7zBmHFNspE5D3Q4sIRYiUV3Ht3mUkIWO080I4sp6RfGdaXHs5TfaKMCERtfOBcoSOGBD7skFTi/0WMDKGFIjJqN4P0QMg77oxPAoF+ZTwMfCEQglMdh4CgAEVuiHNWCPNh9lhAHlBhxnkZRgAwNpuvFWSZ/rq7/R/OaWE6W5OI/iDSnHpby6jf3nyk9GZ/sGVMRRTxBkjr/zUW8PT/7S9fWjxIaj1biRWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BgLtTOw6hfabSZrjSJ0dpOoM80bj7DbqYwLaabnR4jM=; b=baPeGR1CU6wyCs/qikoWws0TUnNo14GOMVW4FMp6fukeFMM6rJFw2TPMuG50R2Vf3YDO0xXPTi/8qRm0vaEL+rR4oE3UnSICYnPa5HpSyNX54g8qI/KkYvh1RKQMnnZoIRA1GSC8YyJ88SUIKEMcrv3H2gbZhY55ANyu/1XOGvggM/nJ6KZZ/aWI3bArTrGjHUnkGBNrh0HxnfstyhKc4p+bdq3UdTdmBg46T9gF+dj7HBqxl342fUl1c16qof+3D43sTqllnevKwZR54qW/D10KdVfvUEbYIsrHYqWV0otxhfq2JiorNEcGXc578WMXHn+MTPeM7Zop0s0n7NlNDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BgLtTOw6hfabSZrjSJ0dpOoM80bj7DbqYwLaabnR4jM=; b=b8JPz8uSXGx5wymD85yki5t1qAj3YrUDN7NkBglzvsAfGmvoEFfgFy8NAXavcjO6rp/Iz81r5LGW0NrHmvNh/egtiTYD6vNXDvguVZ5jELTsRg789ltbjeOd1eosl2TjUs4vX0XIZzg4DzZkrRr5XXU0LOCxS1HqwFvyP2dXVSU= Received: from BYAPR07CA0099.namprd07.prod.outlook.com (2603:10b6:a03:12b::40) by MN2PR12MB4205.namprd12.prod.outlook.com (2603:10b6:208:198::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9031.24; Tue, 19 Aug 2025 19:22:18 +0000 Received: from MWH0EPF000A6731.namprd04.prod.outlook.com (2603:10b6:a03:12b:cafe::ac) by BYAPR07CA0099.outlook.office365.com (2603:10b6:a03:12b::40) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.24 via Frontend Transport; Tue, 19 Aug 2025 19:22:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6731.mail.protection.outlook.com (10.167.249.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9052.8 via Frontend Transport; Tue, 19 Aug 2025 19:22:17 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 19 Aug 2025 14:22:15 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v2 1/5] x86/bugs: Use early_param for spectre_v2_user Date: Tue, 19 Aug 2025 14:21:56 -0500 Message-ID: <20250819192200.2003074-2-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250819192200.2003074-1-david.kaplan@amd.com> References: <20250819192200.2003074-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6731:EE_|MN2PR12MB4205:EE_ X-MS-Office365-Filtering-Correlation-Id: 8b5cfff8-48e1-4bf7-c73f-08dddf55b658 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?PPK8Od4Atnyw5T5OzTHAoFBtE46nDeCANASX6FG2GytQKuu72/XbaDKfCwoe?= =?us-ascii?Q?DBGkeGPNjGHx573lvELV+hhMEeRgIio5VHbFH7lZMvqeNlIWeOl5HFV5iK7O?= =?us-ascii?Q?WsF/VpoXmUj5pkmSY1yfTC/Kba5DCnp0ZD5VmHumBzFuDhieEBGwSzWmY06w?= =?us-ascii?Q?vELNO9tzMu2WtwkqipAAj9lOceD03buLWhv+UnFTyQP3B31GuTyNlbXI8+80?= =?us-ascii?Q?VTvsgkDMvTkKOyXa8FlaFHM/jXYkZCXRPVPPb0P8EUhThLSwGSaxgYyGf3X8?= =?us-ascii?Q?UabbT+IjwcKWpy9vFCgYHsufSjwgJZwQQLvSpfktJQaDJKvrSjg5UVvwWfhT?= =?us-ascii?Q?XKsbSx6bKFKONGMbZjWbZ70bgbL3txrsE7lSCASlcoH+g1TEL5ICvxj+iMcb?= =?us-ascii?Q?6ZcEAnve1cT7hv7CMaRY/ydPVv9pZ7Zc+q4XoVmVNwclHTx8Nir2MRWVFcvA?= =?us-ascii?Q?mDdnqkcpFVBLUwu0dbQygJFVP/JZMYbAiD1Kq2BZw4nkalj8A7xz5PCeU5NP?= =?us-ascii?Q?fbjcNydKqVdkpLHO1GrXacybRuKwzEu7mJ99rKYkYQyTDwA6YYCKQatxOmqA?= =?us-ascii?Q?BBVbCN5QId4urE0WvxtYn428WEkKl220FuFD+w+0ngtRrfPGMNfKcLHRIADA?= =?us-ascii?Q?5oA1a2fB7KiWEJpiGoKkkqntM5GlE78e7T8v+k7/SiO480guGI1O/vOzDEQW?= =?us-ascii?Q?j1ozKlkuGTlPWy7/mFjZBEQPCv+ArJ8QxPXEYpcCtvLey5yEEiHNvB8K1+m/?= =?us-ascii?Q?K6mYs7Nbb5ybarQna2+/XxmOVne//VolLi0C8Ylll6MCtrKxU9Fl8wFXMgTo?= =?us-ascii?Q?XZymEA8nP/lvQTMMMUSe4uiHq4LrOVYODzTQvP6egrqvcHsA1iHl6GcEqQfy?= =?us-ascii?Q?rxwlcigcdUfXEG8EfjK1wChA/WyAyB5CjI1qCuZ/w3Yvwko8wJLzr41gJpUb?= =?us-ascii?Q?o7qgDLgOKXoJcSOdlV8Vao77ndLyF7JOeuQykNITlBgHoEl15upIN5XOVQxN?= =?us-ascii?Q?QgK3drHc8BIMSWKawnsesy7QYgRyB6v3EQ4MVMIz1iYwgWIHSHFSelNueLcm?= =?us-ascii?Q?cmvLEg1uWy1HY4T2RFPLl7734srWsr3gTHy0fhBgD+atUSmapnrNYToDiluO?= =?us-ascii?Q?WW0ULSJk+15QTbYsqakfZLhvAV7N1L3e5z9V9jjwZDuyVbMaG8cNOyWtpstF?= =?us-ascii?Q?CiiL6PwBCNY412JLov4mW6W7e4DgxxZtDRZYzCNJIwNBvP4Ln7e394dPEjax?= =?us-ascii?Q?A1L+b1J+JYe4FAwJLv6cEGQT0mKxtGJ/XckJNShOzK/RHUcXSfXOpxnZzGFR?= =?us-ascii?Q?YwKMjMdujjyi0xVgCN26lRYhzSvN6eHoe/Skx8UYlreffttdW1WdYlTTbFld?= =?us-ascii?Q?scnHfA+klM094chPF2k0YT4rEd4Qw7F1TEHpPys3rzBE6bvPhlA22/3xkKFs?= =?us-ascii?Q?BXU5y7VrcXCH7lPYFFDVuMa3giGBVLec2hQJVzNtP8BoQbw4xGyLu6ozAqrd?= =?us-ascii?Q?FzGdpplF6RFj7TNHNEnMF9L6qIgY8y9Yy/K/?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2025 19:22:17.9612 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8b5cfff8-48e1-4bf7-c73f-08dddf55b658 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6731.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4205 Content-Type: text/plain; charset="utf-8" Most of the mitigations in bugs.c use early_param to parse their command line options. Modify spectre_v2_user to use early_param for consistency. Remove spec_v2_user_print_cond() because informing a user about their cmdline choice isn't very interesting and the chosen mitigation is already printed in spectre_v2_user_update_mitigation(). Signed-off-by: David Kaplan Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Pawan Gupta --- arch/x86/kernel/cpu/bugs.c | 65 +++++++++++++++----------------------- 1 file changed, 26 insertions(+), 39 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 49ef1b832c1a..de78b76ae851 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1826,7 +1826,7 @@ enum spectre_v2_mitigation_cmd { =20 static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =3D S= PECTRE_V2_CMD_AUTO; =20 -enum spectre_v2_user_cmd { +enum spectre_v2_user_mitigation_cmd { SPECTRE_V2_USER_CMD_NONE, SPECTRE_V2_USER_CMD_AUTO, SPECTRE_V2_USER_CMD_FORCE, @@ -1836,6 +1836,9 @@ enum spectre_v2_user_cmd { SPECTRE_V2_USER_CMD_SECCOMP_IBPB, }; =20 +static enum spectre_v2_user_mitigation_cmd spectre_v2_user_cmd __ro_after_= init =3D + SPECTRE_V2_USER_CMD_AUTO; + static const char * const spectre_v2_user_strings[] =3D { [SPECTRE_V2_USER_NONE] =3D "User space: Vulnerable", [SPECTRE_V2_USER_STRICT] =3D "User space: Mitigation: STIBP protection", @@ -1844,50 +1847,34 @@ static const char * const spectre_v2_user_strings[]= =3D { [SPECTRE_V2_USER_SECCOMP] =3D "User space: Mitigation: STIBP via seccomp= and prctl", }; =20 -static const struct { - const char *option; - enum spectre_v2_user_cmd cmd; - bool secure; -} v2_user_options[] __initconst =3D { - { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, - { "off", SPECTRE_V2_USER_CMD_NONE, false }, - { "on", SPECTRE_V2_USER_CMD_FORCE, true }, - { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, - { "prctl,ibpb", SPECTRE_V2_USER_CMD_PRCTL_IBPB, false }, - { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, - { "seccomp,ibpb", SPECTRE_V2_USER_CMD_SECCOMP_IBPB, false }, -}; - -static void __init spec_v2_user_print_cond(const char *reason, bool secure) -{ - if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) !