diff options
| -rw-r--r-- | Documentation/admin-guide/kernel-parameters.txt | 12 | ||||
| -rw-r--r-- | arch/x86/kernel/cpu/bugs.c | 34 |
2 files changed, 35 insertions, 11 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index f405281bb202..05a252e5178d 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt | |||
| @@ -4241,11 +4241,23 @@ | |||
| 4241 | per thread. The mitigation control state | 4241 | per thread. The mitigation control state |
| 4242 | is inherited on fork. | 4242 | is inherited on fork. |
| 4243 | 4243 | ||
| 4244 | prctl,ibpb | ||
| 4245 | - Like "prctl" above, but only STIBP is | ||
| 4246 | controlled per thread. IBPB is issued | ||
| 4247 | always when switching between different user | ||
| 4248 | space processes. | ||
| 4249 | |||
| 4244 | seccomp | 4250 | seccomp |
| 4245 | - Same as "prctl" above, but all seccomp | 4251 | - Same as "prctl" above, but all seccomp |
| 4246 | threads will enable the mitigation unless | 4252 | threads will enable the mitigation unless |
| 4247 | they explicitly opt out. | 4253 | they explicitly opt out. |
| 4248 | 4254 | ||
| 4255 | seccomp,ibpb | ||
| 4256 | - Like "seccomp" above, but only STIBP is | ||
| 4257 | controlled per thread. IBPB is issued | ||
| 4258 | always when switching between different | ||
| 4259 | user space processes. | ||
| 4260 | |||
| 4249 | auto - Kernel selects the mitigation depending on | 4261 | auto - Kernel selects the mitigation depending on |
| 4250 | the available CPU features and vulnerability. | 4262 | the available CPU features and vulnerability. |
| 4251 | 4263 | ||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index c9e304960534..500278f5308e 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c | |||
| @@ -256,7 +256,9 @@ enum spectre_v2_user_cmd { | |||
| 256 | SPECTRE_V2_USER_CMD_AUTO, | 256 | SPECTRE_V2_USER_CMD_AUTO, |
| 257 | SPECTRE_V2_USER_CMD_FORCE, | 257 | SPECTRE_V2_USER_CMD_FORCE, |
| 258 | SPECTRE_V2_USER_CMD_PRCTL, | 258 | SPECTRE_V2_USER_CMD_PRCTL, |
| 259 | SPECTRE_V2_USER_CMD_PRCTL_IBPB, | ||
| 259 | SPECTRE_V2_USER_CMD_SECCOMP, | 260 | SPECTRE_V2_USER_CMD_SECCOMP, |
| 261 | SPECTRE_V2_USER_CMD_SECCOMP_IBPB, | ||
| 260 | }; | 262 | }; |
| 261 | 263 | ||
| 262 | static const char * const spectre_v2_user_strings[] = { | 264 | static const char * const spectre_v2_user_strings[] = { |
| @@ -271,11 +273,13 @@ static const struct { | |||
| 271 | enum spectre_v2_user_cmd cmd; | 273 | enum spectre_v2_user_cmd cmd; |
| 272 | bool secure; | 274 | bool secure; |
| 273 | } v2_user_options[] __initdata = { | 275 | } v2_user_options[] __initdata = { |
| 274 | { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, | 276 | { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, |
| 275 | { "off", SPECTRE_V2_USER_CMD_NONE, false }, | 277 | { "off", SPECTRE_V2_USER_CMD_NONE, false }, |
| 276 | { "on", SPECTRE_V2_USER_CMD_FORCE, true }, | 278 | { "on", SPECTRE_V2_USER_CMD_FORCE, true }, |
| 277 | { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, | 279 | { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, |
| 278 | { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, | 280 | { "prctl,ibpb", SPECTRE_V2_USER_CMD_PRCTL_IBPB, false }, |
| 281 | { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, | ||
| 282 | { "seccomp,ibpb", SPECTRE_V2_USER_CMD_SECCOMP_IBPB, false }, | ||
| 279 | }; | 283 | }; |
| 280 | 284 | ||
| 281 | static void __init spec_v2_user_print_cond(const char *reason, bool secure) | 285 | static void __init spec_v2_user_print_cond(const char *reason, bool secure) |
