3 files changed, 63 insertions, 0 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 858b6c0b9a15..720ffa9c4e04 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2513,6 +2513,30 @@
                        in the "bleeding edge" mini2440 support kernel at
                        http://repo.or.cz/w/linux-2.6/mini2440.git
+        mitigations=
+                        Control optional mitigations for CPU vulnerabilities.
+                        This is a set of curated, arch-independent options, each
+                        of which is an aggregation of existing arch-specific
+                        options.
+                        off
+                                Disable all optional CPU mitigations.  This
+                                improves system performance, but it may also
+                                expose users to several CPU vulnerabilities.
+                        auto (default)
+                                Mitigate all CPU vulnerabilities, but leave SMT
+                                enabled, even if it's vulnerable.  This is for
+                                users who don't want to be surprised by SMT
+                                getting disabled across kernel upgrades, or who
+                                have other ways of avoiding SMT-based attacks.
+                                This is the default behavior.
+                        auto,nosmt
+                                Mitigate all CPU vulnerabilities, disabling SMT
+                                if needed.  This is for users who always want to
+                                be fully mitigated, even if it means losing SMT.
        mminit_loglevel=
                        [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
                        parameter allows control of the logging verbosity for
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index 5041357d0297..2d9c6f4b78f5 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -187,4 +187,28 @@ static inline void cpu_smt_disable(bool force) { }
 static inline void cpu_smt_check_topology(void) { }
 #endif
+/*
+ * These are used for a global "mitigations=" cmdline option for toggling
+ * optional CPU mitigations.
+ */
+enum cpu_mitigations {
+        CPU_MITIGATIONS_OFF,
+        CPU_MITIGATIONS_AUTO,
+        CPU_MITIGATIONS_AUTO_NOSMT,
+};
+extern enum cpu_mitigations cpu_mitigations;
+/* mitigations=off */
+static inline bool cpu_mitigations_off(void)
+{
+        return cpu_mitigations == CPU_MITIGATIONS_OFF;
+}
+/* mitigations=auto,nosmt */
+static inline bool cpu_mitigations_auto_nosmt(void)
+{
+        return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT;
+}
 #endif /* _LINUX_CPU_H_ */
diff --git a/kernel/cpu.c b/kernel/cpu.c
index d1c6d152da89..e70a90634b41 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2279,3 +2279,18 @@ void __init boot_cpu_hotplug_init(void)
 #endif
        this_cpu_write(cpuhp_state.state, CPUHP_ONLINE);
 }
+enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO;
+static int __init mitigations_parse_cmdline(char *arg)
+{
+        if (!strcmp(arg, "off"))
+                cpu_mitigations = CPU_MITIGATIONS_OFF;
+        else if (!strcmp(arg, "auto"))
+                cpu_mitigations = CPU_MITIGATIONS_AUTO;
+        else if (!strcmp(arg, "auto,nosmt"))
+                cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
+        return 0;
+}
+early_param("mitigations", mitigations_parse_cmdline);

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 858b6c0b9a15..720ffa9c4e04 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2513,6 +2513,30 @@
2513	in the "bleeding edge" mini2440 support kernel at	2513	in the "bleeding edge" mini2440 support kernel at
2514	http://repo.or.cz/w/linux-2.6/mini2440.git	2514	http://repo.or.cz/w/linux-2.6/mini2440.git
2515		2515
		2516	mitigations=
		2517	Control optional mitigations for CPU vulnerabilities.
		2518	This is a set of curated, arch-independent options, each
		2519	of which is an aggregation of existing arch-specific
		2520	options.
		2521
		2522	off
		2523	Disable all optional CPU mitigations. This
		2524	improves system performance, but it may also
		2525	expose users to several CPU vulnerabilities.
		2526
		2527	auto (default)
		2528	Mitigate all CPU vulnerabilities, but leave SMT
		2529	enabled, even if it's vulnerable. This is for
		2530	users who don't want to be surprised by SMT
		2531	getting disabled across kernel upgrades, or who
		2532	have other ways of avoiding SMT-based attacks.
		2533	This is the default behavior.
		2534
		2535	auto,nosmt
		2536	Mitigate all CPU vulnerabilities, disabling SMT
		2537	if needed. This is for users who always want to
		2538	be fully mitigated, even if it means losing SMT.
		2539
2516	mminit_loglevel=	2540	mminit_loglevel=
2517	[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this	2541	[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
2518	parameter allows control of the logging verbosity for	2542	parameter allows control of the logging verbosity for


diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 5041357d0297..2d9c6f4b78f5 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h
@@ -187,4 +187,28 @@ static inline void cpu_smt_disable(bool force) { }
187	static inline void cpu_smt_check_topology(void) { }	187	static inline void cpu_smt_check_topology(void) { }
188	#endif	188	#endif
189		189
		190	/*
		191	* These are used for a global "mitigations=" cmdline option for toggling
		192	* optional CPU mitigations.
		193	*/
		194	enum cpu_mitigations {
		195	CPU_MITIGATIONS_OFF,
		196	CPU_MITIGATIONS_AUTO,
		197	CPU_MITIGATIONS_AUTO_NOSMT,
		198	};
		199
		200	extern enum cpu_mitigations cpu_mitigations;
		201
		202	/* mitigations=off */
		203	static inline bool cpu_mitigations_off(void)
		204	{
		205	return cpu_mitigations == CPU_MITIGATIONS_OFF;
		206	}
		207
		208	/* mitigations=auto,nosmt */
		209	static inline bool cpu_mitigations_auto_nosmt(void)
		210	{
		211	return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT;
		212	}
		213
190	#endif /* _LINUX_CPU_H_ */	214	#endif /* _LINUX_CPU_H_ */


diff --git a/kernel/cpu.c b/kernel/cpu.c index d1c6d152da89..e70a90634b41 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c
@@ -2279,3 +2279,18 @@ void __init boot_cpu_hotplug_init(void)
2279	#endif	2279	#endif
2280	this_cpu_write(cpuhp_state.state, CPUHP_ONLINE);	2280	this_cpu_write(cpuhp_state.state, CPUHP_ONLINE);
2281	}	2281	}
		2282
		2283	enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO;
		2284
		2285	static int __init mitigations_parse_cmdline(char *arg)
		2286	{
		2287	if (!strcmp(arg, "off"))
		2288	cpu_mitigations = CPU_MITIGATIONS_OFF;
		2289	else if (!strcmp(arg, "auto"))
		2290	cpu_mitigations = CPU_MITIGATIONS_AUTO;
		2291	else if (!strcmp(arg, "auto,nosmt"))
		2292	cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
		2293
		2294	return 0;
		2295	}
		2296	early_param("mitigations", mitigations_parse_cmdline);