=3D secure) - pr_info("spectre_v2_user=3D%s forced on command line.\n", reason); -} - -static enum spectre_v2_user_cmd __init spectre_v2_parse_user_cmdline(void) +static int __init spectre_v2_parse_user_cmdline(char *str) { - char arg[20]; - int ret, i; + if (!str) + return -EINVAL; =20 if (!IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2)) return SPECTRE_V2_USER_CMD_NONE; =20 - ret =3D cmdline_find_option(boot_command_line, "spectre_v2_user", - arg, sizeof(arg)); - if (ret < 0) - return SPECTRE_V2_USER_CMD_AUTO; - - for (i =3D 0; i < ARRAY_SIZE(v2_user_options); i++) { - if (match_option(arg, ret, v2_user_options[i].option)) { - spec_v2_user_print_cond(v2_user_options[i].option, - v2_user_options[i].secure); - return v2_user_options[i].cmd; - } - } + if (!strcmp(str, "auto")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_AUTO; + else if (!strcmp(str, "off")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_NONE; + else if (!strcmp(str, "on")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_FORCE; + else if (!strcmp(str, "prctl")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_PRCTL; + else if (!strcmp(str, "prctl,ibpb")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_PRCTL_IBPB; + else if (!strcmp(str, "seccomp")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_SECCOMP; + else if (!strcmp(str, "seccomp,ibpb")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_SECCOMP_IBPB; + else + pr_err("Ignoring unknown spectre_v2_user option (%s).", str); =20 - pr_err("Unknown user space protection option (%s). Switching to default\n= ", arg); - return SPECTRE_V2_USER_CMD_AUTO; + return 0; } +early_param("spectre_v2_user", spectre_v2_parse_user_cmdline); =20 static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode) { @@ -1899,7 +1886,7 @@ static void __init spectre_v2_user_select_mitigation(= void) if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) return; =20 - switch (spectre_v2_parse_user_cmdline()) { + switch (spectre_v2_user_cmd) { case SPECTRE_V2_USER_CMD_NONE: return; case SPECTRE_V2_USER_CMD_FORCE: --=20 2.34.1 From nobody Sat Oct 4 06:34:46 2025 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2086.outbound.protection.outlook.com [40.107.93.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22025326D45 for ; Tue, 19 Aug 2025 19:22:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.86 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631342; cv=fail; b=QDtYNmPXDrSMY4fGQdUDxUkW3bGZ/K/kDY0KQ51PfcNaSuS96b0dz7FYMIMM6OrpTdRKpg1oovDIFz5Ymybfl0H/0hTgKlDOygjs8OaQ70BQJrYE9w/maRc8bHejn7ofOTxG3v9rAj/nNin/LYlD6SSjwx0y9GXjkKO3Jna5XC8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631342; c=relaxed/simple; bh=MSRM/NMfE2zCgjF4Ju8RUvg60FQ6Vp1Q2EU6tE9H2XQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JmpGP6cBUJdaYcXeKxhIrNm267yHxt12b5aDkHg1Xt+C4PP/nzBh4aLwm7Jde1qaV+H4wNM+jO74UwWUpTEFqyLkXGM6EQTAw7yGd78DfVlZZOB1S7KfSPa8G5mYbn6m0+fUlOXpiKkQ6zjhEe4jlaVxGth4dFZJaXxS2UlIPRM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=arrhL3HY; arc=fail smtp.client-ip=40.107.93.86 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="arrhL3HY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JAbAKAEk5h0y/Y6E5mNUsFL4K+1ZB6dqA0tAiLVwbelreLC/txw26OZxenmsWIxlGe+l4xfzliSI7eSkTVua4IsiCwIrb9vSU1ewqssYhuizjFp1ZZBZ2Pyz0p61+LJV41gvKgRxWsXh+J+7aqKRtfSAvBJzXW66KAw1amC/honUoScB3uSyeomySNrJhmkUFDN26xHfZNwDrpZufHaNs+kNxDNJxE15jhlwgqbwjGsKigA7Q4jom3DQ6gKvaFuGggbnWPoPXIiI5ZHT8YyTSoyJo7xbpMTJKb16UNB0mPsxW7ozEAyBG4ZX3uQYtnMW/fL1hOx1imGTQbBqZHf+hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AhsC68SjhgtzdcTQ9GJ7YQG0w0C+dgKkJrVj8848EE4=; b=In8WvPKkBSP7yVlhSkyAkuhT/BNqZdOWpiAzd2QrzfEU0Mto/zSTwWz3JoL7p4azsvxAwkmgY2g1Fb5hTLM1Y9V3RlGN39zCI37Xlo0z4ESPLoc2VCw2i68OuHzsUOlVPeDd0N/NK7GWd7uuNTUK8ZtHIPfmxRMFIhMtUSaltfAPp5MOAPOSHlBBNGr0NO/IeUK7OlRm758a6DzkCNB1pvbuXX37Un1eza0tRYriZ+RszGzv4JPAFv9mNXI2WTv/M4hKrcKl1BXbsdguWG8bOwdSn9qThdKQLAzbH1naUu8qxs6ExSiwV0hekzc2t4Uz207zqC5TZFHFGQzSQYVP3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AhsC68SjhgtzdcTQ9GJ7YQG0w0C+dgKkJrVj8848EE4=; b=arrhL3HYH9jKxaZVU1ENPon7nQBwqkbjsclYVegluEz5edtOm1CnjFZMvm+WrnoA1ol8CTGKSjY/VBpToUvGO1n/XTq7pnHZzoGmOYhKEelGFr+czLlgs5bDO3+riht/ZyjMuRt7Qk1za0Ekwy2/GrvhgcpTw6nLVGj5t12tFMI= Received: from MW4PR04CA0251.namprd04.prod.outlook.com (2603:10b6:303:88::16) by MW6PR12MB9020.namprd12.prod.outlook.com (2603:10b6:303:240::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9031.16; Tue, 19 Aug 2025 19:22:18 +0000 Received: from MWH0EPF000A672E.namprd04.prod.outlook.com (2603:10b6:303:88:cafe::fa) by MW4PR04CA0251.outlook.office365.com (2603:10b6:303:88::16) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9052.13 via Frontend Transport; Tue, 19 Aug 2025 19:22:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672E.mail.protection.outlook.com (10.167.249.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9052.8 via Frontend Transport; Tue, 19 Aug 2025 19:22:18 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 19 Aug 2025 14:22:16 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v2 2/5] x86/bugs: Use early_param for spectre_v2 Date: Tue, 19 Aug 2025 14:21:57 -0500 Message-ID: <20250819192200.2003074-3-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250819192200.2003074-1-david.kaplan@amd.com> References: <20250819192200.2003074-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672E:EE_|MW6PR12MB9020:EE_ X-MS-Office365-Filtering-Correlation-Id: 4c2adf0f-97af-41a8-6178-08dddf55b68f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|82310400026|1800799024|36860700013|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Z7W0zNl33Yy1LHtTn8l9Tq9lfdhkLTT9KWrclNjDrlLPnV9qIPHilp01iLeD?= =?us-ascii?Q?kf8FH/qP11+CfwIOuP81Z2bcAse9AxT2i9s0/VqkBV6dgy0xWiXtCUz1d5va?= =?us-ascii?Q?2eAChNtbwc5DqfxlQuIZSFGXKt7XQ7UzWetc9AeuROJ1ezOcyDvjBrWl2m2j?= =?us-ascii?Q?vqa7JG4w7vtfL3q06hE0WXCAKh5Khbi8vBGWnzxvMuTCu7BEZBjtIzna1ocv?= =?us-ascii?Q?eu+ndgW95Y4clFBB/5wiQEecItT1wEqnTs6SiQHFKfF4Pvu8HPP95rsPDDFs?