| Message ID | 5f70df57b19bbccc4a0d5d76134b4681c9a50b0b.1554396090.git.jpoimboe@redhat.com (mailing list archive) |
|---|---|
| State | RFC |
| Headers | show |
| Series | cpu/speculation: Add 'cpu_spec_mitigations=' cmdline options | expand |
On 04/04/2019 17:44, Josh Poimboeuf wrote: > Configure arm64 runtime CPU speculation bug mitigations in accordance > with the 'cpu_spec_mitigations=' cmdline options. This affects > Meltdown and Speculative Store Bypass. > > The default behavior is unchanged. > > Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> > --- > Documentation/admin-guide/kernel-parameters.txt | 2 ++ > arch/arm64/kernel/cpu_errata.c | 4 ++++ > arch/arm64/kernel/cpufeature.c | 6 ++++++ > 3 files changed, 12 insertions(+) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index e838af96daa4..0b54385ee7a8 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -2553,11 +2553,13 @@ > off > Disable all speculative CPU mitigations. > Equivalent to: nopti [x86, powerpc] > + kpti=0 [arm64] > nospectre_v1 [powerpc] > nospectre_v2 [x86, powerpc, s390] > spectre_v2_user=off [x86] > nobp=0 [s390] > spec_store_bypass_disable=off [x86, powerpc] > + ssbd=force-off [arm64] > l1tf=off [x86] > > auto (default) > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c > index 9950bb0cbd52..db8d27e3fb1c 100644 > --- a/arch/arm64/kernel/cpu_errata.c > +++ b/arch/arm64/kernel/cpu_errata.c > @@ -19,6 +19,7 @@ > #include <linux/arm-smccc.h> > #include <linux/psci.h> > #include <linux/types.h> > +#include <linux/cpu.h> > #include <asm/cpu.h> > #include <asm/cputype.h> > #include <asm/cpufeature.h> > @@ -385,6 +386,9 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, > return false; > } > > + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) > + ssbd_state = ARM64_SSBD_FORCE_DISABLE; > + > switch (psci_ops.conduit) { > case PSCI_CONDUIT_HVC: > arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > index 4061de10cea6..4512b582d50f 100644 > --- a/arch/arm64/kernel/cpufeature.c > +++ b/arch/arm64/kernel/cpufeature.c > @@ -25,6 +25,7 @@ > #include <linux/stop_machine.h> > #include <linux/types.h> > #include <linux/mm.h> > +#include <linux/cpu.h> > #include <asm/cpu.h> > #include <asm/cpufeature.h> > #include <asm/cpu_ops.h> > @@ -978,6 +979,11 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, > __kpti_forced = -1; > } > > + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) { > + str = "cpu_spec_mitigations=off"; Might also be worth changing the initialisation of str, currently it is: > char const *str = "command line option"; But now we have two command line options, perhaps "kpti command line option". Steve > + __kpti_forced = -1; > + } > + > /* Forced? */ > if (__kpti_forced) { > pr_info_once("kernel page table isolation forced %s by %s\n", >
On Fri, Apr 05, 2019 at 03:39:58PM +0100, Steven Price wrote: > On 04/04/2019 17:44, Josh Poimboeuf wrote: > > Configure arm64 runtime CPU speculation bug mitigations in accordance > > with the 'cpu_spec_mitigations=' cmdline options. This affects > > Meltdown and Speculative Store Bypass. > > > > The default behavior is unchanged. > > > > Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> > > --- > > Documentation/admin-guide/kernel-parameters.txt | 2 ++ > > arch/arm64/kernel/cpu_errata.c | 4 ++++ > > arch/arm64/kernel/cpufeature.c | 6 ++++++ > > 3 files changed, 12 insertions(+) > > > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > > index e838af96daa4..0b54385ee7a8 100644 > > --- a/Documentation/admin-guide/kernel-parameters.txt > > +++ b/Documentation/admin-guide/kernel-parameters.txt > > @@ -2553,11 +2553,13 @@ > > off > > Disable all speculative CPU mitigations. > > Equivalent to: nopti [x86, powerpc] > > + kpti=0 [arm64] > > nospectre_v1 [powerpc] > > nospectre_v2 [x86, powerpc, s390] > > spectre_v2_user=off [x86] > > nobp=0 [s390] > > spec_store_bypass_disable=off [x86, powerpc] > > + ssbd=force-off [arm64] > > l1tf=off [x86] > > > > auto (default) > > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c > > index 9950bb0cbd52..db8d27e3fb1c 100644 > > --- a/arch/arm64/kernel/cpu_errata.c > > +++ b/arch/arm64/kernel/cpu_errata.c > > @@ -19,6 +19,7 @@ > > #include <linux/arm-smccc.h> > > #include <linux/psci.h> > > #include <linux/types.h> > > +#include <linux/cpu.h> > > #include <asm/cpu.h> > > #include <asm/cputype.h> > > #include <asm/cpufeature.h> > > @@ -385,6 +386,9 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, > > return false; > > } > > > > + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) > > + ssbd_state = ARM64_SSBD_FORCE_DISABLE; > > + > > switch (psci_ops.conduit) { > > case PSCI_CONDUIT_HVC: > > arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, > > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > > index 4061de10cea6..4512b582d50f 100644 > > --- a/arch/arm64/kernel/cpufeature.c > > +++ b/arch/arm64/kernel/cpufeature.c > > @@ -25,6 +25,7 @@ > > #include <linux/stop_machine.h> > > #include <linux/types.h> > > #include <linux/mm.h> > > +#include <linux/cpu.h> > > #include <asm/cpu.h> > > #include <asm/cpufeature.h> > > #include <asm/cpu_ops.h> > > @@ -978,6 +979,11 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, > > __kpti_forced = -1; > > } > > > > + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) { > > + str = "cpu_spec_mitigations=off"; > > Might also be worth changing the initialisation of str, currently it is: > > > char const *str = "command line option"; > > But now we have two command line options, perhaps "kpti command line > option". Yes, agreed, thanks.
Hi Josh, On Thu, Apr 04, 2019 at 11:44:15AM -0500, Josh Poimboeuf wrote: > Configure arm64 runtime CPU speculation bug mitigations in accordance > with the 'cpu_spec_mitigations=' cmdline options. This affects > Meltdown and Speculative Store Bypass. > > The default behavior is unchanged. > > Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> > --- > Documentation/admin-guide/kernel-parameters.txt | 2 ++ > arch/arm64/kernel/cpu_errata.c | 4 ++++ > arch/arm64/kernel/cpufeature.c | 6 ++++++ > 3 files changed, 12 insertions(+) Just wanted to make you aware that this is probably going to conflict badly with some patches we have pending to hook up the sysfs entries: http://lists.infradead.org/pipermail/linux-arm-kernel/2019-March/640326.html That patch series isn't quite there yet, so I'm expecting a v7, but I think it will change the shape of this patch quite a lot. Will
On Fri, Apr 05, 2019 at 03:44:14PM +0100, Will Deacon wrote: > Hi Josh, > > On Thu, Apr 04, 2019 at 11:44:15AM -0500, Josh Poimboeuf wrote: > > Configure arm64 runtime CPU speculation bug mitigations in accordance > > with the 'cpu_spec_mitigations=' cmdline options. This affects > > Meltdown and Speculative Store Bypass. > > > > The default behavior is unchanged. > > > > