From nobody Thu Oct 2 15:19:19 2025 Received: from SN4PR2101CU001.outbound.protection.outlook.com (mail-southcentralusazon11012056.outbound.protection.outlook.com [40.93.195.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43FAC1F17E8 for ; Mon, 15 Sep 2025 13:47:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.93.195.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944048; cv=fail; b=Zebo08i9Z6rlL4QYsm+H0JbqPmtJNAFiNXEJVvtoBr/jQu9mOJL6yitdnd29NLyCzsxKPWDbxDh0alWAzzqkI2Ki4khSBWpvab+yQa0UBfgJlk1sf+Qh6CWYhAPNpKcCN7IxeT/X2HsIHLCCuaHmnsWtNfp2oZi8C2JMLi5VVI8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944048; c=relaxed/simple; bh=Pd6+61E5rZdyszKyISXlq3Vv4FyOVuHYlVv49riCzmg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dh8ZdpvwOp9k5aPJK3JDyOIUN2RaK8t6RaMsBCw82k0tMNLsxL3ruLwj1bON71BzPRo4MAMy6Nmidm/HgERfAf0LyiJKwIqtPbqglarGI1jrgDWAeYJCH3lrmsawOEF+SeXsWt0FEgOoFyuN8w+kCNZdsBRH9A1qYS8+rHB2pbU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=mG4BKj2L; arc=fail smtp.client-ip=40.93.195.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="mG4BKj2L" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MKmB2XE4uyAUDM7zarJ/duQz2ep8M/yxwVrQGHwuKyL4auMAE7Z3MpucMnLi9eIOfCoE3aHPANz60OVVUV9IwHjqziDcI9F1J3WEznxQFdLCoaHial+a/c0VgrVwpUMbjz9mD7m2z/kZEKQ0xrRew6/2OfhJprK4e+9QQHishMI023dxMAVjdWGoNkP0xSnAKv52OoDKr7lI+PdldWUwL0Pp8SfjzJzOI+dv6bXPwuikMdKhh4kuO3JNVperMv1440mkauW/LF+C+56BG7ZRPeI5+eP00WjYYXdv2uHPdwF0/PXSgmqVAPNVGQTu1g8d4w55x1YRjmNXxi25KDKXDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LqRBRfKLvNqicKgrOvz0tsrn52vPmIS4BuETxPYKVNw=; b=eSQorNDIHL+/1rMS+Q9KCb8BpVNNPYD+Lkwe1KyetwDSAbLw3qkjTKS5tbXMs3paL8eVBAzxukHtrFBbBCmkeESxR/GHujEPrjKsDEWEiblMOswYwxTyK6cv2qe3w3PhFI1QOMOG0fC0PgXGUi3IFn7ENCkg3R/NJuzQFd8hXaiIicW5Zf6+JRRmgNlUe1homhr7OZTcJNcFHY8bzJ198cmq4z8AmWGAOcqAfYu8FN9dkFixyTCWV0KGnh9QKlge0/e3sFk6ua5VDMabxgbiLLaqQFvu78teJv+YaDBcQBFO0eI7xKEru5eWTNJqVQQoYUY42NzJXOCt5zDELrN8wg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LqRBRfKLvNqicKgrOvz0tsrn52vPmIS4BuETxPYKVNw=; b=mG4BKj2L2JKSmhWekFGiFeP96ssU7HGYieabmMhARZahQJqYPONoPOi5+6B/q2KY0AL+DYkIU+H68KUd2/lPVZ+qrEf55P3XbJR81VbR9H2FRkP5q07tZVcHgqQOoqCCEcCctgLRS0V7Rziq00Zmx1CdwMwqM2jU2BnXKYNuY6c= Received: from SJ0PR03CA0110.namprd03.prod.outlook.com (2603:10b6:a03:333::25) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.19; Mon, 15 Sep 2025 13:47:23 +0000 Received: from SJ5PEPF000001D4.namprd05.prod.outlook.com (2603:10b6:a03:333:cafe::c9) by SJ0PR03CA0110.outlook.office365.com (2603:10b6:a03:333::25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.21 via Frontend Transport; Mon, 15 Sep 2025 13:47:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SJ5PEPF000001D4.mail.protection.outlook.com (10.167.242.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9137.12 via Frontend Transport; Mon, 15 Sep 2025 13:47:23 +0000 Received: from tiny.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 15 Sep 2025 06:47:21 -0700 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 1/7] x86/bugs: Use early_param for spectre_v2_user Date: Mon, 15 Sep 2025 08:47:00 -0500 Message-ID: <20250915134706.3201818-2-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250915134706.3201818-1-david.kaplan@amd.com> References: <20250915134706.3201818-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001D4:EE_|DM6PR12MB4371:EE_ X-MS-Office365-Filtering-Correlation-Id: 26c7723c-0f50-45dd-3056-08ddf45e661d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|7416014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?NHT+JLsTQB3+a08/58m/MHc7I+qZ/z4aL7kM/6iIcnFyic+YPxZbXTQc1+Sc?= =?us-ascii?Q?gJKUTFnIIxO3k8KZmBOyHtvCpBsAs5isje2EUNE1prlUHGGZwH2/7dtFGKV3?= =?us-ascii?Q?ZSWtG3yr5gnVrEkpKOBKR/SiCBP6zhXJmiftvcHO4wdJLvxJr20UMJudFEYw?= =?us-ascii?Q?sZNUaqOHkzai38Fin8zvjXtIbc1gfGU0Rx2hMhNNcHJwqoRsq27it3AoYIRF?= =?us-ascii?Q?9KMeSjh/5R26M561GDMPfW8vWWIOAf4efk7foLH0CSgUTtjsCwGPUAHPv6BD?= =?us-ascii?Q?HDqAvaX4wMDYUUEu9SDkSIvu2+zuCjngUootkr5WuI07S4EneNs0cgnT/8Tx?= =?us-ascii?Q?8jzssZ6363hejzkNn+fXfV5VA0vhwzHxe3azjbBPw+dg1SMHexgik9oYFOkz?= =?us-ascii?Q?javGAsOlnGz5CKTabGOsnMb7iZ73du7b4TEzmvHxfyaHRgUXv/dYZThY9i3c?= =?us-ascii?Q?SnVar8IhHQcHNj7M8sgCVl2L5JHmbTAK8iP5HqJs+fspm6sTXGXR+xR42ctP?= =?us-ascii?Q?T472+WYFzJiJA4cokHIlX8Yd6uG/etnea3PmCN+VGDZ4ezeWy4TIUxl7FZGq?= =?us-ascii?Q?Qdv0T2gwdyOIlAAbt583qzpfTETmdZgdB5bnHEnzYpRYY7dh2ijHurd0rCV9?= =?us-ascii?Q?7hoOa/cVS6T9mYNl3O9REZh8KO/GDbZgDUVD1+mwH2XL5jTSQdj5HiyhSrrS?= =?us-ascii?Q?Mr0Gdo5ys4OyB1DBZ9vc8/N7RFjsHQWczCLGoXWqyPd4MagvM/2YPlXu9ffk?= =?us-ascii?Q?JCOALTk4r3zLGPDtzFd/iUsc3VpMhX+4xueyL0wMsOzbOel7DWspf62p5oCA?= =?us-ascii?Q?ikkv16BKTT4IgpSjGwiY+BE/OxL/pK7fLejAZY+nJNe6J6vtPlKiUNsd1E2r?= =?us-ascii?Q?PhHfNz5Df+CJFWVtBvqUvh6KKdEG9+HXpFhCX8M6+lGDqRCt2sUKr8IfXPIO?= =?us-ascii?Q?nXsvIs4H4g9gQvffQZSQVEQu0texV2AXdu5dotmhXxOOODbaCHZub3RrC18R?= =?us-ascii?Q?TymH5UaBwkEycI8Z74s3MGSwsRz6eC4mNYqEC5pMTpi6BsGZdwVZEieJpOND?= =?us-ascii?Q?8MOUP3OcTdn/n6A7hav85cdfSwa6HtT/IBnNhpO/n4OxW5KiUKUE0wKnQ7uE?= =?us-ascii?Q?2D3kZtxqD8X51z3SMaaxblbgD93hLpUq473dV5YzkKKyBBAjuwkuhJrA+U05?= =?us-ascii?Q?icTAKSEyRlpuxUsDF2Hvc3i2eVAkFKXYUAOeCqWKmBv9dBW2/YEpTk3ItXuw?= =?us-ascii?Q?lYgx0pdbI/PPaudfjpTs+ljuigx0ba5cKY8iZAmOdbka/LOhTuAWBX17zEzo?= =?us-ascii?Q?OAFlNvJwljBKo6cxn/Ngeph7pEzqQinvWw6jUEjjaX7ZkB/n9pbWBj2RcmmX?= =?us-ascii?Q?OwJ7XWG121gnIlVQkfmkB0mFuLJMlgIKBgEj1I6TYPW+h0HAlecHk7pcFxJa?= =?us-ascii?Q?Yj693p3ELezJ1arWH/DEywHK3Me7hhcPZNriyOf2MB3aMSTAYAbTycED9mtB?= =?us-ascii?Q?qm2Dw6McMRmGeNCCQgdLLL4av7efK4xw4A4Q?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(7416014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2025 13:47:23.2433 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 26c7723c-0f50-45dd-3056-08ddf45e661d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001D4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Content-Type: text/plain; charset="utf-8" Most of the mitigations in bugs.c use early_param to parse their command line options. Modify spectre_v2_user to use early_param for consistency. Remove spec_v2_user_print_cond() because informing a user about their cmdline choice isn't very interesting and the chosen mitigation is already printed in spectre_v2_user_update_mitigation(). Signed-off-by: David Kaplan Reviewed-by: Pawan Gupta --- arch/x86/kernel/cpu/bugs.c | 68 +++++++++++++++----------------------- 1 file changed, 26 insertions(+), 42 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index e817bbae0159..a5072ec6e5c5 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1847,7 +1847,7 @@ enum spectre_v2_mitigation_cmd { =20 static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =3D S= PECTRE_V2_CMD_AUTO; =20 -enum spectre_v2_user_cmd { +enum spectre_v2_user_mitigation_cmd { SPECTRE_V2_USER_CMD_NONE, SPECTRE_V2_USER_CMD_AUTO, SPECTRE_V2_USER_CMD_FORCE, @@ -1857,6 +1857,9 @@ enum spectre_v2_user_cmd { SPECTRE_V2_USER_CMD_SECCOMP_IBPB, }; =20 +static enum spectre_v2_user_mitigation_cmd spectre_v2_user_cmd __ro_after_= init =3D + IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_USER_CMD_AUTO : SPE= CTRE_V2_USER_CMD_NONE; + static const char * const spectre_v2_user_strings[] =3D { [SPECTRE_V2_USER_NONE] =3D "User space: Vulnerable", [SPECTRE_V2_USER_STRICT] =3D "User space: Mitigation: STIBP protection", @@ -1865,50 +1868,31 @@ static const char * const spectre_v2_user_strings[]= =3D { [SPECTRE_V2_USER_SECCOMP] =3D "User space: Mitigation: STIBP via seccomp= and prctl", }; =20 -static const struct { - const char *option; - enum spectre_v2_user_cmd cmd; - bool secure; -} v2_user_options[] __initconst =3D { - { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, - { "off", SPECTRE_V2_USER_CMD_NONE, false }, - { "on", SPECTRE_V2_USER_CMD_FORCE, true }, - { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, - { "prctl,ibpb", SPECTRE_V2_USER_CMD_PRCTL_IBPB, false }, - { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, - { "seccomp,ibpb", SPECTRE_V2_USER_CMD_SECCOMP_IBPB, false }, -}; - -static void __init spec_v2_user_print_cond(const char *reason, bool secure) -{ - if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) !=3D secure) - pr_info("spectre_v2_user=3D%s forced on command line.