Merge branch 'core/speculation' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git

Pull in the command line updates from the tip tree so the MDS parts can be added.
author: Thomas Gleixner <tglx@linutronix.de> 2019-04-17 15:38:16 -0400
committer: Thomas Gleixner <tglx@linutronix.de> 2019-04-17 15:55:31 -0400
commit: e9fee6fe08eef51cd9a7455d18b9011f1e463f22 (patch)
tree: 12df824e278d3bf25644cbb1f680e69044b02d07
parent: e2c3c94788b08891dcf3dbe608f9880523ecd71b (diff)
parent: 0336e04a6520bdaefdb0769d2a70084fa52e81ed (diff)
8 files changed, 89 insertions, 8 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 8f04985d3122..9aa3543a8723 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2539,6 +2539,38 @@
                        in the "bleeding edge" mini2440 support kernel at
                        http://repo.or.cz/w/linux-2.6/mini2440.git
+        mitigations=
+                        [X86,PPC,S390] Control optional mitigations for CPU
+                        vulnerabilities.  This is a set of curated,
+                        arch-independent options, each of which is an
+                        aggregation of existing arch-specific options.
+                        off
+                                Disable all optional CPU mitigations.  This
+                                improves system performance, but it may also
+                                expose users to several CPU vulnerabilities.
+                                Equivalent to: nopti [X86,PPC]
+                                               nospectre_v1 [PPC]
+                                               nobp=0 [S390]
+                                               nospectre_v2 [X86,PPC,S390]
+                                               spectre_v2_user=off [X86]
+                                               spec_store_bypass_disable=off [X86,PPC]
+                                               l1tf=off [X86]
+                        auto (default)
+                                Mitigate all CPU vulnerabilities, but leave SMT
+                                enabled, even if it's vulnerable.  This is for
+                                users who don't want to be surprised by SMT
+                                getting disabled across kernel upgrades, or who
+                                have other ways of avoiding SMT-based attacks.
+                                Equivalent to: (default behavior)
+                        auto,nosmt
+                                Mitigate all CPU vulnerabilities, disabling SMT
+                                if needed.  This is for users who always want to
+                                be fully mitigated, even if it means losing SMT.
+                                Equivalent to: l1tf=flush,nosmt [X86]
        mminit_loglevel=
                        [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
                        parameter allows control of the logging verbosity for
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 9b8631533e02..cdf3e73000e9 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -57,7 +57,7 @@ void setup_barrier_nospec(void)
        enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
                 security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR);
-        if (!no_nospec)
+        if (!no_nospec && !cpu_mitigations_off())
                enable_barrier_nospec(enable);
 }
@@ -116,7 +116,7 @@ static int __init handle_nospectre_v2(char *p)
 early_param("nospectre_v2", handle_nospectre_v2);
 void setup_spectre_v2(void)
 {
-        if (no_spectrev2)
+        if (no_spectrev2 || cpu_mitigations_off())
                do_btb_flush_fixups();
        else
                btb_flush_enabled = true;
@@ -307,7 +307,7 @@ void setup_stf_barrier(void)
        stf_enabled_flush_types = type;
-        if (!no_stf_barrier)
+        if (!no_stf_barrier && !cpu_mitigations_off())
                stf_barrier_enable(enable);
 }
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 236c1151a3a7..c7ec27ba8926 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -958,7 +958,7 @@ void setup_rfi_flush(enum l1d_flush_type types, bool enable)
        enabled_flush_types = types;
-        if (!no_rfi_flush)
+        if (!no_rfi_flush && !cpu_mitigations_off())
                rfi_flush_enable(enable);
 }
diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c
index bdddaae96559..649135cbedd5 100644
--- a/arch/s390/kernel/nospec-branch.c
+++ b/arch/s390/kernel/nospec-branch.c
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0
 #include <linux/module.h>
 #include <linux/device.h>
+#include <linux/cpu.h>
 #include <asm/nospec-branch.h>
 static int __init nobp_setup_early(char *str)
@@ -58,7 +59,7 @@ early_param("nospectre_v2", nospectre_v2_setup_early);
 void __init nospec_auto_detect(void)
 {
-        if (test_facility(156)) {
+        if (test_facility(156) || cpu_mitigations_off()) {
                /*
                 * The machine supports etokens.