= =?us-ascii?Q?dU3asq4Z9YIGB8R1NNRw6PWtEz1RmjprBT4VqM9x2ZO1C9gLpPyWfMhbRCke?= =?us-ascii?Q?paymi0G9oNYnct5gVE/SMuFmO2FnbwAY4MFcS5SNu+jOmNSBvccstEN4KSn0?= =?us-ascii?Q?g/0E2lAJxauTakVLr9DDYMmTnj6LZUBB5X45DCdCCVcpJFtpcu8HYrl2Qq9i?= =?us-ascii?Q?A/VlGTxvC05hV7JBDeWA0h0+tW0FSs6bU+pBVZM45l8631aSUFRhbYCaM0Sb?= =?us-ascii?Q?8BHMD2enSqzdtgoQIe4nsiRYVglWWFl0HG5e7KxjuJ1KPjfCoSdYBNLvlUbp?= =?us-ascii?Q?gKVREJ0VTbiTPWaL3VMKtZdiKjpv93IjJi/JbNa/ABIMdcYq/bW/Y5xl8BKC?= =?us-ascii?Q?maclykfSWc33JORqgJllP3OramECLU5wU6Q9GICaC97AUn5MW6S12+cczeB2?= =?us-ascii?Q?MIzwqGDvualZlf3DclIzbP7uQKfz15TLRI/pfSJ+8nY1C+Ny2/w5PdM/t8go?= =?us-ascii?Q?uKSoZ49/EWt2CKIhmeMhDAfmz502IUA2aWVPEoFt8FR+kJYyp6lTBK9Cd1hS?= =?us-ascii?Q?6YjO1hQaEddmmb451tqSbqjbitYz79wKfJvVFwSVdbz0JMSY6VbOOJjnCYH+?= =?us-ascii?Q?1VEjpjq6KOiAeE81wn/ydnhSZP6nFrf5WHWOgptDkzT77Lw081JZc2cN/M+i?= =?us-ascii?Q?1TxMbOmzJ1MsRbuzGH5BagQMJ37GY1aBhF1cnCBuAGTdUqBpIm1bQct8Xm1x?= =?us-ascii?Q?vEH1KQHtk5qSX1AuurczHK9z2n6+KVGVf2qmLybn2aXrXS2OVhskDC92f1SO?= =?us-ascii?Q?h+Z3eJ2gMJAXmHAjrJBIU0f7jObiHhU+qmMUy9ZpnxdHv3rwMxR2Uts0vxRt?= =?us-ascii?Q?naGS+pJRgDpt8kqhZBFr9wx0pF8CpQE9TXEKQSdjkYNSw9Ix3MlhW26iaHDH?= =?us-ascii?Q?VrHLBM142lTZEm5sAHQHCqh3SH38Z8Qmt7YFTswzbZhmvDdIm+e2D+3yvGRK?= =?us-ascii?Q?6nThCQzQ4k/V8GtO9KUNO2nRyb7cqfT3ZRl9ZQy+H7vfBVsvdX73kPEhfx3O?= =?us-ascii?Q?ycwJ5zK4cI3iQeoQ1ogK3mFenkLV4ZSePh+iqmrckhjc+QbMnvjhd272vMOT?= =?us-ascii?Q?npSl4AC5gpVH2EXTV+OG6JfG73NngfveS39sEnn08b+yF+YPhurbeVHQM8bk?= =?us-ascii?Q?exK9QUuE+pOKCRXAbpLSyuo9EE5u0H9rVSzszu9B4f0Sq//bPFJVkVACn3fo?= =?us-ascii?Q?N8imcK1sdR7L4N+czG0YzQ0AZ1bBHEGNRn6h?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(82310400026)(1800799024)(36860700013)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2025 19:22:18.3112 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4c2adf0f-97af-41a8-6178-08dddf55b68f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB9020 Content-Type: text/plain; charset="utf-8" Most of the mitigations in bugs.c use early_param for command line parsing. Rework the spectre_v2 and nospectre_v2 command line options to be consistent with the others. Remove spec_v2_print_cond() as informing the user of the their cmdline choice isn't interesting. Signed-off-by: David Kaplan Reviewed-by: Pawan Gupta --- arch/x86/kernel/cpu/bugs.c | 186 +++++++++++++++++-------------------- 1 file changed, 87 insertions(+), 99 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index de78b76ae851..44e0315b58a5 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1824,7 +1824,8 @@ enum spectre_v2_mitigation_cmd { SPECTRE_V2_CMD_IBRS, }; =20 -static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =3D S= PECTRE_V2_CMD_AUTO; +static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO : SPECTRE_= V2_CMD_NONE; =20 enum spectre_v2_user_mitigation_cmd { SPECTRE_V2_USER_CMD_NONE, @@ -2021,112 +2022,51 @@ static const char * const spectre_v2_strings[] =3D= { [SPECTRE_V2_IBRS] =3D "Mitigation: IBRS", }; =20 -static const struct { - const char *option; - enum spectre_v2_mitigation_cmd cmd; - bool secure; -} mitigation_options[] __initconst =3D { - { "off", SPECTRE_V2_CMD_NONE, false }, - { "on", SPECTRE_V2_CMD_FORCE, true }, - { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, - { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_LFENCE, false }, - { "retpoline,lfence", SPECTRE_V2_CMD_RETPOLINE_LFENCE, false }, - { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, - { "eibrs", SPECTRE_V2_CMD_EIBRS, false }, - { "eibrs,lfence", SPECTRE_V2_CMD_EIBRS_LFENCE, false }, - { "eibrs,retpoline", SPECTRE_V2_CMD_EIBRS_RETPOLINE, false }, - { "auto", SPECTRE_V2_CMD_AUTO, false }, - { "ibrs", SPECTRE_V2_CMD_IBRS, false }, -}; +static bool nospectre_v2 __ro_after_init; =20 -static void __init spec_v2_print_cond(const char *reason, bool secure) +static int __init nospectre_v2_parse_cmdline(char *str) { - if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) !=3D secure) - pr_info("%s selected on command line.\n", reason); + nospectre_v2 =3D true; + spectre_v2_cmd =3D SPECTRE_V2_CMD_NONE; + return 0; } +early_param("nospectre_v2", nospectre_v2_parse_cmdline); =20 -static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) +static int __init spectre_v2_parse_cmdline(char *str) { - enum spectre_v2_mitigation_cmd cmd; - char arg[20]; - int ret, i; - - cmd =3D IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO := SPECTRE_V2_CMD_NONE; - if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) - return SPECTRE_V2_CMD_NONE; - - ret =3D cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(= arg)); - if (ret < 0) - return cmd; - - for (i =3D 0; i < ARRAY_SIZE(mitigation_options); i++) { - if (!match_option(arg, ret, mitigation_options[i].option)) - continue; - cmd =3D mitigation_options[i].cmd; - break; - } - - if (i >=3D ARRAY_SIZE(mitigation_options)) { - pr_err("unknown option (%s). Switching to default mode\n", arg); - return cmd; - } - - if ((cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE || - cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_LFENCE || - cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_GENERIC || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_RETPOLINE) && - !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) { - pr_err("%s selected but not compiled in. Switching to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } - - if ((cmd =3D=3D SPECTRE_V2_CMD_EIBRS || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_RETPOLINE) && - !boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) { - pr_err("%s selected but CPU doesn't have Enhanced or Automatic IBRS. Swi= tching to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } - - if ((cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_LFENCE || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE) && - !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { - pr_err("%s selected, but CPU doesn't have a serializing LFENCE. Switchin= g to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } - - if (cmd =3D=3D SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_= ENTRY)) { - pr_err("%s selected but not compiled in. Switching to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } - - if (cmd =3D=3D SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor !=3D X86_V= ENDOR_INTEL) { - pr_err("%s selected but not Intel CPU. Switching to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } + if (!str) + return -EINVAL; =20 - if (cmd =3D=3D SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATURE_IBRS)) { - pr_err("%s selected but CPU doesn't have IBRS. Switching to AUTO select\= n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } + if (nospectre_v2) + return 0; =20 - if (cmd =3D=3D SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_FEATURE_XEN= PV)) { - pr_err("%s selected but running as XenPV guest. Switching to AUTO select= \n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } + if (!strcmp(str, "off")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_NONE; + else if (!strcmp(str, "on")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_FORCE; + else if (!strcmp(str, "retpoline")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE; + else if (!strcmp(str, "retpoline,amd") || + !strcmp(str, "retpoline,lfence")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE_LFENCE; + else if (!strcmp(str, "retpoline,generic")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE_GENERIC; + else if (!strcmp(str, "eibrs")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS; + else if (!strcmp(str, "eibrs,lfence")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS_LFENCE; + else if (!strcmp(str, "eibrs,retpoline")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS_RETPOLINE; + else if (!strcmp(str, "auto")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + else if (!strcmp(str, "ibrs")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_IBRS; + else + pr_err("Ignoring unknown spectre_v2 option (%s).", str); =20 - spec_v2_print_cond(mitigation_options[i].option, - mitigation_options[i].secure); - return cmd; + return 0; } +early_param("spectre_v2", spectre_v2_parse_cmdline); =20 static enum spectre_v2_mitigation __init spectre_v2_select_retpoline(void) { @@ -2312,9 +2252,57 @@ static void __init bhi_apply_mitigation(void) setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT); } =20 +static void __init spectre_v2_check_cmd(void) +{ + if ((spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_LFENCE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_GENERIC || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_RETPOLINE) && + !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) { + pr_err("RETPOLINE selected but not compiled in. Switching to AUTO select= \n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if ((spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_RETPOLINE) && + !boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) { + pr_err("EIBRS selected but CPU doesn't have Enhanced or Automatic IBRS. = Switching to AUTO select\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if ((spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_LFENCE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE) && + !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { + pr_err("LFENCE selected, but CPU doesn't have a serializing LFENCE. Swit= ching to AUTO select\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIG= ATION_IBRS_ENTRY)) { + pr_err("IBRS selected but not compiled in. Switching to AUTO select\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor= !=3D X86_VENDOR_INTEL) { + pr_err("IBRS selected but not Intel CPU. Switching to AUTO select\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATUR= E_IBRS)) { + pr_err("IBRS selected but CPU doesn't have IBRS. Switching to AUTO selec= t\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_= FEATURE_XENPV)) { + pr_err("IBRS selected but running as XenPV guest. Switching to AUTO sele= ct\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } +} + static void __init spectre_v2_select_mitigation(void) { - spectre_v2_cmd =3D spectre_v2_parse_cmdline(); + spectre_v2_check_cmd(); =20 if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_NONE || spectre_v2_cmd =3D=3D S= PECTRE_V2_CMD_AUTO)) --=20 2.34.1 From nobody Sat Oct 4 06:34:46 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2052.outbound.protection.outlook.com [40.107.92.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2447E326D73 for ; Tue, 19 Aug 2025 19:22:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631343; cv=fail; b=c6MyZCNDrud+JqjPBZgx3cF6O/70DAKeZ2zl54EUTB0nm6Kd0WlvcxAmYTqzNZWQhRD4dxUkYtaga8sLMmh7CCU68NZEHne4smi6rl0FHcIImmo8qF/4vmi5JP+mOccqyFarAz83mid0JDzdPlZvAyEGXhid5ioB7wWIIX22Va8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631343; c=relaxed/simple; bh=X0hgLp085z/FiPxK6q9CSA+d6Y9GihJCNwny7njyikQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mFaXuHj5iF/rhS8gE5zA+PPjdVchXEXX6evC8cQEDH4vrdAHwoBXSMs3MnNJjJt/gftmPqYfR/M+dYVSfM+ZPWtDUjmqMTZbd3hhU+W7dcgGcR3tNZaqYMDYXCI25DIduC8VqKU13Dvp2azwCm+a0046lZCSOSNPF4JWbX9RP0c= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=l/51HxE4; arc=fail smtp.client-ip=40.107.92.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="l/51HxE4" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cB3MtCOlZr1KdIfhUweW3n9vl++Jg4MYRiovjqK4h5QU0Skxt3UTMNmCjmsAukpcPcGQRxMOv/ExVl0mMbn4VJCYZUEd8KTuFx7/QCNo5aZiKKE0I4CPxXJusVUk0uGlnPrhtlnFPHLDSIxGFgxYsgfWd87k5rgTZyEpG13fQa2h7Xqm6oEgLQeamlqADt4+O99owhPYIyd+ifVe2ySDuDMpjs2wx5fAd93j/qG6Ue0YamgA/WYHd19wOoir/uPT+ul15LSsXf01gE8KqL6hKZ+ECCw5p8ePiPdIRw9oXO7bTRwF/qTDAJxlWcp41zZ2FsORoOez/C62fJtBC7TYyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3dzpX4YY23ZXCGOScgfsVM80o6WO3CYjFA17NTQi2N0=; b=SXiuCAS3erFKmaG3iZdOOzXPpnfKTLfwvmNXBo4PX3Sa7TuCBD+y3faDN3f01XrCbNQyrCAN6KXaQuurMEJX4bm8/AMbIsOILJvBPb/Wkoj+0OBSswH5o/UifVx2QHAjyFETtYS8pDEuGmaCFvXEXQsJp2NZb0hn/o0jan0DGTS6CwJ9FdHMybQW40SJAygskeirB/CBFCcyd8UI0NxmC9QIj4LyoqHuJTRH46XnYiKvVg5Crn0muRETdxTmZ+sYUcQoWsZPhSw4khRsh8xHQ5/Nx9hHSlJPtfViN7g3X5X08Ruj/NAdbcVuKXzAjYUwX+18S8u447fSyBmiWui1CA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3dzpX4YY23ZXCGOScgfsVM80o6WO3CYjFA17NTQi2N0=; b=l/51HxE4oyk0SSKvwbZkaWdkCzqcN4OZ+sqK/nNkb3iWMFatDFln8NXmYNibSBCHsap0N2GRzMJP4vvPtCAPlp+0GkqOIwWVGTE/1ITCDhb4QrBMeqspdN6ImCpfnZHoQLxG7bsd4pM27Du8OR+E4SDHhdtFqS8+fsS1Ka5xTpM= Received: from MW4PR04CA0268.namprd04.prod.outlook.com (2603:10b6:303:88::33) by CH2PR12MB4181.namprd12.prod.outlook.com (2603:10b6:610:a8::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9031.25; Tue, 19 Aug 2025 19:22:19 +0000 Received: from MWH0EPF000A672E.namprd04.prod.outlook.com (2603:10b6:303:88:cafe::41) by MW4PR04CA0268.outlook.office365.com (2603:10b6:303:88::33) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.22 via Frontend Transport; Tue, 19 Aug 2025 19:22:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672E.mail.protection.outlook.com (10.167.249.