\n", reason); -} - -static enum spectre_v2_user_cmd __init spectre_v2_parse_user_cmdline(void) +static int __init spectre_v2_user_parse_cmdline(char *str) { - char arg[20]; - int ret, i; - - if (!IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2)) - return SPECTRE_V2_USER_CMD_NONE; - - ret =3D cmdline_find_option(boot_command_line, "spectre_v2_user", - arg, sizeof(arg)); - if (ret < 0) - return SPECTRE_V2_USER_CMD_AUTO; + if (!str) + return -EINVAL; =20 - for (i =3D 0; i < ARRAY_SIZE(v2_user_options); i++) { - if (match_option(arg, ret, v2_user_options[i].option)) { - spec_v2_user_print_cond(v2_user_options[i].option, - v2_user_options[i].secure); - return v2_user_options[i].cmd; - } - } + if (!strcmp(str, "auto")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_AUTO; + else if (!strcmp(str, "off")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_NONE; + else if (!strcmp(str, "on")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_FORCE; + else if (!strcmp(str, "prctl")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_PRCTL; + else if (!strcmp(str, "prctl,ibpb")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_PRCTL_IBPB; + else if (!strcmp(str, "seccomp")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_SECCOMP; + else if (!strcmp(str, "seccomp,ibpb")) + spectre_v2_user_cmd =3D SPECTRE_V2_USER_CMD_SECCOMP_IBPB; + else + pr_err("Ignoring unknown spectre_v2_user option (%s).", str); =20 - pr_err("Unknown user space protection option (%s). Switching to default\n= ", arg); - return SPECTRE_V2_USER_CMD_AUTO; + return 0; } +early_param("spectre_v2_user", spectre_v2_user_parse_cmdline); =20 static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode) { @@ -1920,7 +1904,7 @@ static void __init spectre_v2_user_select_mitigation(= void) if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) return; =20 - switch (spectre_v2_parse_user_cmdline()) { + switch (spectre_v2_user_cmd) { case SPECTRE_V2_USER_CMD_NONE: return; case SPECTRE_V2_USER_CMD_FORCE: --=20 2.34.1 From nobody Thu Oct 2 15:19:19 2025 Received: from BYAPR05CU005.outbound.protection.outlook.com (mail-westusazon11010040.outbound.protection.outlook.com [52.101.85.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 935FD1F3D56 for ; Mon, 15 Sep 2025 13:47:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.85.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944049; cv=fail; b=EAtNRj8b4hw7ljfEYqDu7ZWHO94S60MsY1bhlwCcUFMTf1JOqY+/3a+xXn4vol2B3xvSptPkkb16uwlyP4jtwSR5Q6ejXe7hZnNRvw131tK5ztvVqATfOPniDeKa3Ifg1J3d7yExc6Nn68S0d4bhj4K8chcxP5JzeHjROPWbI1c= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944049; c=relaxed/simple; bh=CL5r61ZPqYvtoxkuyuhDgKKVYPcIvtA3S6/dplBgceQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dzyBa7zC9yY1xhwXC9hd2GaqMMR0RAWj+7qpBvm1y84qiwZRLuFaVrE/JbGtZlkz1x/wqdqaGbKxsGLDPqZjTDTDeeZBzGWhxIsODrjZ6L6uubUzFt4n3T+QqJkZk2gRjtKJ+PJr8ND2KjvxB8P0fLTz7G6vvJfEHFbBVokWkzo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=vmt6OepF; arc=fail smtp.client-ip=52.101.85.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="vmt6OepF" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hn+NfSUKi52k8pkyqenCgY7C4T9g2oFX17T40elG9qj3eA7i9BMFZ+A4mRiWyGioAx7uOAMiYNfQW8VuNQAlbHushSxx/0dJL/X7xkS/vbhr+XkbOsTWynud6VCLCYuxjwEswCETPhhNalNvQSJq0YYXbHFJkpoPTrNQIJc/+MyoEQIgCS1acigckXnAh3ecDxo3DO02sOKI6f17vP2wAdp625Bhpf20oDjV+yBkRI47xism7ytdOdWE5KIPq8XxOekhJBqOb6PGzwsQsplWJWWQer3G/yLOHbJDokOaWrPCcHZ7cli8HDQz5VuzNHJB5o5hDok6MLpXeYpTlHfPsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pj9FXj8QQp/CLXjmSx5sAOjVkl9+MhXF8b3d7A6yprE=; b=rer9EsVxiPAyMWNy2S41856AHOtswHxmWMGV1CwZ9TzGRBYAda/CwohQen65lUrHkHhGhAV9kM4Jn1o9s4vsbYhtsYVRgMWAgez4ZNR2rprqgyzo6dmOt7P58sCdDXzNz2oO5baVZLVT7P1HMYmoUA15rv9m6JpDxvYjdN5LvayMvExSTuily5CUJfs8LaE3T3w8KKI5v9lSCtq3/YvZjjqG1GshSjZDWvModpvh0mFVsyUjywDWG6uF3jV72ZFOG6XI0TJLzeIu8iTiyN6kDEgH8SoncvYrhpl+Clr8VZjg8VGs0L2ohey5paZGnPcvNIosClEDgTE7mroGSLGJtg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pj9FXj8QQp/CLXjmSx5sAOjVkl9+MhXF8b3d7A6yprE=; b=vmt6OepFzNUkQFQDJUCnHLyc6sOvxmsIDaVlwNf5RSHgpZ9A8T8bFhPZFad/isaKl9jWYhQ+aJGmIMC6BkW+IqBjVPOcnP/HQJVk9eh0hwaeZSS7Dq8fUae3TX7I7weqg7L44QBsiQ488DiN5nwCLks8e5HAVLMgUnDVwzdrrfA= Received: from SJ0PR03CA0104.namprd03.prod.outlook.com (2603:10b6:a03:333::19) by CH1PPF931B95D07.namprd12.prod.outlook.com (2603:10b6:61f:fc00::619) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.21; Mon, 15 Sep 2025 13:47:25 +0000 Received: from SJ5PEPF000001D4.namprd05.prod.outlook.com (2603:10b6:a03:333:cafe::1f) by SJ0PR03CA0104.outlook.office365.com (2603:10b6:a03:333::19) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.21 via Frontend Transport; Mon, 15 Sep 2025 13:47:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SJ5PEPF000001D4.mail.protection.outlook.com (10.167.242.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9137.12 via Frontend Transport; Mon, 15 Sep 2025 13:47:25 +0000 Received: from tiny.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 15 Sep 2025 06:47:22 -0700 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 2/7] x86/bugs: Use early_param for spectre_v2 Date: Mon, 15 Sep 2025 08:47:01 -0500 Message-ID: <20250915134706.3201818-3-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250915134706.3201818-1-david.kaplan@amd.com> References: <20250915134706.3201818-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001D4:EE_|CH1PPF931B95D07:EE_ X-MS-Office365-Filtering-Correlation-Id: 14751a00-5067-4a96-5d26-08ddf45e672d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?nMsDj2OeLNFiSRtH3LA4o5TI3jRGp9npd7ENMaijrHNnYoLjcWgJjEFMC0m8?= =?us-ascii?Q?AJ6r0Zt/b44H9NhCIXGzipjRfh+NlVV8EO1/bCSrdSfCjhjhzzIyA1NEPCEU?= =?us-ascii?Q?OKVs4TfLH0gz2cSW0eZwKEdW+6cm7vmXV5pU4hxwdO/t0QtiwC8jvHrceEAv?= =?us-ascii?Q?pmrElpoDJgiGGvJj2UjAaqMPgAgH1pViFrAr07qVAQABdQmC8ttlp8/FvGwt?= =?us-ascii?Q?6ufx/4oxXiLU0bggH7fNxG38KqQOvGtz6sgPkRbBh1BpOmZokUqVZLK2Uz5B?= =?us-ascii?Q?g/tH2P1HJEr3n52Ws84E5/aPjhyzftQ8CuU5hwnFdYGdpgAh6xOaTCRn6p77?= =?us-ascii?Q?np6qfNgy37CJ+L0BdQasmLvjia2ArPrxXs8wiUzZCIpv2nVd6UpbmfVplk6j?= =?us-ascii?Q?13RuZZyC7DkhPB7S8e/iN8+s01hPpXFAjmGv7W6GsmSimrqWKv49cBp1d9PO?= =?us-ascii?Q?2dcPWTimmYYJa6ajXPl9YSLsKWApS6IcgxNYGEpLnmNusImu2K9mqkoevSIR?= =?us-ascii?Q?1YPomncG47pjDFTqYCUZTOcQONoTdytcwOg3ISAPpR8mtRjjPXSwKDyT1FQQ?= =?us-ascii?Q?jRR6GMSGKcMgnT/pbAd6OTu/JUtXFfUD03kxta7YPFvq1l9x8jbwme1PGiYt?= =?us-ascii?Q?DJO1h+c0uFuFHay9DygS0miwOprXeLDbIY8fj44ndNjPK2QYQLpSgarBHkqS?= =?us-ascii?Q?Bi/cXQZpsEjkCg2eGSv579AcOxrTcXb4MqF8RqUDXvZO4cyhqeYfEqSAyN0f?= =?us-ascii?Q?g2QemZ/2zq1gr+uGeGBCGwJyAz8Di38isp4dPq8AylcTU73xEgNSny/449Hc?= =?us-ascii?Q?V6frEIW/3MV7LvZr8CSEiyEd6r8n5aWTNKzeUOro6kbm/1hMXZzmsr606mox?= =?us-ascii?Q?2gv6GqlMAgNVVWbdbnPt1CfXQ8Dsrs1307JZulVbgKlNXN6fNSuiMmiVlc1B?= =?us-ascii?Q?vMcnUfNB3nOvmfp+qAiHkqpkN90VHohp3fvr+rfkxbCRfiw4JFy0TUeuKZY6?= =?us-ascii?Q?MBRN9kE4uRllNjtigxLM22DB8S0htSef8bkWFdEJjIR6eI1cqS0vQ/h1LJnA?= =?us-ascii?Q?7DRKyWmZ+YBYUV3IBFyI4wUhagq2olVEwhx+GKUdZ45VW1YfEzQnhusfvMXS?= =?us-ascii?Q?XnN9Ec06fmHrUNJkBipBmCMXiatYp1dXEwK5/DF1+4oaDAKMqSPoG1YT6EY/?= =?us-ascii?Q?d+euAGI4oDCcrziDl/+JllUTqVtzIgpJEIbbN2BdgeiaKrrTS/3B0KBuRkVn?= =?us-ascii?Q?K3xUX4HV2Fps9RTY1s9geSCzd4oiayKn0ZP/ypWwQShDgH5r8EvOgqVmirmF?= =?us-ascii?Q?N4yo46cIomM9143iJlgBCXJi2H4wOBJXXQMJk+sULCB6Ly8mT9/6/pTJHDZC?= =?us-ascii?Q?pSJMZEycDO8AcLD/5+Iee42AgDNCf03umY3tBvcjwywX8S0tixCXSkCFdiBK?= =?us-ascii?Q?h4iFXjFrD1amdP2VV+wsKFuodAPXPc3wK54CDPq/OvV7r8kO33mwNjWQVd1V?= =?us-ascii?Q?aCNXe2EHnk+OKEFC+vouyJGWloBIphgIFd7X?