| @@ -321,6 +325,7 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) | |||
| 321 | { | 325 | { |
| 322 | enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE; | 326 | enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE; |
| 323 | bool smt_possible = IS_ENABLED(CONFIG_SMP); | 327 | bool smt_possible = IS_ENABLED(CONFIG_SMP); |
| 328 | enum spectre_v2_user_cmd cmd; | ||
| 324 | 329 | ||
| 325 | if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) | 330 | if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) |
| 326 | return; | 331 | return; |
| @@ -329,17 +334,20 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) | |||
| 329 | cpu_smt_control == CPU_SMT_NOT_SUPPORTED) | 334 | cpu_smt_control == CPU_SMT_NOT_SUPPORTED) |
| 330 | smt_possible = false; | 335 | smt_possible = false; |
| 331 | 336 | ||
| 332 | switch (spectre_v2_parse_user_cmdline(v2_cmd)) { | 337 | cmd = spectre_v2_parse_user_cmdline(v2_cmd); |
| 338 | switch (cmd) { | ||
| 333 | case SPECTRE_V2_USER_CMD_NONE: | 339 | case SPECTRE_V2_USER_CMD_NONE: |
| 334 | goto set_mode; | 340 | goto set_mode; |
| 335 | case SPECTRE_V2_USER_CMD_FORCE: | 341 | case SPECTRE_V2_USER_CMD_FORCE: |
| 336 | mode = SPECTRE_V2_USER_STRICT; | 342 | mode = SPECTRE_V2_USER_STRICT; |
| 337 | break; | 343 | break; |
| 338 | case SPECTRE_V2_USER_CMD_PRCTL: | 344 | case SPECTRE_V2_USER_CMD_PRCTL: |
| 345 | case SPECTRE_V2_USER_CMD_PRCTL_IBPB: | ||
| 339 | mode = SPECTRE_V2_USER_PRCTL; | 346 | mode = SPECTRE_V2_USER_PRCTL; |
| 340 | break; | 347 | break; |
| 341 | case SPECTRE_V2_USER_CMD_AUTO: | 348 | case SPECTRE_V2_USER_CMD_AUTO: |
| 342 | case SPECTRE_V2_USER_CMD_SECCOMP: | 349 | case SPECTRE_V2_USER_CMD_SECCOMP: |
| 350 | case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: | ||
| 343 | if (IS_ENABLED(CONFIG_SECCOMP)) | 351 | if (IS_ENABLED(CONFIG_SECCOMP)) |
| 344 | mode = SPECTRE_V2_USER_SECCOMP; | 352 | mode = SPECTRE_V2_USER_SECCOMP; |
| 345 | else | 353 | else |
| @@ -351,12 +359,15 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) | |||
| 351 | if (boot_cpu_has(X86_FEATURE_IBPB)) { | 359 | if (boot_cpu_has(X86_FEATURE_IBPB)) { |
| 352 | setup_force_cpu_cap(X86_FEATURE_USE_IBPB); | 360 | setup_force_cpu_cap(X86_FEATURE_USE_IBPB); |
| 353 | 361 | ||
| 354 | switch (mode) { | 362 | switch (cmd) { |
| 355 | case SPECTRE_V2_USER_STRICT: | 363 | case SPECTRE_V2_USER_CMD_FORCE: |
| 364 | case SPECTRE_V2_USER_CMD_PRCTL_IBPB: | ||
| 365 | case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: | ||
| 356 | static_branch_enable(&switch_mm_always_ibpb); | 366 | static_branch_enable(&switch_mm_always_ibpb); |
| 357 | break; | 367 | break; |
| 358 | case SPECTRE_V2_USER_PRCTL: | 368 | case SPECTRE_V2_USER_CMD_PRCTL: |
| 359 | case SPECTRE_V2_USER_SECCOMP: | 369 | case SPECTRE_V2_USER_CMD_AUTO: |
| 370 | case SPECTRE_V2_USER_CMD_SECCOMP: | ||
| 360 | static_branch_enable(&switch_mm_cond_ibpb); | 371 | static_branch_enable(&switch_mm_cond_ibpb); |
| 361 | break; | 372 | break; |
| 362 | default: | 373 | default: |
| @@ -364,7 +375,8 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) | |||
| 364 | } | 375 | } |
| 365 | 376 | ||
| 366 | pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", | 377 | pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", |
| 367 | mode == SPECTRE_V2_USER_STRICT ? "always-on" : "conditional"); | 378 | static_key_enabled(&switch_mm_always_ibpb) ? |
| 379 | "always-on" : "conditional"); | ||
| 368 | } | 380 | } |
| 369 | 381 | ||
| 370 | /* If enhanced IBRS is enabled no STIPB required */ | 382 | /* If enhanced IBRS is enabled no STIPB required */ |