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9052.8 via Frontend Transport; Tue, 19 Aug 2025 19:22:18 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 19 Aug 2025 14:22:17 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v2 3/5] x86/bugs: Simplify SSB cmdline parsing Date: Tue, 19 Aug 2025 14:21:58 -0500 Message-ID: <20250819192200.2003074-4-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250819192200.2003074-1-david.kaplan@amd.com> References: <20250819192200.2003074-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672E:EE_|CH2PR12MB4181:EE_ X-MS-Office365-Filtering-Correlation-Id: 14e73db9-8240-4ce1-af80-08dddf55b6da X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|376014|7416014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Gm0ygYxMRmyyCxPHOvPMXjdPbAhAnIbgk9qUxiTJt50l1Kj14ZRU0nt9aDXt?= =?us-ascii?Q?dzN6C3sB1pxx3C5//hdNjfQMXfvBNY6j7LMxtFNiKnstscYmfbNkOZ1JECTL?= =?us-ascii?Q?2QdsBcfX7TFrtriYfi9vKjVFOzzJNYqGtNo5VuPmeeKSE6m499fIH40xt+zD?= =?us-ascii?Q?eCBC5z02hMZTwoF+tihyTtsw5iQIiK5vyeL3ZscEcSxxZ7fNjX9y/P68H5bH?= =?us-ascii?Q?7KFXcrvFHNxJxWafFS8SJ3FmcfEDqqbGolMDJG+gyTksuXEB4NDi/7eHurFI?= =?us-ascii?Q?xdMwhaGfctjmPZZyCrY1KzhjqT87gGV+KG5+hPIQR3VzpqvivBulmp8GiHrn?= =?us-ascii?Q?ru9xlXAg+AzCV2K/EvFEiuyPg46csDbbh2XWa4uqbKnTbmt2W1FsYH+v7EDn?= =?us-ascii?Q?WEMUsxHY8j3FYFwRbGclpVHQoE573TDnvZETaUbZaJDdPAXvvwHAfHIFpjhb?= =?us-ascii?Q?pladgjl9OegrEKi/GYjfiC8wopoRDAsZBrBwlTnR5nZ8F9mz/99R5WQI8yr8?= =?us-ascii?Q?y7NB9tEYxYgonUdw7Uaon0UFfQb6jqGrp96PVnCzn6bPZF8usRFerWK3WdGF?= =?us-ascii?Q?WrC9zB9lDKPdm2wMDJ4+mbSmoHukxyk+YuyRtG7447JyaW1Px4bMJs6Yjirb?= =?us-ascii?Q?ySFR3QRHWUGaVlcQgGmua0GuDDH9iv8KdOqaUOvS8BIN9ih7Twwl25ElFfA0?= =?us-ascii?Q?mhHLnr33QwzKx5F56yNrisjzKHJaf0EybUlBsDpwsR7gE/+te+H41aO7fTWq?= =?us-ascii?Q?Oe0KaGp8zVqyYzEgO1iHLIuG2FpiIGsZgvdoIwRWY6vp9e4emjzriLWUop7+?= =?us-ascii?Q?ydj16OIplRy7hOyFolAApNCMyYNENO5u0Ix8KpYDhSJDy/Nx0a0CpyPxhscK?= =?us-ascii?Q?t1X46CsxekzGi6V1VAPGNJ2R4Uj2R0JWdT79eM8SrcTvA/lbEoIDU9ytzVWh?= =?us-ascii?Q?1vuixwBVIi8XGadWCdqJMQCEShXbhm2bKG003UoCVUUKXd/ydDvW8bEn23CX?= =?us-ascii?Q?Fz+H7MogQTWXS7aeP/WK7B1acWRPckx4xZwAMQNedQEaThrSV3YVbbRwAGMO?= =?us-ascii?Q?arCu+STsqq3L4BA2cUP0qSCf1b6Hnh8P6ZOzAVX3lYlV6jbH1c8tnDjhp3rL?= =?us-ascii?Q?Kg01LqEmB6jg/l2bQSxMJ8jpnJqNq72TVYexvkM1z1tvYVNgXGLmqnUdHP1J?= =?us-ascii?Q?s5wKJk1vE+BIs99N0EJekU0xWrTZRlqCUL09+EwHoMcy2Ni3Sp6J0O8z/nZe?= =?us-ascii?Q?3I+EViYmP02WmxYeLa2vwwqD53OBUB8vL8DUe7XfrX6AtnS5tgVBpB9qnM+I?= =?us-ascii?Q?UN/lK9PsbDh/FZZR6DwDhUo1PaIAQCezfnXmwv2+vVs8GQTPMtTMCOwBTl0S?= =?us-ascii?Q?8TO5HajqVs3gJ25tPGRvsiJFmjWw2gZy7dIZkH7t7oHAp4rbaRdzulg4eiwW?= =?us-ascii?Q?85aSWYhIv0dcnLzYYI659PoRTOdGdqWXPhUVAw5mBrjdlJWvvVZqetcLR4gf?= =?us-ascii?Q?nlR8GkvNGT2v7OelfMBJ3i3WRPPQi/U6eRI4?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(376014)(7416014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2025 19:22:18.8131 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 14e73db9-8240-4ce1-af80-08dddf55b6da X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4181 Content-Type: text/plain; charset="utf-8" Simplify the SSB command line parsing by selecting a mitigation directly, as is done in most of the simpler vulnerabilities. Use early_param instead of cmdline_find_option for consistency with the other mitigation selections. Signed-off-by: David Kaplan Reviewed-by: Pawan Gupta --- arch/x86/kernel/cpu/bugs.c | 118 ++++++++++++------------------------- 1 file changed, 39 insertions(+), 79 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 44e0315b58a5..8dc654ccdbb9 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2594,16 +2594,8 @@ void cpu_bugs_smt_update(void) #undef pr_fmt #define pr_fmt(fmt) "Speculative Store Bypass: " fmt =20 -static enum ssb_mitigation ssb_mode __ro_after_init =3D SPEC_STORE_BYPASS_= NONE; - -/* The kernel command line selection */ -enum ssb_mitigation_cmd { - SPEC_STORE_BYPASS_CMD_NONE, - SPEC_STORE_BYPASS_CMD_AUTO, - SPEC_STORE_BYPASS_CMD_ON, - SPEC_STORE_BYPASS_CMD_PRCTL, - SPEC_STORE_BYPASS_CMD_SECCOMP, -}; +static enum ssb_mitigation ssb_mode __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_SSB) ? SPEC_STORE_BYPASS_PRCTL : SPEC_STORE_= BYPASS_NONE; =20 static const char * const ssb_strings[] =3D { [SPEC_STORE_BYPASS_NONE] =3D "Vulnerable", @@ -2612,89 +2604,57 @@ static const char * const ssb_strings[] =3D { [SPEC_STORE_BYPASS_SECCOMP] =3D "Mitigation: Speculative Store Bypass dis= abled via prctl and seccomp", }; =20 -static const struct { - const char *option; - enum ssb_mitigation_cmd cmd; -} ssb_mitigation_options[] __initconst =3D { - { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ - { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store By= pass */ - { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Stor= e Bypass */ - { "prctl", SPEC_STORE_BYPASS_CMD_PRCTL }, /* Disable Speculative Store = Bypass via prctl */ - { "seccomp", SPEC_STORE_BYPASS_CMD_SECCOMP }, /* Disable Speculative Stor= e Bypass via prctl and seccomp */ -}; +static bool nossb __ro_after_init; =20 -static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) +static int __init nossb_parse_cmdline(char *str) { - enum ssb_mitigation_cmd cmd; - char arg[20]; - int ret, i; + nossb =3D true; + ssb_mode =3D SPEC_STORE_BYPASS_NONE; + return 0; +} +early_param("nospec_store_bypass_disable", nossb_parse_cmdline); =20 - cmd =3D IS_ENABLED(CONFIG_MITIGATION_SSB) ? - SPEC_STORE_BYPASS_CMD_AUTO : SPEC_STORE_BYPASS_CMD_NONE; - if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disa= ble") || - cpu_mitigations_off()) { - return SPEC_STORE_BYPASS_CMD_NONE; - } else { - ret =3D cmdline_find_option(boot_command_line, "spec_store_bypass_disabl= e", - arg, sizeof(arg)); - if (ret < 0) - return cmd; +static int __init ssb_parse_cmdline(char *str) +{ + if (!str) + return -EINVAL; =20 - for (i =3D 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { - if (!match_option(arg, ret, ssb_mitigation_options[i].option)) - continue; + if (!IS_ENABLED(CONFIG_MITIGATION_SSB)) + return 0; =20 - cmd =3D ssb_mitigation_options[i].cmd; - break; - } + if (nossb) + return 0; =20 - if (i >=3D ARRAY_SIZE(ssb_mitigation_options)) { - pr_err("unknown option (%s). Switching to default mode\n", arg); - return cmd; - } - } + if (!strcmp(str, "auto")) + ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; + else if (!strcmp(str, "on")) + ssb_mode =3D SPEC_STORE_BYPASS_DISABLE; + else if (!strcmp(str, "off")) + ssb_mode =3D SPEC_STORE_BYPASS_NONE; + else if (!strcmp(str, "prctl")) + ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; + else if (!strcmp(str, "seccomp")) + ssb_mode =3D IS_ENABLED(CONFIG_SECCOMP) ? + SPEC_STORE_BYPASS_SECCOMP : SPEC_STORE_BYPASS_PRCTL; + else + pr_err("Ignoring unknown spec_store_bypass_disable option (%s).\n", + str); =20 - return cmd; + return 0; } +early_param("spec_store_bypass_disable", ssb_parse_cmdline); =20 static void __init ssb_select_mitigation(void) { - enum ssb_mitigation_cmd cmd; - - if (!boot_cpu_has(X86_FEATURE_SSBD)) - goto out; - - cmd =3D ssb_parse_cmdline(); - if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) && - (cmd =3D=3D SPEC_STORE_BYPASS_CMD_NONE || - cmd =3D=3D SPEC_STORE_BYPASS_CMD_AUTO)) + if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) || cpu_mitigations_off()= ) { + ssb_mode =3D SPEC_STORE_BYPASS_NONE; return; - - switch (cmd) { - case SPEC_STORE_BYPASS_CMD_SECCOMP: - /* - * Choose prctl+seccomp as the default mode if seccomp is - * enabled. - */ - if (IS_ENABLED(CONFIG_SECCOMP)) - ssb_mode =3D SPEC_STORE_BYPASS_SECCOMP; - else - ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; - break; - case SPEC_STORE_BYPASS_CMD_ON: - ssb_mode =3D SPEC_STORE_BYPASS_DISABLE; - break; - case SPEC_STORE_BYPASS_CMD_AUTO: - case SPEC_STORE_BYPASS_CMD_PRCTL: - ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; - break; - case SPEC_STORE_BYPASS_CMD_NONE: - break; } =20 -out: - if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) - pr_info("%s\n", ssb_strings[ssb_mode]); + if (!boot_cpu_has(X86_FEATURE_SSBD)) + ssb_mode =3D SPEC_STORE_BYPASS_NONE; + + pr_info("%s\n", ssb_strings[ssb_mode]); } =20 static void __init ssb_apply_mitigation(void) --=20 2.34.1 From nobody Sat Oct 4 06:34:46 2025 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2071.outbound.protection.outlook.com [40.107.102.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64BB532A3E2 for ; Tue, 19 Aug 2025 19:22:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631345; cv=fail; b=ku476+/mLRzh6ssvH41G2c8JBNQjU2rawE2C4AIihmWTQslKcOmsQ0AurKTEnkkd21cxvMzl72+HjMu5s3lbliE+iZDaxW4uoieF0FyTpBfnXAQ0MhFIfwWk0oyWrlKX+umigjwACOJsVXb2NKcZMTWJe3j5DoqQzjHMM/p3uQI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631345; c=relaxed/simple; bh=wcRY98+Yq5umvCgrzPK3fIHYPid3orBMKWQ+WrOPjJY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NNHI1jsxr45+pTbpeec0kqxrQRfm+4ZIMoXFsw22xuPH1ncjgf2jMjmZ8ZZKmCh7QIIN8W7z8n5zSbaHXgpsKg43M5iqQK18eIkt3VvuW/bsuNv6lEHD0sVEsc1wwAh05Kpb/0aKIs+ub87S17noN+voeMfwzdCWLDA9WJntlK0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=SMnuQGaV; arc=fail smtp.client-ip=40.107.102.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="SMnuQGaV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HIE8NbjABMhn+iu5h42s3ZEF0z6f1hqgY2BAu50GOajDC/jguwgVsT2wgmjy9mwW4LlJWvsBdnp3CDmJmRtQs/PE/vIK8b7Zsx8j+5b4/3dGredq60xh8yBK6hBNpSHNw4szUrczJp83hB10J/4Ts481jjPX/1tnYxNRTWJ40scWwvr8LW9jw/k24Mrry/W9UBOOC88qi16qvhJUIDg1JAwcZMbwF6jnqUs2jSyxayEhtHVKcS0tfF6HAXOagpK6R//1Tz4o133Pg92VXGug19eSUcq1wqjkmIQOv+sGIgevuQM7YfjvKaaBj+ChinMjCCLkszp5FLAKx9GcvUmuCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fIqYrRYe+ME9q0KBACWunz/3Af18ClFdAHb2Mam8vIc=; b=lqd3nku/i6tdDYfo2wFBLFX0m5jGv/2irDDL0Dtqzxj6LQ/znTMdx0g8wOJ9TOLM3wNwfQ1y2U7Ve7URVGto5/eK0ovPmc0mIuuTNKWS9t06u29z7Mq5jsMszTxKBf8Krs43UmUQk0fWrm6S55mSLCYLwrc2F9CxIs8C3dzECJJmB+LN9MS/OcvfZu+eejkqx/Iioo3r43CanGliVcBTz40DLYdxhy2LhFGFG++cGYKXlr3Fh6xogKc4F9qFkhkVA/3u94WqjIvFK0M7KasIPU5ysRghdZQyC2r/r+tJOEHuuR4LAFC6QUDyiMzuIghcx6AQgPsIOFINTLzOiUN60g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fIqYrRYe+ME9q0KBACWunz/3Af18ClFdAHb2Mam8vIc=; b=SMnuQGaVXct9Kkedc4KzhytvWOqrhEFiC/h+Nm2tIEs4+oEwhUS0gBPyHxlVj0469ZWWUzf7KhGxBoIbNiCkEBwtOsduGkzVrRscd5FZ3mnDcKKCeUorXzuySKI+ibyfGWQzsIUNIS4DIzetrQ2kMkpFv+inyvtLKAEbS/ZD0Ik= Received: from BYAPR07CA0086.namprd07.prod.outlook.com (2603:10b6:a03:12b::27) by MN2PR12MB4094.namprd12.prod.outlook.com (2603:10b6:208:15f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9031.24; Tue, 19 Aug 2025 19:22:19 +0000 Received: from MWH0EPF000A6731.namprd04.prod.outlook.com (2603:10b6:a03:12b:cafe::51) by BYAPR07CA0086.outlook.office365.com (2603:10b6:a03:12b::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.25 via Frontend Transport; Tue, 19 Aug 2025 19:22:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6731.mail.protection.outlook.com (10.167.249.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9052.8 via Frontend Transport; Tue, 19 Aug 2025 19:22:19 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 19 Aug 2025 14:22:18 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v2 4/5] x86/bugs: Add attack vector controls for SSB Date: Tue, 19 Aug 2025 14:21:59 -0500 Message-ID: <20250819192200.2003074-5-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250819192200.2003074-1-david.kaplan@amd.com> References: <20250819192200.2003074-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6731:EE_|MN2PR12MB4094:EE_ X-MS-Office365-Filtering-Correlation-Id: ab3973f0-f132-44fd-8b7f-08dddf55b712 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?EwjxU9QWZ1u+tCmrrbhirk/lHXtEa1y8NVmbUyS5NK75Fcyx19ZUc1vCZKHO?= =?us-ascii?Q?xyOHzQnVaD2j9xmCXLwU3PjlIOKnUY7QDWrS7DNRV5gsU9w3PXhfygklFUrt?= =?us-ascii?Q?P6z7aJBXTNhje/NcVKPyA1rfpUt3Mt/eDdWftZZxcxgkoy4vmWAVmxQvzRVs?= =?us-ascii?Q?ol9gB9x488Re3U4xup6J0VpApIdAjWzhzJaJJMY6mU7TEYYc57MMRBgjJE2W?= =?us-ascii?Q?0FBh1MmAx1tnvtQBp3/JW1okyhGajotHJGjGAxJD1bHpR8wYfXnipnI0W7Wk?= =?us-ascii?Q?eNvx4pncKfuXq9xdiz5ZtnX393vF+jxS7YV/4QcBxz1dO5Dg77avTHSNrOn5?= =?us-ascii?Q?ZFA/lVl8FkeDoHevqujwKBmvBlfW66HN7INLngULx1IpENQdkF+Jh8sWa6+2?= =?us-ascii?Q?Jvp0MhcYKMd5KboCG3N7FlsoMdQ714ocge+NlomM5R11qOLe8GJrZkBeuOWk?= =?us-ascii?Q?a2dUJdCALKB0x9QJIkH7RRP+LNG7O9XPaDTgN3Qu5mPl1uGoFMLF24ZE9WFt?= =?us-ascii?Q?U4SQbkDIYRb9OkAF3ULqxlZUTjksbNGL4Y9QZxKMz0q36HJ0qGnVh55ckiOK?= =?us-ascii?Q?119jJRlFC1sLF2JXBqEMyJ6/xyYhocrJJslRufgJUC8IQ1L1VJdkR+I0fs8w?= =?us-ascii?Q?hMvAbtO9dbhNciPuICMw2+x149oYMx9lhhXvFtzGuUsp3Fyxwv4BAZmtTzmD?