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2025 13:47:25.0273 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 14751a00-5067-4a96-5d26-08ddf45e672d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001D4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH1PPF931B95D07 Content-Type: text/plain; charset="utf-8" Most of the mitigations in bugs.c use early_param for command line parsing. Rework the spectre_v2 and nospectre_v2 command line options to be consistent with the others. Remove spec_v2_print_cond() as informing the user of the their cmdline choice isn't interesting. Signed-off-by: David Kaplan Reviewed-by: Pawan Gupta --- arch/x86/kernel/cpu/bugs.c | 186 +++++++++++++++++-------------------- 1 file changed, 87 insertions(+), 99 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index a5072ec6e5c5..aa2eb2e7878f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1845,7 +1845,8 @@ enum spectre_v2_mitigation_cmd { SPECTRE_V2_CMD_IBRS, }; =20 -static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =3D S= PECTRE_V2_CMD_AUTO; +static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO : SPECTRE_= V2_CMD_NONE; =20 enum spectre_v2_user_mitigation_cmd { SPECTRE_V2_USER_CMD_NONE, @@ -2039,112 +2040,51 @@ static const char * const spectre_v2_strings[] =3D= { [SPECTRE_V2_IBRS] =3D "Mitigation: IBRS", }; =20 -static const struct { - const char *option; - enum spectre_v2_mitigation_cmd cmd; - bool secure; -} mitigation_options[] __initconst =3D { - { "off", SPECTRE_V2_CMD_NONE, false }, - { "on", SPECTRE_V2_CMD_FORCE, true }, - { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, - { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_LFENCE, false }, - { "retpoline,lfence", SPECTRE_V2_CMD_RETPOLINE_LFENCE, false }, - { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, - { "eibrs", SPECTRE_V2_CMD_EIBRS, false }, - { "eibrs,lfence", SPECTRE_V2_CMD_EIBRS_LFENCE, false }, - { "eibrs,retpoline", SPECTRE_V2_CMD_EIBRS_RETPOLINE, false }, - { "auto", SPECTRE_V2_CMD_AUTO, false }, - { "ibrs", SPECTRE_V2_CMD_IBRS, false }, -}; +static bool nospectre_v2 __ro_after_init; =20 -static void __init spec_v2_print_cond(const char *reason, bool secure) +static int __init nospectre_v2_parse_cmdline(char *str) { - if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) !=3D secure) - pr_info("%s selected on command line.\n", reason); + nospectre_v2 =3D true; + spectre_v2_cmd =3D SPECTRE_V2_CMD_NONE; + return 0; } +early_param("nospectre_v2", nospectre_v2_parse_cmdline); =20 -static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) +static int __init spectre_v2_parse_cmdline(char *str) { - enum spectre_v2_mitigation_cmd cmd; - char arg[20]; - int ret, i; - - cmd =3D IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO := SPECTRE_V2_CMD_NONE; - if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) - return SPECTRE_V2_CMD_NONE; - - ret =3D cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(= arg)); - if (ret < 0) - return cmd; - - for (i =3D 0; i < ARRAY_SIZE(mitigation_options); i++) { - if (!match_option(arg, ret, mitigation_options[i].option)) - continue; - cmd =3D mitigation_options[i].cmd; - break; - } - - if (i >=3D ARRAY_SIZE(mitigation_options)) { - pr_err("unknown option (%s). Switching to default mode\n", arg); - return cmd; - } - - if ((cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE || - cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_LFENCE || - cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_GENERIC || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_RETPOLINE) && - !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) { - pr_err("%s selected but not compiled in. Switching to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } - - if ((cmd =3D=3D SPECTRE_V2_CMD_EIBRS || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_RETPOLINE) && - !boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) { - pr_err("%s selected but CPU doesn't have Enhanced or Automatic IBRS. Swi= tching to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } - - if ((cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_LFENCE || - cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE) && - !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { - pr_err("%s selected, but CPU doesn't have a serializing LFENCE. Switchin= g to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } - - if (cmd =3D=3D SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_= ENTRY)) { - pr_err("%s selected but not compiled in. Switching to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } - - if (cmd =3D=3D SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor !=3D X86_V= ENDOR_INTEL) { - pr_err("%s selected but not Intel CPU. Switching to AUTO select\n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } + if (!str) + return -EINVAL; =20 - if (cmd =3D=3D SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATURE_IBRS)) { - pr_err("%s selected but CPU doesn't have IBRS. Switching to AUTO select\= n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } + if (nospectre_v2) + return 0; =20 - if (cmd =3D=3D SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_FEATURE_XEN= PV)) { - pr_err("%s selected but running as XenPV guest. Switching to AUTO select= \n", - mitigation_options[i].option); - return SPECTRE_V2_CMD_AUTO; - } + if (!strcmp(str, "off")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_NONE; + else if (!strcmp(str, "on")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_FORCE; + else if (!strcmp(str, "retpoline")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE; + else if (!strcmp(str, "retpoline,amd") || + !strcmp(str, "retpoline,lfence")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE_LFENCE; + else if (!strcmp(str, "retpoline,generic")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE_GENERIC; + else if (!strcmp(str, "eibrs")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS; + else if (!strcmp(str, "eibrs,lfence")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS_LFENCE; + else if (!strcmp(str, "eibrs,retpoline")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS_RETPOLINE; + else if (!strcmp(str, "auto")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + else if (!strcmp(str, "ibrs")) + spectre_v2_cmd =3D SPECTRE_V2_CMD_IBRS; + else + pr_err("Ignoring unknown spectre_v2 option (%s).", str); =20 - spec_v2_print_cond(mitigation_options[i].option, - mitigation_options[i].secure); - return cmd; + return 0; } +early_param("spectre_v2", spectre_v2_parse_cmdline); =20 static enum spectre_v2_mitigation __init spectre_v2_select_retpoline(void) { @@ -2330,9 +2270,57 @@ static void __init bhi_apply_mitigation(void) setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT); } =20 +static void __init spectre_v2_check_cmd(void) +{ + if ((spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_LFENCE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_GENERIC || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_RETPOLINE) && + !IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) { + pr_err("RETPOLINE selected but not compiled in. Switching to AUTO select= \n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if ((spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_RETPOLINE) && + !boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) { + pr_err("EIBRS selected but CPU doesn't have Enhanced or Automatic IBRS. = Switching to AUTO select\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if ((spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_RETPOLINE_LFENCE || + spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_EIBRS_LFENCE) && + !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { + pr_err("LFENCE selected, but CPU doesn't have a serializing LFENCE. Swit= ching to AUTO select\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIG= ATION_IBRS_ENTRY)) { + pr_err("IBRS selected but not compiled in. Switching to AUTO select\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor= !=3D X86_VENDOR_INTEL) { + pr_err("IBRS selected but not Intel CPU. Switching to AUTO select\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATUR= E_IBRS)) { + pr_err("IBRS selected but CPU doesn't have IBRS. Switching to AUTO selec= t\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } + + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_= FEATURE_XENPV)) { + pr_err("IBRS selected but running as XenPV guest. Switching to AUTO sele= ct\n"); + spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; + } +} + static void __init spectre_v2_select_mitigation(void) { - spectre_v2_cmd =3D spectre_v2_parse_cmdline(); + spectre_v2_check_cmd(); =20 if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_NONE || spectre_v2_cmd =3D=3D S= PECTRE_V2_CMD_AUTO)) --=20 2.34.1 From nobody Thu Oct 2 15:19:19 2025 Received: from SA9PR02CU001.outbound.protection.outlook.com (mail-southcentralusazon11013018.outbound.protection.outlook.com [40.93.196.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15DA93191D0 for ; Mon, 15 Sep 2025 13:47:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.93.196.18 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944052; cv=fail; b=nLPUzemz9t5gf2Bgxa1+1kk4sQ6PAY21plOnIFzAWDyDqlCFRLCDjGMUtmceGJJ34J/cYDUpFkpl00r7r9TEBzNBcqluFRgDpQfYkwGmAgIiZiLXHWJKryctbPg+QXA814Le/Dd5usFAyi0lapxyTvqqC5cF2I3/uQYDoU/pqBk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944052; c=relaxed/simple; bh=AtGw9s6rfZrovj3Y64tN7QL11z/f3M9R+mWqdEZFdxM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=b+YV+egJ/tyhCbLM7ySgiU+QM0zVbIhw2tTDrcASv/EqElmFMJx5OgHlAGBkrMe+HmZEeBKI/2SUHYeNVoEz1CPTWRnCRU/trD541N/HcIg2+yj+wkPfwPMLpfv4z/In09dhyOQnlAzW/jdtx2Cl3ms9KmSRtQPedGWDAcXItuI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Q3QhaDlW; arc=fail smtp.client-ip=40.93.196.