                 * Disable expolines and disable nobp.
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 6b8a55c7cebc..3c5c3c3ba734 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -506,7 +506,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
        char arg[20];
        int ret, i;
-        if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
+        if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") ||
+            cpu_mitigations_off())
                return SPECTRE_V2_CMD_NONE;
        ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
@@ -771,7 +772,8 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
        char arg[20];
        int ret, i;
-        if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) {
+        if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") ||
+            cpu_mitigations_off()) {
                return SPEC_STORE_BYPASS_CMD_NONE;
        } else {
                ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
@@ -1095,6 +1097,11 @@ static void __init l1tf_select_mitigation(void)
        if (!boot_cpu_has_bug(X86_BUG_L1TF))
                return;
+        if (cpu_mitigations_off())
+                l1tf_mitigation = L1TF_MITIGATION_OFF;
+        else if (cpu_mitigations_auto_nosmt())
+                l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT;
        override_cache_bits(&boot_cpu_data);
        switch (l1tf_mitigation) {
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 4fee5c3003ed..5890f09bfc19 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -35,6 +35,7 @@
 #include <linux/spinlock.h>
 #include <linux/mm.h>
 #include <linux/uaccess.h>
+#include <linux/cpu.h>
 #include <asm/cpufeature.h>
 #include <asm/hypervisor.h>
@@ -115,7 +116,8 @@ void __init pti_check_boottime_disable(void)
                }
        }
-        if (cmdline_find_option_bool(boot_command_line, "nopti")) {
+        if (cmdline_find_option_bool(boot_command_line, "nopti") ||
+            cpu_mitigations_off()) {
                pti_mode = PTI_FORCE_OFF;
                pti_print_if_insecure("disabled on command line.");
                return;
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index 3c87ad888ed3..57ae83c4d5f4 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -189,4 +189,28 @@ static inline void cpu_smt_disable(bool force) { }
 static inline void cpu_smt_check_topology(void) { }
 #endif
+/*
+ * These are used for a global "mitigations=" cmdline option for toggling
+ * optional CPU mitigations.
+ */
+enum cpu_mitigations {
+        CPU_MITIGATIONS_OFF,
+        CPU_MITIGATIONS_AUTO,
+        CPU_MITIGATIONS_AUTO_NOSMT,
+};
+extern enum cpu_mitigations cpu_mitigations;
+/* mitigations=off */
+static inline bool cpu_mitigations_off(void)
+{
+        return cpu_mitigations == CPU_MITIGATIONS_OFF;
+}
+/* mitigations=auto,nosmt */
+static inline bool cpu_mitigations_auto_nosmt(void)
+{
+        return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT;
+}
 #endif /* _LINUX_CPU_H_ */
diff --git a/kernel/cpu.c b/kernel/cpu.c
index d1c6d152da89..e70a90634b41 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2279,3 +2279,18 @@ void __init boot_cpu_hotplug_init(void)
 #endif
        this_cpu_write(cpuhp_state.state, CPUHP_ONLINE);
 }
+enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO;
+static int __init mitigations_parse_cmdline(char *arg)
+{
+        if (!strcmp(arg, "off"))
+                cpu_mitigations = CPU_MITIGATIONS_OFF;
+        else if (!strcmp(arg, "auto"))
+                cpu_mitigations = CPU_MITIGATIONS_AUTO;
+        else if (!strcmp(arg, "auto,nosmt"))
+                cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
+        return 0;
+}
+early_param("mitigations", mitigations_parse_cmdline);
author	Thomas Gleixner <tglx@linutronix.de>	2019-04-17 15:38:16 -0400
committer	Thomas Gleixner <tglx@linutronix.de>	2019-04-17 15:55:31 -0400
commit	e9fee6fe08eef51cd9a7455d18b9011f1e463f22 (patch)
tree	12df824e278d3bf25644cbb1f680e69044b02d07
parent	e2c3c94788b08891dcf3dbe608f9880523ecd71b (diff)
parent	0336e04a6520bdaefdb0769d2a70084fa52e81ed (diff)