= =?us-ascii?Q?CxdATf+SLMZXx7msft6vQx7HktINLbrZ5qcN8Sd9hu7bktBeuLeD+YywASut?= =?us-ascii?Q?T2nYf9w8vrQ9gD959oSRPcDAQ/qT59InWz5blmXdNeleCuv5/1q4Y/thNyS6?= =?us-ascii?Q?1Ng/JrlEGhnQlAwcS6pSfVOtUChBSmomWfKaFmS+3io1+K0D+W+0Nr/3C5eU?= =?us-ascii?Q?tQTymeNAwOIVRQ3Hjx8bKv1ezdsyps4yyaMf3ivln72DLdTPW2W/W3xPtrho?= =?us-ascii?Q?C1nFcaPcV07mN/xdY6KjhJ0vlH4wh0cSrd3mqrA2NL/6BYwdTM33cH3gjvhh?= =?us-ascii?Q?uO+Ips9mI7+s8vXxMs1CnBsxtwe5AhGAreddcxGQebXXxSMILKo0uOW2CnrF?= =?us-ascii?Q?bABDZpJu5IFmPdh7wJTLpR1vJeCrDuBomzVL75UlK5R8yTFhPXAe+XO3krs6?= =?us-ascii?Q?gIy097Yid8BUYJ+N3AJ9J8XTFdla2d3helHeZM8qT292UFhpJpAY2MC2B+RV?= =?us-ascii?Q?UOSh7tQo/bqIA9NK0w2j6oMU1YqCFOrRVBc4WOFZVDPv+S23vmcHZMMxy9oh?= =?us-ascii?Q?jZawIn03O14Et22lTfmcUKnwM6a1VWlC9yecnAK7E4WqrP/E3cxwcACWGjFq?= =?us-ascii?Q?xYtf5Oc/0f8+bYPrlDVjbofRuELsA+K990LISKi1Lx69wpXYkHRi+KsvypJs?= =?us-ascii?Q?xBINv1O8gfBIz9K/PbwRrhLuwVZIXVv4VVnQiCDdzLWDLJQWTNN2ckRr8R4Y?= =?us-ascii?Q?fMK4ednRaikrdkgtR5jnLJ8bn3FqK18z5sH1RAfD4mrXc4PdWS/ieggrnVh1?= =?us-ascii?Q?zz7VacQr6SSV0zpMqXAnBZlJ8qZha06kpAgc?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2025 19:22:19.1799 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ab3973f0-f132-44fd-8b7f-08dddf55b712 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6731.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4094 Content-Type: text/plain; charset="utf-8" Attack vector controls for SSB were missed in the initial attack vector series. The default mitigation for SSB requires user-space opt-in so it is only relevant for user->user attacks. Add an AUTO mitigation for SSB and use this attack vector control to select the SSB mitigation. Signed-off-by: David Kaplan Reviewed-by: Pawan Gupta --- .../hw-vuln/attack_vector_controls.rst | 5 +---- arch/x86/include/asm/nospec-branch.h | 1 + arch/x86/kernel/cpu/bugs.c | 18 +++++++++++++++--- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst b= /Documentation/admin-guide/hw-vuln/attack_vector_controls.rst index 6dd0800146f6..5964901d66e3 100644 --- a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst +++ b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst @@ -215,7 +215,7 @@ Spectre_v2 X X Spectre_v2_user X X = * (Note 1) SRBDS X X X X SRSO X X X X -SSB = (Note 4) +SSB X TAA X X X X = * (Note 2) TSA X X X X =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D @@ -229,9 +229,6 @@ Notes: 3 -- Disables SMT if cross-thread mitigations are fully enabled, the C= PU is vulnerable, and STIBP is not supported =20 - 4 -- Speculative store bypass is always enabled by default (no kernel - mitigation applied) unless overridden with spec_store_bypass_disable op= tion - When an attack-vector is disabled, all mitigations for the vulnerabilities listed in the above table are disabled, unless mitigation is required for a different enabled attack-vector or a mitigation is explicitly selected via= a diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/no= spec-branch.h index 10f261678749..e263c126723a 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -514,6 +514,7 @@ enum spectre_v2_user_mitigation { /* The Speculative Store Bypass disable variants */ enum ssb_mitigation { SPEC_STORE_BYPASS_NONE, + SPEC_STORE_BYPASS_AUTO, SPEC_STORE_BYPASS_DISABLE, SPEC_STORE_BYPASS_PRCTL, SPEC_STORE_BYPASS_SECCOMP, diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 8dc654ccdbb9..059269f3f56f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -416,6 +416,10 @@ static bool __init should_mitigate_vuln(unsigned int b= ug) cpu_attack_vector_mitigated(CPU_MITIGATE_USER_USER) || cpu_attack_vector_mitigated(CPU_MITIGATE_GUEST_GUEST) || (smt_mitigations !=3D SMT_MITIGATIONS_OFF); + + case X86_BUG_SPEC_STORE_BYPASS: + return cpu_attack_vector_mitigated(CPU_MITIGATE_USER_USER); + default: WARN(1, "Unknown bug %x\n", bug); return false; @@ -2595,7 +2599,7 @@ void cpu_bugs_smt_update(void) #define pr_fmt(fmt) "Speculative Store Bypass: " fmt =20 static enum ssb_mitigation ssb_mode __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_SSB) ? SPEC_STORE_BYPASS_PRCTL : SPEC_STORE_= BYPASS_NONE; + IS_ENABLED(CONFIG_MITIGATION_SSB) ? SPEC_STORE_BYPASS_AUTO : SPEC_STORE_B= YPASS_NONE; =20 static const char * const ssb_strings[] =3D { [SPEC_STORE_BYPASS_NONE] =3D "Vulnerable", @@ -2626,7 +2630,7 @@ static int __init ssb_parse_cmdline(char *str) return 0; =20 if (!strcmp(str, "auto")) - ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; + ssb_mode =3D SPEC_STORE_BYPASS_AUTO; else if (!strcmp(str, "on")) ssb_mode =3D SPEC_STORE_BYPASS_DISABLE; else if (!strcmp(str, "off")) @@ -2646,11 +2650,18 @@ early_param("spec_store_bypass_disable", ssb_parse_= cmdline); =20 static void __init ssb_select_mitigation(void) { - if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) || cpu_mitigations_off()= ) { + if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) { ssb_mode =3D SPEC_STORE_BYPASS_NONE; return; } =20 + if (ssb_mode =3D=3D SPEC_STORE_BYPASS_AUTO) { + if (should_mitigate_vuln(X86_BUG_SPEC_STORE_BYPASS)) + ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; + else + ssb_mode =3D SPEC_STORE_BYPASS_NONE; + } + if (!boot_cpu_has(X86_FEATURE_SSBD)) ssb_mode =3D SPEC_STORE_BYPASS_NONE; =20 @@ -2870,6 +2881,7 @@ static int ssb_prctl_get(struct task_struct *task) return PR_SPEC_DISABLE; case SPEC_STORE_BYPASS_SECCOMP: case SPEC_STORE_BYPASS_PRCTL: + case SPEC_STORE_BYPASS_AUTO: if (task_spec_ssb_force_disable(task)) return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; if (task_spec_ssb_noexec(task)) --=20 2.34.1 From nobody Sat Oct 4 06:34:46 2025 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2085.outbound.protection.outlook.com [40.107.236.