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Q3QhaDlW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fP5IHkVXICr7SllxqXEuG43YYgbo3wboOoPEN/GRRcnU2R/qbr6NkWhRAqLKhRRWoDuZVIR6ATHtwhnLaca1aeWNxLUkgf83w4TNrIZtPQthdiHtqMbmP7i6pjN89mr9P1OBb7GMJivazybJhiwvC436ZrpxqsmdNTnWvafwYoKpcFPOPU7Va7mioDMM7We0qQvB6BEpZKDrQ3oJ3/tQpdP3rXs5McwmlMBqT8L6xIQqUVoXJmpOHmGG4wdlsDgP7CAf146wfkIPd5gkOpA4VAEk2zozNZK9HMiz4ZTbeGF3vQNj6CQEqVqDkP3NGoktqLKLm+/mBhn/Mth8JtmdFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RXbYvvyEb4qjFyv3M6LQxTSj+13XoB2ld3iGGuDEjFc=; b=hDtd2J1g3nP93aaDe71/EQltxceP/dqYXJctVDDTrWjXXBhs6j0ychORsoK/SeWvvtWNafW0kB3sWSarpM4LaiNCrrmpht8/GUupv2asn1M/KfhZjzkPAFI+cQlk225wObJkicaVh7jLpxQUD9nZ01vEaNdHZ7rXyWMLtK2aiOd7f2CHAm4FVFD+4BJtROFOX0X0qaea9w+WNBrvEOP0cCiz+FKGn87my8xIJkqlJXMX1mvhljkdxl9tuAEydk/xwlZAco4eQVXQwV9KQWsRp9bxXyrMQQvIHQdJECgneO0abcIAvAlPzEZSt/7nE2bceHVTuGZFBd04bft7QGSTaA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RXbYvvyEb4qjFyv3M6LQxTSj+13XoB2ld3iGGuDEjFc=; b=Q3QhaDlW6lrCXRsSP4ACsBXzoFOD4uGaH5EK+Hm0OvGjpDr+BfzfVgVPWjuIsUThrUN63kqBbyqIta/9o8fuvisHsJ2wr9xEb1J9F4/8jMAGofwtJFkUbfg8A5J0bWOjtyN9K+LUv7CEfcmfawouLUP9+NRvUIQu9Q8I8vM4HR4= Received: from SJ0PR03CA0107.namprd03.prod.outlook.com (2603:10b6:a03:333::22) by SN7PR12MB7276.namprd12.prod.outlook.com (2603:10b6:806:2af::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9094.22; Mon, 15 Sep 2025 13:47:26 +0000 Received: from SJ5PEPF000001D4.namprd05.prod.outlook.com (2603:10b6:a03:333:cafe::4) by SJ0PR03CA0107.outlook.office365.com (2603:10b6:a03:333::22) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.19 via Frontend Transport; Mon, 15 Sep 2025 13:47:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SJ5PEPF000001D4.mail.protection.outlook.com (10.167.242.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9137.12 via Frontend Transport; Mon, 15 Sep 2025 13:47:25 +0000 Received: from tiny.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 15 Sep 2025 06:47:22 -0700 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 3/7] x86/bugs: Simplify SSB cmdline parsing Date: Mon, 15 Sep 2025 08:47:02 -0500 Message-ID: <20250915134706.3201818-4-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250915134706.3201818-1-david.kaplan@amd.com> References: <20250915134706.3201818-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001D4:EE_|SN7PR12MB7276:EE_ X-MS-Office365-Filtering-Correlation-Id: 5cbc9321-fb3a-4e06-6f82-08ddf45e679c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|7416014|376014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?hUrxlHTQz3W7p7ovls/jgIYmXupQc6sCwXIl7sacZZfLZdJDWOI1vNwK1HhV?= =?us-ascii?Q?ylXFNxVcnIBjwS2vdqyY1eIhoJFo46OpGcdZyc1AT3aK7B8/BdUqvrPznXLm?= =?us-ascii?Q?V+g4ywDlzlqs0yYmgoIZtrDtCgFcfOzg9miHlm+8HFdhLaBNBCwMDMsDuy+e?= =?us-ascii?Q?oi55GIt6rnFhRgwnA/wfdpllhUa1f7nGRcrn6cIwv9SrSZZjEwxlTPm1jzpy?= =?us-ascii?Q?ccL5qKmj7zDEC/4FzzD7+xZrsglvSZ9lj24T+j/ZGyCK/voD67cc8mUiUqFf?= =?us-ascii?Q?7j/FSdXgQBZW3sqpkI4DagvIj3yWWhiqdzzLmyMlHZyiUSTCIrEboU1DOvyI?= =?us-ascii?Q?HoSyZlcoqpqlh47qQlEqRojZ5q59HamrPv18DLF+uYXHwPiWlTCjfStA347i?= =?us-ascii?Q?WCCf3YrLBPSDCG3mXfdlRj87SABEydTR0zFjdRKuSSO33adQ/bbW9f47fQDR?= =?us-ascii?Q?XJFNQRhSW0UodfzTyKdfIbbenZ/dJYqmncDm0ZNTkck3hmJy+1zYwm/pHuaJ?= =?us-ascii?Q?XqwY9K18m4J/LMG/beEFUmSGCabr3Q07VIfqfAxPZ0AjNgaCTeHl9hv6vSmu?= =?us-ascii?Q?vCLYxqFWuvP+eacm6RVyNvHI5rgQoJdYfLBaUS1vNZHu2cQjcJL/ALKk72El?= =?us-ascii?Q?xUqLGLBu+dHzrn3gb/3GmgGt/mFvXXMau5HlNUS0Y5agK5/+aJ+gIA9xoDeM?= =?us-ascii?Q?hkmtZcneH/nYZiWktSvwNfyi9pkYLqWn6wEaRXIB9X6zOV5Mx0WuD9nA6fg1?= =?us-ascii?Q?nFEQjK69/cF5SF6UvQ5ZHPyjpGWBD6iyArcfVPvgetMX5OMOFZrzCGKdQsCb?= =?us-ascii?Q?gheqJdI1PjJASnJaI9jCvqn+d04JLSToU63Puh1CUAxI0CuA/d+27GnYgVdo?= =?us-ascii?Q?8lyKGXXsvMEQ8auts9RUtHrcGDTPZ9zeuXlZi585Rr1f9S2vEHR0m8QQ/bdy?= =?us-ascii?Q?NlA5zigbEvZqCa8TaG/9Su/C6mYQRgm3RGS35HucZucf/OI+TcdcTVy+Ssqq?= =?us-ascii?Q?D+NTMm/XtLod4cn9LgBhGRiCGqz9emwjCDQrHhWIj0nh/So5pMp7QyGksu20?= =?us-ascii?Q?D7n+hwyFgcE1IuEQpGVs8yfLtZBA3QZ/PeD/S0ksySKyadTMK1IpZFwSFCpY?= =?us-ascii?Q?0+vkCHkGv2NgK4N3hpOA0VLew9PpnRUgHO+7dShFevkyuVP/W7YusYF3Q9sg?= =?us-ascii?Q?NeFpmjqT79huWc5I/NH/Pauo4Wlo5hI15sdwBsVo3PI8e87fFBQQZgNxe2eA?= =?us-ascii?Q?z4UZJTefsOY1jZInWUEPVwuNhD8zEwSm55YNOrvMrfatDCBupZD3+8Z94czj?= =?us-ascii?Q?Hvf2wkCQMp5Bomg2WBbuX99qdxOLWii/ErLySQY9/t7xQZA2CiMJlglalaVk?= =?us-ascii?Q?UTJ+ez0hc4C0Gk4vJo5/EiKFwtccmCq3F0uKtLWC2FUI41tiRIeuVl6X47xH?= =?us-ascii?Q?5Y7UR6CoG6aLGtHrFYRnmd1dx1cwL41OzcTPZOTGTYNTgI00iAbgSDLl2UeR?= =?us-ascii?Q?b1/qp/yRYda2hF7htWlqBHBK37bsgx4r9uDq?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(7416014)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2025 13:47:25.7542 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5cbc9321-fb3a-4e06-6f82-08ddf45e679c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001D4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7276 Content-Type: text/plain; charset="utf-8" Simplify the SSB command line parsing by selecting a mitigation directly, as is done in most of the simpler vulnerabilities. Use early_param instead of cmdline_find_option for consistency with the other mitigation selections. Signed-off-by: David Kaplan Reviewed-by: Pawan Gupta --- arch/x86/include/asm/nospec-branch.h | 1 + arch/x86/kernel/cpu/bugs.c | 120 +++++++++------------------ 2 files changed, 41 insertions(+), 80 deletions(-) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/no= spec-branch.h index e29f82466f43..08ed5a2e46a5 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -514,6 +514,7 @@ enum spectre_v2_user_mitigation { /* The Speculative Store Bypass disable variants */ enum ssb_mitigation { SPEC_STORE_BYPASS_NONE, + SPEC_STORE_BYPASS_AUTO, SPEC_STORE_BYPASS_DISABLE, SPEC_STORE_BYPASS_PRCTL, SPEC_STORE_BYPASS_SECCOMP, diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index aa2eb2e7878f..fe57e890d56c 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2530,16 +2530,8 @@ static void update_mds_branch_idle(void) #undef pr_fmt #define pr_fmt(fmt) "Speculative Store Bypass: " fmt =20 -static enum ssb_mitigation ssb_mode __ro_after_init =3D SPEC_STORE_BYPASS_= NONE; - -/* The kernel command line selection */ -enum ssb_mitigation_cmd { - SPEC_STORE_BYPASS_CMD_NONE, - SPEC_STORE_BYPASS_CMD_AUTO, - SPEC_STORE_BYPASS_CMD_ON, - SPEC_STORE_BYPASS_CMD_PRCTL, - SPEC_STORE_BYPASS_CMD_SECCOMP, -}; +static enum ssb_mitigation ssb_mode __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_SSB) ? SPEC_STORE_BYPASS_AUTO : SPEC_STORE_B= YPASS_NONE; =20 static const char * const ssb_strings[] =3D { [SPEC_STORE_BYPASS_NONE] =3D "Vulnerable", @@ -2548,94 +2540,61 @@ static const char * const ssb_strings[] =3D { [SPEC_STORE_BYPASS_SECCOMP] =3D "Mitigation: Speculative Store Bypass dis= abled via prctl and seccomp", }; =20 -static const struct { - const char *option; - enum ssb_mitigation_cmd cmd; -} ssb_mitigation_options[] __initconst =3D { - { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ - { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store By= pass */ - { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Stor= e Bypass */ - { "prctl", SPEC_STORE_BYPASS_CMD_PRCTL }, /* Disable Speculative Store = Bypass via prctl */ - { "seccomp", SPEC_STORE_BYPASS_CMD_SECCOMP }, /* Disable Speculative Stor= e Bypass via prctl and seccomp */ -}; +static bool nossb __ro_after_init; =20 -static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) +static int __init nossb_parse_cmdline(char *str) { - enum ssb_mitigation_cmd cmd; - char arg[20]; - int ret, i; - - cmd =3D IS_ENABLED(CONFIG_MITIGATION_SSB) ? - SPEC_STORE_BYPASS_CMD_AUTO : SPEC_STORE_BYPASS_CMD_NONE; - if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disa= ble") || - cpu_mitigations_off()) { - return SPEC_STORE_BYPASS_CMD_NONE; - } else { - ret =3D cmdline_find_option(boot_command_line, "spec_store_bypass_disabl= e", - arg, sizeof(arg)); - if (ret < 0) - return cmd; + nossb =3D true; + ssb_mode =3D SPEC_STORE_BYPASS_NONE; + return 0; +} +early_param("nospec_store_bypass_disable", nossb_parse_cmdline); =20 - for (i =3D 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { - if (!match_option(arg, ret, ssb_mitigation_options[i].option)) - continue; +static int __init ssb_parse_cmdline(char *str) +{ + if (!str) + return -EINVAL; =20 - cmd =3D ssb_mitigation_options[i].cmd; - break; - } + if (nossb) + return 0; =20 - if (i >=3D ARRAY_SIZE(ssb_mitigation_options)) { - pr_err("unknown option (%s). Switching to default mode\n", arg); - return cmd; - } - } + if (!strcmp(str, "auto")) + ssb_mode =3D SPEC_STORE_BYPASS_AUTO; + else if (!strcmp(str, "on")) + ssb_mode =3D SPEC_STORE_BYPASS_DISABLE; + else if (!strcmp(str, "off")) + ssb_mode =3D SPEC_STORE_BYPASS_NONE; + else if (!strcmp(str, "prctl")) + ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; + else if (!strcmp(str, "seccomp")) + ssb_mode =3D IS_ENABLED(CONFIG_SECCOMP) ? + SPEC_STORE_BYPASS_SECCOMP : SPEC_STORE_BYPASS_PRCTL; + else + pr_err("Ignoring unknown spec_store_bypass_disable option (%s).\n", + str); =20 - return cmd; + return 0; } +early_param("spec_store_bypass_disable", ssb_parse_cmdline); =20 static void __init ssb_select_mitigation(void) { - enum ssb_mitigation_cmd cmd; - - if (!boot_cpu_has(X86_FEATURE_SSBD)) - goto out; - - cmd =3D ssb_parse_cmdline(); - if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) && - (cmd =3D=3D SPEC_STORE_BYPASS_CMD_NONE || - cmd =3D=3D SPEC_STORE_BYPASS_CMD_AUTO)) + if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) { + ssb_mode =3D SPEC_STORE_BYPASS_NONE; return; + } =20 - switch (cmd) { - case SPEC_STORE_BYPASS_CMD_SECCOMP: - /* - * Choose prctl+seccomp as the default mode if seccomp is - * enabled. - */ - if (IS_ENABLED(CONFIG_SECCOMP)) - ssb_mode =3D SPEC_STORE_BYPASS_SECCOMP; - else - ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; - break; - case SPEC_STORE_BYPASS_CMD_ON: - ssb_mode =3D SPEC_STORE_BYPASS_DISABLE; - break; - case SPEC_STORE_BYPASS_CMD_AUTO: + if (ssb_mode =3D=3D SPEC_STORE_BYPASS_AUTO) { if (should_mitigate_vuln(X86_BUG_SPEC_STORE_BYPASS)) ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; else ssb_mode =3D SPEC_STORE_BYPASS_NONE; - break; - case SPEC_STORE_BYPASS_CMD_PRCTL: - ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; - break; - case SPEC_STORE_BYPASS_CMD_NONE: - break; } =20 -out: - if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) - pr_info("%s\n", ssb_strings[ssb_mode]); + if (!boot_cpu_has(X86_FEATURE_SSBD)) + ssb_mode =3D SPEC_STORE_BYPASS_NONE; + + pr_info("%s\n", ssb_strings[ssb_mode]); } =20 static void __init ssb_apply_mitigation(void) @@ -2851,6 +2810,7 @@ static int ssb_prctl_get(struct task_struct *task) return PR_SPEC_DISABLE; case SPEC_STORE_BYPASS_SECCOMP: case SPEC_STORE_BYPASS_PRCTL: + case SPEC_STORE_BYPASS_AUTO: if (task_spec_ssb_force_disable(task)) return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; if (task_spec_ssb_noexec(task)) --=20 2.34.1 From nobody Thu Oct 2 15:19:19 2025 Received: from MW6PR02CU001.outbound.protection.outlook.com (mail-westus2azon11012013.outbound.protection.outlook.com [52.101.48.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE4EB315765 for ; Mon, 15 Sep 2025 13:47:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.48.13 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944052; cv=fail; b=h4FddIhCbcI1ixtKII1Ws375Xp7Nipe7kWmniMqi+bpYNoQ66QcUy1uG3bmGuWr6ueC8Ryzs0m/vdVTb2DKIuQThhR4LX7sI9Z28btT/Fjo9b3xONOLBjbZpuZG3Xox0EDKZ+0vIr41RFCXwFhbZSvsFxsEftHMpJ9O1cdbBRFo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944052; c=relaxed/simple; bh=T8laaNVb4oMMJHdLFSQrFzNQ7shsJyyNIsFXh//ywd0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cdnRcDFzF+KLMJZcQJAW0cX4EFlxhcADLlHdJN7MYHozy04M/yXCe470q9fZzrhederWYDXc5NzZVc/yTeq3sUqlPRxRwioj71g6RvVVT7064GmYddu2aCoBZY5lvAMFGEkV7Tl3dI0XbZK0DZ/r0oEVIpnZb8UJM6fucHbAsgE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=hR/9PDE9; arc=fail smtp.client-ip=52.101.48.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="hR/9PDE9" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BJhxncT0xqhdKCT1b6wahMqyixj5tUjGnHQbjz+jPhbpaY1+hyVtwkuMQ0Vlc4YHzJk4LgjXf2t+XBtoFkeH6+NfUY8R/a4xjOXyPngyXhvVyFaVBlTP89HUPCkokJsAEpouL/HCZXUIR2OZ7EoK8OLxzME9vXH9AgJophv8nb+IsVcYpndCHGuqKYlnLKXUoB4h8yX3R8Uucye2rL1W94Ga441gvYxhDMLCA7E00q0EyVCQcICLSGb0gsFI77iGu31vhNXeUQW0PDayN7E0d5L+p+P92ryA0RgRiAoIZrmuGRtDL02GqaAb1tl23AAiNTv6SVg5PJC3YnKumtxOpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3H7LIWW4xbUPUOesIu4iqZaED8yLEtigQJkPuF3SHQg=; b=PPVlBJd4Gt4YYlEDQYpFurAq5ama0TwXIjt1tkE4pc70Bawny6lefB67UHm7n7NiJw3F9zYd35LSoOir+/xo2nxDzHFZk1RWFlG5ZGyRO3QAeiInsfnfKaN6Z9toqaxNn/UhyQ8rrrhziL55JHfQd64G45X62oWHCDneu3EL3qsLCrOVPn9FxVOrRiUwMeN4HT9mWdvhHuPrE1h6BTa2ygZIyRXIhLrh3gsojY3b6wtFuoI2Gnd9Uwtd/sSdCg+wj+BevEgAVkyAGkTK/BZoYSPovpvj9UoSi+Ze4KmwB2A2NX5yssPQNMXzHa+PXs5d4AZhBKTZkHiSF1EI52xPIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3H7LIWW4xbUPUOesIu4iqZaED8yLEtigQJkPuF3SHQg=; b=hR/9PDE9axy9Eve8BfO8a0gy7YxXkIFed1/WkPc3ucuo3HCP2xh45Z6qHxHUH7EFY218gzktcFkNrUq9DaE2REy1J+Lz2FzGF/C5Dd8zWgaofHra9HFVPje/kdlK+ULafS2sGs1IqQN8C7svXV9G7JiEHzbnCq24ewIh5RZ1PQ0= Received: from SJ0PR03CA0116.namprd03.prod.outlook.com (2603:10b6:a03:333::31) by MW4PR12MB7238.namprd12.prod.outlook.com (2603:10b6:303:229::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.22; Mon, 15 Sep 2025 13:47:26 +0000 Received: from SJ5PEPF000001D4.namprd05.prod.outlook.com (2603:10b6:a03:333:cafe::e9) by SJ0PR03CA0116.outlook.office365.com (2603:10b6:a03:333::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.21 via Frontend Transport; Mon, 15 Sep 2025 13:47:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SJ5PEPF000001D4.mail.protection.outlook.com (10.167.242.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9137.12 via Frontend Transport; Mon, 15 Sep 2025 13:47:26 +0000 Received: from tiny.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 15 Sep 2025 06:47:23 -0700 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 4/7] x86/bugs: Remove uses of cpu_mitigations_off() Date: Mon, 15 Sep 2025 08:47:03 -0500 Message-ID: <20250915134706.3201818-5-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250915134706.3201818-1-david.kaplan@amd.com> References: <20250915134706.3201818-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001D4:EE_|MW4PR12MB7238:EE_ X-MS-Office365-Filtering-Correlation-Id: 35ac21a0-0fae-4a7f-cfbf-08ddf45e6814 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?nUM+fnDaosWMjpWQvCEnIRBT4HERfIK6MRc6NXkqbOuLPMljKbuyDpsCbgCt?= =?us-ascii?Q?K9938tU9EOw8RdfRlDSUDjPEqSaPIYlb4/HkD1tzfBHkyUf5bOYqZ5vyZbET?= =?us-ascii?Q?vTPNG71gd27h4i0KOIJDW0+nV1ikk937b2BLVHVKA1Nx9A0S7YXuhmK8N1zL?= =?us-ascii?Q?yHTWb+S0P76syipbD1/FqsQYLnrxYQ8ckzYQwvasNc748z3JIxM9PFio0gMl?= =?us-ascii?Q?NLa05U8vLI3zG1E8JPTFkN+4M7I9FmIT+QdFK3FPXfVu40xZsRC1V7WDFO+q?= =?us-ascii?Q?916y0XtvVOcI+GjdI9BQLC7S3Go122m47hAdsm5IbLL7QfnhKZNEnqCwvI54?= =?us-ascii?Q?7WCqV5vKgNhW8L85z7bsi/5NkFH/ZwhLHsingaJQ70js9EE6y0PiUaqig38d?= =?us-ascii?Q?75Qu5VWeOeypnnC+Wx+4UA72f9j9tRyCoNW8w4AiC122oEIdRm9cEflXzV7r?= =?us-ascii?Q?PmZ5Mms4hFj0oftoC0hs9QQYJvSesglymVwr2LtnfWN7A1vAHcP9T4y0Y4zk?= =?us-ascii?Q?st3XghGQ3fj6NZT3A3GUCcVOVlyYA/60qjaJ5f/g1O6XeyOv9EvIQbgRQiXU?= =?us-ascii?Q?Ma+2agplw/U+TrWQii0oNAVXNaXKwL76Tl1smNGVXrN8JaIHiFU9FIaBBwLm?= =?us-ascii?Q?kQZwVkm/OL4ZtfzS2VD8eR5YBj/zs5jjl+JZyudORreeRtsWfR/1bLRKO01U?= =?us-ascii?Q?Sgp3FEXAdYZsmcSpsEN3waFkcZdSvwLLwDAC8Ycgpjn1nWI2yMyiyMaD64ah?= =?us-ascii?Q?Semu0o7ooWg6iRlec5BWDldoh716FTsExbNr+iZnukPdzKqTfsFRpZN03kqV?= =?us-ascii?Q?d21NhUr0yhN7u0git1+nU7bkxfhhR/S+gbUavGs1WnGzNNj5FsMs2pLXq8Pp?= =?us-ascii?Q?+tf6n8oONaZ2nCL5TlWtuKA/KkvJWEJrZaFibuHu3zsQC3lvEcDj3YCceltQ?= =?us-ascii?Q?FG3nNfQTqf6dUlLRBnHS5LzL75ipBauiDF3YRN9MciP7qgYvSJqXsUNKkocP?= =?us-ascii?Q?y/sjg8AvpzhEh6VW0OvSQuUV3LfcLms7NM3lUuLVwwXDQHrueANuNc9a2rDR?= =?us-ascii?Q?2Yd1RSwfC8ReaFDUZTwMsxmY252IHbFnS6hIfOdHqQiYYT+K3pgkUuTRQY+Y?= =?us-ascii?Q?wqLLF/05Ko42noLViHQ6wNAWNcyGjuBA/VuBC1aSvBiXnh2wrFqSiM95KUIs?= =?us-ascii?Q?IH/1TKMcnTv2JWTSoFmgjqp6rEKVLA/BERWJSXaQD0hckxRbEtjaxAndPnEe?= =?us-ascii?Q?RukiaNUQJoCSD869WRsjk/aLGVZfudDa/KGh0g4fOf0zHSzbuoVParlq92Gz?= =?us-ascii?Q?3HVbaHmtA61Og7H83/xg5UX1ZYbCaYDE3Tnxm47Q7Tdr7MYRNuiMlclX76IO?= =?us-ascii?Q?FhLC/LZuhys3rI+LuOkWFuTeuCyqLahfIOTicMBgP1qMMSgh4EGhJaf+itci?= =?us-ascii?Q?Ql9Y4r55UZnJlHTg03tX6W7q97fW3OqwH0Vw+QW9JrKQ9oxnGzw2YNeECXk9?= =?us-ascii?Q?/ySW+wCq5EzahoJHHmxpmKrqiQoljG0TY3hV?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2025 13:47:26.5448 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 35ac21a0-0fae-4a7f-cfbf-08ddf45e6814 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001D4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7238 Content-Type: text/plain; charset="utf-8" cpu_mitigations_off() is no longer needed because all bugs use attack vector controls to select a mitigation, and cpu_mitigations_off() is equivalent to no attack vectors being selected. Remove the few remaining unnecessary uses of this function in this file. Signed-off-by: David Kaplan Reviewed-by: Pawan Gupta --- arch/x86/kernel/cpu/bugs.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index fe57e890d56c..d52600b89d60 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -687,8 +687,7 @@ static const char * const mmio_strings[] =3D { =20 static void __init mmio_select_mitigation(void) { - if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) || - cpu_mitigations_off()) { + if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { mmio_mitigation =3D MMIO_MITIGATION_OFF; return; } @@ -3130,14 +3129,15 @@ static void __init srso_select_mitigation(void) =20 static void __init srso_update_mitigation(void) { + if (!boot_cpu_has_bug(X86_BUG_SRSO)) + return; + /* If retbleed is using IBPB, that works for SRSO as well */ if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB && boot_cpu_has(X86_FEATURE_IBPB_BRTYPE)) srso_mitigation =3D SRSO_MITIGATION_IBPB; =20 - if (boot_cpu_has_bug(X86_BUG_SRSO) && - !cpu_mitigations_off()) - pr_info("%s\n", srso_strings[srso_mitigation]); + pr_info("%s\n", srso_strings[srso_mitigation]); } =20 static void __init srso_apply_mitigation(void) --=20 2.34.1 From nobody Thu Oct 2 15:19:19 2025 Received: from BN8PR05CU002.outbound.protection.outlook.com (mail-eastus2azon11011057.outbound.protection.outlook.com [52.101.57.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B423631B808 for ; Mon, 15 Sep 2025 13:47:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.57.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944054; cv=fail; b=aO9Ns4OYOFq88xIfY39k8F1KuD9umg1ZEKMN0mOMAusrRAmTBhWFnxoc+Mlm6PMx0L+0wU+R8KRFONcR3FOH1XG2z9H+P1RgXZfRwmHrAmDANKlb0pThKZYD3Lkr80Vqp1rG6FRHrlylpysvYIEETw/wfVz1OTBUSGAXyRTqJm8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944054; c=relaxed/simple; bh=pAP0HZDC5hkjUB/uHcYJZj4dN0Rv+z+0tE9CDItUCfI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=PjPlweaXhVvoJVLfu4ZCWqQ4o06htnGkRQ4LwB3S7slKgDwxBrB0w/xywKTGxSvaT3P4e8lh2j5TwzJvRvbWxa0ZSMalBr07tjbQ2EbofCLKl/eBvHKH5QfOysi2WcwTnmYj1fvzMgIp+LyW8e4ka/dm/ZgRtHCWqpOaon0ySeo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Gyw3ivKH; arc=fail smtp.client-ip=52.101.57.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Gyw3ivKH" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cCCMtnoiZdk2/iYqRYg/xOEqCNa0J+XpjGPlJh3KKR53gpMKULx9oTzvKIh+jqA+oj0LBQUzS2GkoCK7DdcOrMWiMN1LFL2LnRKUZbQkKWjzLt6+s4WEE+e6SbVyy4YXN1gY5H0q++VXXwuPQp3ljh8ZqaM5cIKcsn8eU/qOnlzow6Acrvc22Zxy1WTaQnELATk9YIjNRz4zQLV1g0rzkISmvaIfwsiulxFleMsZSOY7dVkHOcjC3MHG8Kvz1v1VR+ihKOdfhXEllFSbzQ1L3bSKYNo94h7cHpFUES/5ZwqqU++R5E99CX2qSYwOlDT0Ftu3nxPKtq499i8HFto/nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yMcHlvm+fgxajDTFz/cq1jCbiG3/bxDjNX69dN2Hsn4=; b=qxfg0I/DEh2zNN1yhaF4h36Bof9McF9Aa7qsTGvsKnBtwR8Bi2u1OZHNqPXxHEAhElCtz9o/y7KnPl6fGKLDvFQiF1a+DD20uFvL6A1TloZygQhSBPdTD2bt2CzCQfiDwAkWP5qF7cenn5oofa1Hk/Z6XTkfiK5j+CsXLxJzlehrUkgUccvwo8uRfzbd7RzwnU46IKvBMel2ViqeuHTngpLG6PLW35Md4YlIMM2xu82KlygfM7ZVp/tfj6bbOyeukT9KsFoJHYbFhd1Sobvk0qVZVV3pow0j6xMVZUKTonSVE4I0IP2Xb0KCZFBwcMDtSkjhNnpytuMRm92nwfEjUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yMcHlvm+fgxajDTFz/cq1jCbiG3/bxDjNX69dN2Hsn4=; b=Gyw3ivKH7EGIYKi+ycsk0lprft+kIVdKtTnT3SmfdiQW9fhjjfWeoB2ZUq4jkC7oCvE/okUXBn3uG/MOnpn18nKi+dH5RDiIwCOQuYYtPJj5JcVpqlN1Z3GDV92ieOH/w+f6CpzEq+bhEZ1r3UdSuq46Bb25UKiWXRpVGCAd+sc= Received: from SJ0PR03CA0103.namprd03.prod.outlook.com (2603:10b6:a03:333::18) by SA1PR12MB6946.namprd12.prod.outlook.com (2603:10b6:806:24d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.33; Mon, 15 Sep 2025 13:47:27 +0000 Received: from SJ5PEPF000001D4.namprd05.prod.outlook.com (2603:10b6:a03:333:cafe::62) by SJ0PR03CA0103.outlook.office365.com (2603:10b6:a03:333::18) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.22 via Frontend Transport; Mon, 15 Sep 2025 13:47:27 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SJ5PEPF000001D4.mail.protection.outlook.com (10.167.242.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9137.12 via Frontend Transport; Mon, 15 Sep 2025 13:47:27 +0000 Received: from tiny.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 15 Sep 2025 06:47:24 -0700 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 5/7] x86/bugs: Fix spectre_v2 forcing Date: Mon, 15 Sep 2025 08:47:04 -0500 Message-ID: <20250915134706.3201818-6-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250915134706.3201818-1-david.kaplan@amd.com> References: <20250915134706.3201818-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001D4:EE_|SA1PR12MB6946:EE_ X-MS-Office365-Filtering-Correlation-Id: 26460b58-901a-4970-415d-08ddf45e686c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?IUjPS/wBFI9EJmY5KSgTNurfpJXG0ssmUUjppm0dCeXI1V0nhDvX1PXli76F?= =?us-ascii?Q?xj9cbJMAtQOF3+i+M/km3K7+wJfAZv01V74BFVMRRnikhmLjbAa/VubY65mU?= =?us-ascii?Q?oXCJ+wFAHPAAjKvQtX4UZNf7d60KkkEZ8DO3gOEJdRhGhzSSlk/2He9SsWjj?= =?us-ascii?Q?jPwJkbCqQtgh68tZ0RoLgl9jAjWAoN+9kRZQLTSSj9GBCG+de3HZYmJxsnPK?= =?us-ascii?Q?jz45amT6J965qGjpSqv/Sf2JAWGz5vMbtKevWa5ypuPkjPeJBu/eZbBn1X9T?= =?us-ascii?Q?wNSfuaySbOE/buGSUaIGNaxJihhMPwqX/Tw5HdRXRu2z3Dl4mEZEh+DNfcae?= =?us-ascii?Q?GHg9n0G04/uV8vzHdONgdkAEruZkY+QdgZBYJvHtlOnIVA8lApS7q/gljJHH?= =?us-ascii?Q?NriH2jZrqnWFD2zqQp99aEmoJA9/GujCrjbVwOMehYcPKATA7IGSzuJEVCg/?= =?us-ascii?Q?mfjt/o9th2ZWiyTAJ783ZpuVpCH4rysB7GVAlNN3h28fMSOUlwsPtzQLbbNz?= =?us-ascii?Q?5Na0XdRN4ocxf6Fsvg2xUOO9HQghiIcFI7w5RO530wze52r7bgK2tKxrK3+I?= =?us-ascii?Q?ZMXj3jou7Il1DHIVSFThngytzrMvpXqzjtQkxC3aL/KJhdJUwmqoCV+VwKhe?= =?us-ascii?Q?s+p8Kxe7sc9QXMpumUCw1v88x/TpbMBsk4eRSPC0xDlWJKJsK0Yvk6nuBcCU?= =?us-ascii?Q?RcsqQ5Nk48bCmoweTKWJ1mWue8aXrw19qunGDEcZiqCq5LcjfTiIHitq9dX/?= =?us-ascii?Q?CW7BL9WVGl6TcfN6VOOQYti5EkDK0/VKVQUq/bNpWbSENMxMDtYtc9/6GxDp?= =?us-ascii?Q?0bE0jYrDXJKuXPyVDOLsitZjCzz6CzYmlOtLxlFfS+CaBAYuO6sKf5JQ3nY3?= =?us-ascii?Q?SCbQKOFA3VhYiG5CpQWheM2gNCm5IPxkz2rhgZtE3O5g8dgJ8wXW9o7QLGDX?= =?us-ascii?Q?8mVhfhzjjoDXyk0GYB4Fq5Ox+uAVsMag6i1kqYtAE4B7YJ1TZAbUzWoVAMo/?= =?us-ascii?Q?k/UsI3GVJku/K05+cShjCEzqEL+Gsr2V5WLFLouL0tJwTGOXzpRsXgNTgobq?= =?us-ascii?Q?Hkshxy84wPNI+i/VIanQ/ei9CHz+wC6M7CTx3bAi42Vk/IKgTArxDTPsEp/9?= =?us-ascii?Q?UA5S3B2tQhMXw8mbbw0cwoeYMf44cs4PR24GBMlR+RNvGs/L0kuEgh7t3xiw?= =?us-ascii?Q?ve+Nn82QqDMV7zuQ8Zv/ocPbUVakcvY6AnaLMsZEyQswasZffWUULuELWndu?= =?us-ascii?Q?40XjMJra+MEpTsYBPg8xu39Na3NEi4PAF1W2KbnfKZvfA6slKQYn4kK5Xvhr?= =?us-ascii?Q?Bsz2JC+0W9kOJLquhPROy7Wrkiy0xTheTgWX1PHa16DJ/tE/QEq563lqkpSc?= =?us-ascii?Q?uLoV3EcZKF3cpot8nqYsc3zO4VCGPxxcYTfcTR7XEZ6h4vGddhLLwZSQqUk8?= =?us-ascii?Q?ij5R5muO4v1Jmqu+oIoM7RZoz7QItTAKRb6ACnrTFt5MN4+uwl3zkycQr2CK?= =?us-ascii?Q?a9EF9VpELMeoMTuxDl+ARJUWeYurhUjwUV4i?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2025 13:47:27.1176 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 26460b58-901a-4970-415d-08ddf45e686c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001D4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB6946 Content-Type: text/plain; charset="utf-8" There were two oddities with spectre_v2 command line options. First, any option other than 'off' or 'auto' would force spectre_v2 mitigations even if the CPU (hypothetically) wasn't vulnerable to spectre_v2. That was inconsistent with all the other bugs where mitigations are ignored unless an explicit 'force' option is specified. Second, even though spectre_v2 mitigations would be enabled in these cases, the X86_BUG_SPECTRE_V2 bit wasn't set. This is again inconsistent with the forcing behavior of other bugs and arguably incorrect as it doesn't make sense to enable a mitigation if the X86_BUG bit isn't set. Fix both issues by only forcing spectre_v2 mitigations when the 'spectre_v2=3Don' option is specified (which was already called SPECTRE_V2_CMD_FORCE) and setting the relevant X86_BUG_* bits in that case. This also allows for simplifying bhi_update_mitigation() because spectre_v2_cmd will now always be SPECTRE_V2_CMD_NONE if the CPU is immune to spectre_v2. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d52600b89d60..317c26e08827 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2057,29 +2057,32 @@ static int __init spectre_v2_parse_cmdline(char *st= r) if (nospectre_v2) return 0; =20 - if (!strcmp(str, "off")) + if (!strcmp(str, "off")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_NONE; - else if (!strcmp(str, "on")) + } else if (!strcmp(str, "on")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_FORCE; - else if (!strcmp(str, "retpoline")) + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2_USER); + } else if (!strcmp(str, "retpoline")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE; - else if (!strcmp(str, "retpoline,amd") || - !strcmp(str, "retpoline,lfence")) + } else if (!strcmp(str, "retpoline,amd") || + !strcmp(str, "retpoline,lfence")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE_LFENCE; - else if (!strcmp(str, "retpoline,generic")) + } else if (!strcmp(str, "retpoline,generic")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_RETPOLINE_GENERIC; - else if (!strcmp(str, "eibrs")) + } else if (!strcmp(str, "eibrs")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS; - else if (!strcmp(str, "eibrs,lfence")) + } else if (!strcmp(str, "eibrs,lfence")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS_LFENCE; - else if (!strcmp(str, "eibrs,retpoline")) + } else if (!strcmp(str, "eibrs,retpoline")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_EIBRS_RETPOLINE; - else if (!strcmp(str, "auto")) + } else if (!strcmp(str, "auto")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_AUTO; - else if (!strcmp(str, "ibrs")) + } else if (!strcmp(str, "ibrs")) { spectre_v2_cmd =3D SPECTRE_V2_CMD_IBRS; - else + } else { pr_err("Ignoring unknown spectre_v2 option (%s).", str); + } =20 return 0; } @@ -2232,10 +2235,6 @@ static void __init bhi_update_mitigation(void) { if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_NONE) bhi_mitigation =3D BHI_MITIGATION_OFF; - - if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && - spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_AUTO) - bhi_mitigation =3D BHI_MITIGATION_OFF; } =20 static void __init bhi_apply_mitigation(void) @@ -2321,9 +2320,10 @@ static void __init spectre_v2_select_mitigation(void) { spectre_v2_check_cmd(); =20 - if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && - (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_NONE || spectre_v2_cmd =3D=3D S= PECTRE_V2_CMD_AUTO)) + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) { + spectre_v2_cmd =3D SPECTRE_V2_CMD_NONE; return; + } =20 switch (spectre_v2_cmd) { case SPECTRE_V2_CMD_NONE: --=20 2.34.1 From nobody Thu Oct 2 15:19:19 2025 Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010062.outbound.protection.outlook.com [52.101.193.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C921531B811 for ; Mon, 15 Sep 2025 13:47:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.193.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944054; cv=fail; b=mVaCM7sfPJq/yekfFx+hI1w+MqiDBTz5kjojn1Py86NM9XuromLJcLrT7tx4v7YNDRyH0tXwo1zak2gW9cVJIEWE9DkxA2bCFqfdVcSJdotY0FGlKDZDvBSLqreGKHVG3F2nDuGnHquZk2nOiO6vwuhZTcfvra3rayJsfY5Pw+o= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944054; c=relaxed/simple; bh=jtpM+Wu9eCHkiLIXFitpmrIVk9IAP8MlkWGYpKgNj+8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nJxfnttcDKu2P1WcnCSrG+SxvjGqt4FSygcA7/BxFiFGpB/OXTMsdPPVU70BGZYFJT9rVj3k+jYu83/kdCI3V2dKXtQdqvGlVYwHxlTYHfo7v/nB6FWjo8B3hcZLtbDDxrbP3/PqzpRnf8i0KHdkBhQEZq/aViUKafXxKy72+E8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=CCNFEPXB; arc=fail smtp.client-ip=52.101.193.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="CCNFEPXB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qTGBfTf7FMd6PTBcKhWozdRTlQhKJJy8BqxoDRxfRkvK/qwkEZS+Mm2WYopObROU0fp7TOjYd0P4Bn0Xd8q+I0ZLlgtFJbDkiJ2yf5KQdQHm+5bxXAl+qbdw5uQXkKJPwmmrUCLe5MIl8KYVuxmyz8meeiZO+bV8CI6+Q5EpTYaL45inpESL8Ug2TTS5We9iBSl7sLZP9VGHkM9GeOC4RDb9IwL4UL6WXXTVL00eHLKqK98g+uTyrBf/pQOp+wrReUn8NLqW9nOyAzDjSyHyWpuTl6mCZZzEB5ZuFAKdV0N9P1U50DCCrGuIfyTTxBJZZq11KXUAQvKrWbO3lRdcsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YqwZCGEnaszxys0nMtUvCADxd4KxU4JMP21R5EAzslU=; b=Aacf+axGY54jpUJdBrG3qflOY8q4D3JeE6OZNAZ29fshlZoNxSJQK/rgMCgurijViu+CSWi+G5WVB7zcgBjlsG3WahnD6zBIQMUEtNReZ1nNUjoneRjMSss6mccYu5ldpNMSJgf5qem7ekU6wgpeN05eDTMUNP2pATn02AyT91/yFBr1Hz8IMr5/O/Sb+KEs2RgwPwBrdesKGG4VUVqVxeeJBWr+xVWGb7sxXguMrmiKIEf/9lyO9rxQloyOnNQT25A+oc8KFMhS00c59BsDZ4jUMvR21lqUt3roBoq0pEzALmq9j7Vn+itXaDqPTZDW6NY4NY/SEK6YE4OYZAxzHA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YqwZCGEnaszxys0nMtUvCADxd4KxU4JMP21R5EAzslU=; b=CCNFEPXBDkvbcIb2CvckYnICn74f3tz/65gIXSAXksBhKiDuXRaDKz6ZfRDu/o6RtiPxwxjcD3atZAlg97XxoEAGhTBSdAu4d3M4akDv0nrtSA6kXLnHkd8Aubj5WsHu0sVf35IjTjFzRyY1G1WwSMzl84fqIl+EC0avJwUvJvk= Received: from SJ0PR03CA0116.namprd03.prod.outlook.com (2603:10b6:a03:333::31) by MW4PR12MB6729.namprd12.prod.outlook.com (2603:10b6:303:1ed::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.22; Mon, 15 Sep 2025 13:47:27 +0000 Received: from SJ5PEPF000001D4.namprd05.prod.outlook.com (2603:10b6:a03:333:cafe::59) by SJ0PR03CA0116.outlook.office365.com (2603:10b6:a03:333::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.21 via Frontend Transport; Mon, 15 Sep 2025 13:47:27 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SJ5PEPF000001D4.mail.protection.outlook.com (10.167.242.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9137.12 via Frontend Transport; Mon, 15 Sep 2025 13:47:27 +0000 Received: from tiny.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 15 Sep 2025 06:47:25 -0700 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 6/7] x86/bugs: Fix reporting of LFENCE retpoline Date: Mon, 15 Sep 2025 08:47:05 -0500 Message-ID: <20250915134706.3201818-7-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250915134706.3201818-1-david.kaplan@amd.com> References: <20250915134706.3201818-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001D4:EE_|MW4PR12MB6729:EE_ X-MS-Office365-Filtering-Correlation-Id: 08c8d493-ec0f-457f-d0a1-08ddf45e68ce X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?041r3ciCl4clN74wwlOUALbnQenp51f9wXX14kAvVnMdiP3OLUQodvMCHI6B?= =?us-ascii?Q?Tx6YQ58fmyqiZ7wUvcVCx7hVYycQBSPktpUnVg6OtDNv6jgsloypvm2h1Niz?= =?us-ascii?Q?wZIl5EKdC11L17enSuTMSE+h+IGUgDN7fDSxpxbOCrkO/NRq3PUd0mPvJ91+?= =?us-ascii?Q?2zovRCTScgeVNAySfN8SAQ2P8ZB8shdk6aMtbe3X6RwDdw5uKk6UzQVQkpyT?= =?us-ascii?Q?rLhLSilmELlQFqWh84Z4gv1Wc1AM1hG4/gIb2SAJyxU6eQlXXQLwLyf3dxBo?= =?us-ascii?Q?PM5pAWnEHSS+Pi5IYFRIc9qoeVHULBWjcJjRqNkoSdyStkukKjdE+axiFhQ5?= =?us-ascii?Q?FXYdzXIQdhRXpHMtKkODww2hjdcbFZDKEnG9tpiJ65yrnZY9BV+cDy7VlEkj?= =?us-ascii?Q?KNENOFagG5ZU4rSh1Dwn/LfuyAoWK19GEc5cMjemy3yvJUUwb9oMdxVjavbo?= =?us-ascii?Q?CGv8kKw1a7RoYOi/sK3Shoi0cScVYzIEtDpRq72U+C0/6m0BNVEkSwlDYDNc?= =?us-ascii?Q?J17tSUnRswI9KRKIObA7gSRxXr5BPA4vwbk6jpq6wsVS/F0QKnp7YvqF2Q9D?= =?us-ascii?Q?5WkFgvzLgpybbT7VTrnEwVhPhWc0XdjMFcMcpNfPvkgWiRiRj2rOBP3H4/5C?= =?us-ascii?Q?HYkZDKLuUdfZOlzLf+f7+vI5OJ3rGuZrKuiWFhaHF01ZNf0YbulDVcGruPGc?= =?us-ascii?Q?yKV0rCydr8zezEUUsgmu/mBIXbXZmQ+Mn1GRhCgsAp8rCJWOXzgcwjjQ+9R3?= =?us-ascii?Q?94O9wZ1TuaDfZHD3rt5XPuaoHIS1i9Y3cuYtfb1sWwGdO1Ksy7jMkx7ucLBN?= =?us-ascii?Q?PsT3xMlTHm/bu1ny0tAb8SjiMybVFCI7fZF286DpQzeznp7xIYU5edvzmo/V?= =?us-ascii?Q?QzAowBnlnYHSPm4cRwoBML8QCSEaZaSqwgX/GwAko+QxFOC4De5XCihvlEKL?= =?us-ascii?Q?XreMHN5dV6kQAuOo4PkwVg7IDgNgIHQq0NGZT4OC2fv5rAByHOjbqWW90DK3?= =?us-ascii?Q?zX5E7NLDeuXzgl8+Z9SiOKG3pxfAID1O3ZHWRnthc0HEJk9B+GYlbiBEN/b3?= =?us-ascii?Q?dUur3rrjsAeLyDNTEROzhZkP6/EDRmB3z8AnCamQq/FtAm9B7JiMTHk06RiM?= =?us-ascii?Q?fTZnFiEfpojjfl0TyQlNPoEg1phjw/ly7ZJ5lfGDllvcHXmczQcXJxXkhKwF?= =?us-ascii?Q?HIMTX31xXBFmwGueeMYPLk2E21ZhuY8E9k8CdYL3eRvcbdkroxFX0EZYhKBl?= =?us-ascii?Q?Mvj+topA3VU7dDusKwEp05brq45cW2YGDUmFEAcZnP51UbFljsjd/RU6TH7m?= =?us-ascii?Q?YIRAxPuz3Id8F4+CrMX1KKenIFJjYdyxMXIsGqjM+24BPY2iqF545JMV6L/7?= =?us-ascii?Q?GydwnSjFlgfbasWOB1K4gPatJ2DA2H937gqA5O6GuHSrCp3jJEH+ExYx1qIl?= =?us-ascii?Q?gM9T1G6bUDIV6v0dJxv5cjHqOe8TTQEtGOIDwu99PRIAROThEM6f52OCyWrw?= =?us-ascii?Q?D73Lk36XlHYgbofoN/aeeoZ/8XPwLjblgr0N?