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B063F33CEBD for ; Tue, 19 Aug 2025 19:22:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.85 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631345; cv=fail; b=NkVcNY8ciIRgSPlmq1aOqAoo8IZgUpYBupxV96vkiu/gNrizMSZ+z8OVf2TGD7boi4zVhGIV/CDm0k7+rPf2QxzO7qmypYQv0UArJQOJNUzKVBxN8CKMkV82DRPulIV8kaRTckNFGG8XKZGq0JlJPOqlbeiJ72MQXkaMBOD27/U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755631345; c=relaxed/simple; bh=unOjYS+CtZZYzGHhplnALDGLMuN6GmLfmrMMksJneIA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FzAnusaq/Rwp4hQQSQ3QwA9eQs9bC1e7DAD4b6NalUhojFjoRDzt7rtYVyOM2qfe82mX3+mRE7IjP5KWWUxCsHggzrWi811Qo8PKyvs80RG7JsMTdus9xV30J1mwgcLAqzAjxkDdTBcQD0levkBPK0+BoedBTfs+/n9l9+4acwI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=mhV8Td/v; arc=fail smtp.client-ip=40.107.236.85 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="mhV8Td/v" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=du9NPt68GzLcqu8IgzdO+kcy2B/mqjyQ2Swdq7I5rUCXNNicN9E1Slr4osqOQW6jjtvygL3Ni9TCig5cYA1g1qjGKiBn3RWcKyUA3w4ok7QWUILEZCN1ekBcv2mfz9mJY1hIHSBRLtmcXc+OZ2ZAmEgX/LNnZR2omm9x4v9dNn8Y4dYadzt7ffK1PapSW1MDA7/AUL4QVCF8Nu1u5MVa2c6HPo3u97jIQQV151gj8qeUzODqiG3JSKbdlQMUyF8qExFnltq95ZjYTtGlq/JCJKsUzMI5ZXeE7FeNu2Y1L87XoknBOJwXeJa7Kie09v/o/4h6v/SGUQy5KB7Q7RR5Mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yTspkcIIDxp0S3vfzT2+66CFZcg3RyEk3kt/iCG2tJo=; b=k/pNuQysi7g79zvPwybOgwqcGRarIhl00hKWHKDQ+GZ+R41kgl74RNwHJmt1RR+LXlcybzb8C2U0qPlyv+vJccU++Gfrjv8xDClI0/+n96NJyek7PXZGlHbYhhkQJW+iGkoBeB6CDQBeaxbhnkcIEsnY0ucUvNd0/YIP5h9ZISg7f1ZyhiECumfQpoZpT2u/IBEpwPkG719kJWmImlLo75J+3V19Mnd+a4vBzHJzZerYX7eMIIbeFrfjvEdDXKEU9agQ62+x7ZCgjkAzdNaBxaTpRZhElUnl8V/gc126Xgs52dJk2B8sH/1RKmLqCBURR6wJhCOHOg6hAsbQVMmMyA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yTspkcIIDxp0S3vfzT2+66CFZcg3RyEk3kt/iCG2tJo=; b=mhV8Td/vyZe2SM0iQw4lDGzxPKF19TZyXmEHEcIQe54CEmndPn6oY/B8QmN5tvL7BKRX+BMk2mUB/dA9ji7qmgbRfQqWC2WGgmNkv65XgOaM9mOdJmK/CidIwBvjO3TJRIkB+fxZ8Ef83uE468fpOtiY9ijSkhDPtNgfaW7WVRM= Received: from BYAPR07CA0105.namprd07.prod.outlook.com (2603:10b6:a03:12b::46) by SA5PPFB1A5CE29A.namprd12.prod.outlook.com (2603:10b6:80f:fc04::8dc) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9031.25; Tue, 19 Aug 2025 19:22:20 +0000 Received: from MWH0EPF000A6731.namprd04.prod.outlook.com (2603:10b6:a03:12b:cafe::17) by BYAPR07CA0105.outlook.office365.com (2603:10b6:a03:12b::46) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.22 via Frontend Transport; Tue, 19 Aug 2025 19:22:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6731.mail.protection.outlook.com (10.167.249.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9052.8 via Frontend Transport; Tue, 19 Aug 2025 19:22:20 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 19 Aug 2025 14:22:18 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v2 5/5] x86/bugs: Remove uses of cpu_mitigations_off() Date: Tue, 19 Aug 2025 14:22:00 -0500 Message-ID: <20250819192200.2003074-6-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250819192200.2003074-1-david.kaplan@amd.com> References: <20250819192200.2003074-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6731:EE_|SA5PPFB1A5CE29A:EE_ X-MS-Office365-Filtering-Correlation-Id: a5a9212e-f076-4366-ba35-08dddf55b7a1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?VTebWXJ0yFsnzQOCSTVpu2ZUaRs86BAWtFbz17nB0p/vo00fCUAVVl8QE3IK?= =?us-ascii?Q?neiZVlama0VvqAgcXgbgu+/AGj3qAqrcDNOYZT5rlENwzdIavpn3WsXs+6/X?= =?us-ascii?Q?k2JHleE/wzSi4LkJcp9l5uyW7xxQQpSp4/wB8NRyGxawpeC3Z9et7r5d2mSU?= =?us-ascii?Q?NRDI2226Flw50+gPJx5TJ1Ow/2O+s8n9jN1TCo/8QGorT1/x4daWtS/62iUv?= =?us-ascii?Q?zZb2WfObeJXYftPVYCreZmBLGAsYmv1ul2FM8IjEYhqHGhfr/i0xscnd6TMy?= =?us-ascii?Q?G49Me2XUbU9yBsJX1DOlfT382KNCuDTFcMNC9mv2WRjdmAnx8E/F9JRAMyqs?= =?us-ascii?Q?UaGnMYUAJs7YSaT9cn31cqgttSAK0AGThvWO4l4BT/ioVK0aiN+O4Swa74od?= =?us-ascii?Q?xKwYJKAewn7ATlOlQl/SEooeV7bytjZIe6xHxw/T++YVlBk+hL7y4LwB2QI4?= =?us-ascii?Q?vmCkeNHna12zeW9m0U9EcLMy6eciEdke99Phj+uxfAd5DGiss691q0DW4VL8?= =?us-ascii?Q?9oS4BOP8RnI7kcznov5lfQHig4GD9+h7GMUTlA20XF4VQwGmSELu8NEUTzuC?= =?us-ascii?Q?HLhwfHC23qqyPiRLqwigdq3xA3Djv+F1NvTaqcs6mSo7UGjNFx13g89Ss5T+?= =?us-ascii?Q?e+ZVyKCIa/pb1rwNNvGgj2wvh5Snsm466vWvL+fzDPsS4hH0qmeauNayfvzj?= =?us-ascii?Q?JsqDNoB+4vELhwWd2IRH/Vwk2zVOve9HnQtSBdmQniIPLC678X0XyttoSGQ1?= =?us-ascii?Q?AvJFprzE310G0h+UvdFIMWV1RrxWmlIGedm/cdpoepjBGZNDmqNY00sMMsWe?= =?us-ascii?Q?TjVvfTBfoPMHsAJ84YcrtjaZYgXTjOOUgErap05aaH2maZmFdOTddST8lVz0?= =?us-ascii?Q?pkX75s96x2kTLtFQ5kRoanCU6bixxuGGV0+HLeiar5VTMCIC1SEhviPq0/Z1?= =?us-ascii?Q?hxq092hfyVf+UMU/NF+2MTolC+GGv1QTCPrbyXcp4GgEZNnht509m/t6byL1?= =?us-ascii?Q?w2Y2i8XOTPlg/JbCiYzmwZt+vbMSVvnIIBncKVtohbPgVTOstCxNsHw+CJDH?= =?us-ascii?Q?o7gT2P3mo1FzLl4P2zOd0E0ytdpmKXuYhMdI1qLNCKsOLbxmPBnq9JoU65vu?= =?us-ascii?Q?aF7jJDrOEsyklHY/6ORK+QzD3K3+SSqdPyATWchN7oEIgdE6Fj5IEMK/Rn/S?= =?us-ascii?Q?DYh9DGe63Ck/OxUqonH17E/CTlKvvp4tTStoTV77iZFf4lH9R863aGieWLml?= =?us-ascii?Q?uqw+916gDMhzb5TcnV64s2rWWhmFqEaUhZs3GaBl5aiSP7qtWybsLItdLc1G?= =?us-ascii?Q?bKfn7Hp9/9Yo9GvMZNJSJHg/9kOVKef+x8Y5z3HKxGY8Ntqa2IGTb6M3iW8d?= =?us-ascii?Q?h55tu6B+OdvZIera6IO7FKOatDqrmjIUlSmzZp1YT/NSc/r/gUeY5hOEGUnv?= =?us-ascii?Q?3RHnD8fPMq4XxzQVg3567cpRZAdBPhh6riY7XEsGfyOPu3S0F8MB0bveME8+?= =?us-ascii?Q?MCHtu0ZdVtKlliAgpT+25/Cy9NJiCt16LnzD?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2025 19:22:20.1175 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a5a9212e-f076-4366-ba35-08dddf55b7a1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6731.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA5PPFB1A5CE29A Content-Type: text/plain; charset="utf-8" cpu_mitigations_off() is no longer needed because all bugs use attack vector controls to select a mitigation, and cpu_mitigations_off() is equivalent to no attack vectors being selected. Remove the few remaining unnecessary uses of this function in this file. Signed-off-by: David Kaplan Reviewed-by: Pawan Gupta --- arch/x86/kernel/cpu/bugs.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 059269f3f56f..556b3ba638f0 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -670,8 +670,7 @@ static const char * const mmio_strings[] =3D { =20 static void __init mmio_select_mitigation(void) { - if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) || - cpu_mitigations_off()) { + if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { mmio_mitigation =3D MMIO_MITIGATION_OFF; return; } @@ -3201,14 +3200,15 @@ static void __init srso_select_mitigation(void) =20 static void __init srso_update_mitigation(void) { + if (!boot_cpu_has_bug(X86_BUG_SRSO)) + return; + /* If retbleed is using IBPB, that works for SRSO as well */ if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB && boot_cpu_has(X86_FEATURE_IBPB_BRTYPE)) srso_mitigation =3D SRSO_MITIGATION_IBPB; =20 - if (boot_cpu_has_bug(X86_BUG_SRSO) && - !cpu_mitigations_off()) - pr_info("%s\n", srso_strings[srso_mitigation]); + pr_info("%s\n", srso_strings[srso_mitigation]); } =20 static void __init srso_apply_mitigation(void) --=20 2.34.1