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2025 13:47:27.7634 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 08c8d493-ec0f-457f-d0a1-08ddf45e68ce X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001D4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB6729 Content-Type: text/plain; charset="utf-8" The LFENCE retpoline mitigation is not secure but the kernel prints inconsistent messages about this fact. The dmesg log says 'Mitigation: LFENCE', implying the system is mitigated. But sysfs reports 'Vulnerable: LFENCE' implying the system (correctly) is not mitigated. Fix this by printing a consistent 'Vulnerable: LFENCE' string everywhere when this mitigation is selected. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 317c26e08827..1f3a20f6fac0 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2032,7 +2032,7 @@ static void __init spectre_v2_user_apply_mitigation(v= oid) static const char * const spectre_v2_strings[] =3D { [SPECTRE_V2_NONE] =3D "Vulnerable", [SPECTRE_V2_RETPOLINE] =3D "Mitigation: Retpolines", - [SPECTRE_V2_LFENCE] =3D "Mitigation: LFENCE", + [SPECTRE_V2_LFENCE] =3D "Vulnerable: LFENCE", [SPECTRE_V2_EIBRS] =3D "Mitigation: Enhanced / Automatic IBRS", [SPECTRE_V2_EIBRS_LFENCE] =3D "Mitigation: Enhanced / Automatic IBRS + L= FENCE", [SPECTRE_V2_EIBRS_RETPOLINE] =3D "Mitigation: Enhanced / Automatic IBRS = + Retpolines", @@ -3564,9 +3564,6 @@ static const char *spectre_bhi_state(void) =20 static ssize_t spectre_v2_show_state(char *buf) { - if (spectre_v2_enabled =3D=3D SPECTRE_V2_LFENCE) - return sysfs_emit(buf, "Vulnerable: LFENCE\n"); - if (spectre_v2_enabled =3D=3D SPECTRE_V2_EIBRS && unprivileged_ebpf_enabl= ed()) return sysfs_emit(buf, "Vulnerable: eIBRS with unprivileged eBPF\n"); =20 --=20 2.34.1 From nobody Thu Oct 2 15:19:19 2025 Received: from PH7PR06CU001.outbound.protection.outlook.com (mail-westus3azon11010002.outbound.protection.outlook.com [52.101.201.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C62D731AF0A for ; Mon, 15 Sep 2025 13:47:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.201.2 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944055; cv=fail; b=A7Sx3dJ38ue7d9va7xwezJn5iDljc7wz024PcV6Ff46J5bqdPmfdyixt111c+8hUEfJd6ly569URWrwwOC//EFJlpyyLerESPocOtQacYOiXeNWkyB2OH7cgYC3uuSpZG8+DcA4p9GoX2jxO6VrYAF5hJ3lL7lOVF7/KqZvmSEs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944055; c=relaxed/simple; bh=A5pwLm93xoGOAI4NXu2ZGIs3tn76LRDVqc8WLNIS04Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Vpx3i5c6BzIRVx0CH9yHIDpjTbj2FUQIPqAqFEKeI+j8P9DGVEBs2mgGAXcBvEVtHKaRJDEOCdg2iPUFw4cLSMoBYFiuCCUotI6FDa+vOZMEC2p5TjfsIyQe4h+NZK1buqwEBsefPdMXuNlsMihg21D1b5cwAdvfzF20vLAm+Ew= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=mcTxwESi; arc=fail smtp.client-ip=52.101.201.2 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="mcTxwESi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=e333NDpjfHdzQi1FQjFw4wNIS6cYHXrkRj7fua8TCYMb6PLQTRWLr5QHriO4PFzhvd3Bl3hMDgVLqJUi1iHpoBTZzsLySmijTWBL1PECWWV3vR3jMHgzASMQbciuORdZXm2cvgseppKqa9mpa287gaKqXRxllhYG5o74QzD3MltgaDdIrCMvtKpciamSC4G8M5BmMRahHlxPdtMd0msVWUlkY/JAS7konRb/LAT52gzLN8tW6hwtUpmYumTLh5yIIHAAhmjIPP80lUM5/ypZEe9rcgAubiC/DUXp2KNok7/gWg0CcHcnFAewtu+lqqLufPqW1zuHzlcP8fi/ODerbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=L7ajok5/qeNK4VVR8z5sS/GOIcZpGwAicu8NSM8XSmM=; b=Bx831inLOv6fDuGVNlqyQf/lArgBQqMTnhx3T3nGo9xdfHWa4QUeGPPrdzKc2LNKR8Q/WIGGaYpbid1TzAvA9MNO2mkOeHFCWHAlW4iN48dge9DawHvRmCb0aQP/xIzUpdWlHZbnQF+qaj/QzumdXgY97gpsi81+VtXbZ0jbKOgjHYgyX7su5G/86X4e/WKGMJiXG0l6vrIIzYCgF3pH1FWxJp7C01d7Z1ss1MiqWfpw91IJT3CdUAdLN5YhJRyujTvmsSBveaYaHktyz+mSBxrZB93QogeXD5kuaEbnX8K3Y8qKHzATYBXfxgiUKiY/kjsGmADgVZEtpgo5gQeKGQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L7ajok5/qeNK4VVR8z5sS/GOIcZpGwAicu8NSM8XSmM=; b=mcTxwESidGl2dFIZTwKuW1rArSQ37AloFQ14nLVUwYjNv3CrQEmW8SwAZ3Jyn4QnXdHFIVLc7qk+qavoxGRKx4nk3lkncBv2XOqf+i8mPUzVf6rM4Ibz33OorCU29wjaptl+ERXoPn5FkrUEU0JFAZH35yQbbtguBimonWQSiLA= Received: from SJ0PR03CA0109.namprd03.prod.outlook.com (2603:10b6:a03:333::24) by CH2PR12MB4310.namprd12.prod.outlook.com (2603:10b6:610:a9::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.22; Mon, 15 Sep 2025 13:47:28 +0000 Received: from SJ5PEPF000001D4.namprd05.prod.outlook.com (2603:10b6:a03:333:cafe::54) by SJ0PR03CA0109.outlook.office365.com (2603:10b6:a03:333::24) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9115.21 via Frontend Transport; Mon, 15 Sep 2025 13:47:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SJ5PEPF000001D4.mail.protection.outlook.com (10.167.242.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9137.12 via Frontend Transport; Mon, 15 Sep 2025 13:47:28 +0000 Received: from tiny.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 15 Sep 2025 06:47:25 -0700 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 7/7] x86/bugs: Report correct retbleed mitigation status Date: Mon, 15 Sep 2025 08:47:06 -0500 Message-ID: <20250915134706.3201818-8-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250915134706.3201818-1-david.kaplan@amd.com> References: <20250915134706.3201818-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001D4:EE_|CH2PR12MB4310:EE_ X-MS-Office365-Filtering-Correlation-Id: a79a2ed3-587e-4d45-6782-08ddf45e692e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?9VcuKWXi5ww6A7xxjjVhEiGXnzLzRS7J7DPKGoh1VL4fK5zo8wJJ+/qAnHzq?= =?us-ascii?Q?YHAJqbxZwTUaiommI4RwGv8Gvz5wSRfy5jcbhqzmV5xX0MxtpOE5f5hL2rmv?= =?us-ascii?Q?FpTtBe0eDrULg3Ufpz0kWzz+PY6NfX3EfbaZSzdH8dW/y8j92blV9OjbZJCF?= =?us-ascii?Q?L3slP0G/uE/v0XNOPVdRI2v5t+Td+Ub/effmMYLg+WfbikaXScZDpE/4CS+g?= =?us-ascii?Q?3PLLm1VcXMflq4jbv0yfRNwSHuhgR3Ota7ZDkJ9ZRBa0haeAV2JbgakT/jBJ?= =?us-ascii?Q?/Lyc7tHhDzxpZpA0x/6GqclGxj7pMfj6e4WLWUH5tU+0+jhlvKINs3tensMZ?= =?us-ascii?Q?4HqCcvfSBzdMvnuSOl1GYtvwYAUBSFcyibYj2Y3xjEZCfQYkGGGFvL3dZoZN?= =?us-ascii?Q?rOCNFoBvJJteL2qhRn3ZZ6C0/D9uvwd/CXpSzh+1jDW4jcCWdVthNpmQrVAJ?= =?us-ascii?Q?TPyfAwuP1ZadJsG0cdBqyGeYBdxQwUpQI8cPRsol9decQ5/Dbbv1IqPIYjwV?= =?us-ascii?Q?ElJYXuV1xkZ07mM7W5BNuQU31duYzmOHTlTiG70YgX/u/+24mCJ5JvCkodrl?= =?us-ascii?Q?nEUhz9DYJQAxG87lKPVrKgfBjcDaLOU+gs0UYvuIJk6bAzta8OAr4iWoJie0?= =?us-ascii?Q?KsiuTrin6mRMqapvkvwuhCJDtH6ZFBpnFoIhUTCnwgc3dJdn6rCD8bz1KPQ0?= =?us-ascii?Q?ML4Cabr+nSpv+nhaPTQKPiw15QoIXYBCtzW9axWBi2w/ameXx6O37epg9+Pk?= =?us-ascii?Q?d1nrsFo6GZc1lqf8gkzFxdcrlK2WRl1sUZOEtWW5VrCeKCcjzAua1eyx4zG1?= =?us-ascii?Q?1VQ82M8R9mmFqr9vgAlEmeE6gn9vktPjuGNoyQpeP9pNgfe3drpiYFmvArqi?= =?us-ascii?Q?Xwe5sSbpABwNWS2qh3Ygb8SA5d9jg8uCqCq1VfNISNRBu15elo4XUH14tbpz?= =?us-ascii?Q?36j1cBL078NOAlncR8Cr0Sh+wuCl5jNhVqYubslUIenBt06nrcVIAoj15yQk?= =?us-ascii?Q?AAL0BC2abViCHb90Sv4132ky7tnmYlZVvL+6gxWvRCVlG6sXhkKY68B0Lb1A?= =?us-ascii?Q?a9MfniO5hAXEvblPpPGpuFGYdt1qhuXbna1N/Sf/fRMNcEv8oe9M9UpH7nHc?= =?us-ascii?Q?ydrklEbSIXrJz0Dr1IaxpjCWVp73SdMaXPKIGFW5rxqOuVCqjR3zNIvo3EFK?= =?us-ascii?Q?7mZcfwHRIbgHRB5f8umpbukfUPCJU5gUnvhdcnbEKYe6GqlnqbGnO91eZrRE?= =?us-ascii?Q?DtdTV52WRjEUqGLqFTTm49silXiLREKGPXnMovzlsEg6ucLJBeZXnacKiCrm?= =?us-ascii?Q?htlXOvDOR9RRliDZVo3YgwodOs1wlrqQi3KQrJwzgdBivAt/1XSsTgL0pr6Q?= =?us-ascii?Q?Yrrbr9Vw0Wv1ND4/VcrpAgwrV8LHZuHNBHfsnnfUzpvluaDtIrmll2uh9y1p?= =?us-ascii?Q?Ss+GZ0sdddso7dBv+RMtDDCwNL3dKP11eFW+CnnapUQZ4hDhUgp5cZcSUA1q?= =?us-ascii?Q?KusLPMuBKXLkrnjionRoC2klM2eKgxaKDknJ?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2025 13:47:28.3883 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a79a2ed3-587e-4d45-6782-08ddf45e692e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001D4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4310 Content-Type: text/plain; charset="utf-8" On Intel CPUs, the default retbleed mitigation is IBRS/eIBRS but this requires that a similar spectre_v2 mitigation is applied. If the user selects a different spectre_v2 mitigation (like spectre_v2=3Dretpoline) a warning is printed but sysfs will still report 'Mitigation: IBRS' or 'Mitigation: Enhanced IBRS'. This is incorrect because retbleed is not mitigated, and IBRS is not actually set. Fix this by choosing RETBLEED_MITIGATION_NONE in this scenario so the kernel correctly reports the system as vulnerable to retbleed. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 1f3a20f6fac0..45c9605fc5c3 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1462,8 +1462,10 @@ static void __init retbleed_update_mitigation(void) retbleed_mitigation =3D RETBLEED_MITIGATION_EIBRS; break; default: - if (retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF) + if (retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF) { pr_err(RETBLEED_INTEL_MSG); + retbleed_mitigation =3D RETBLEED_MITIGATION_NONE; + } } } =20 --=20 2.34.1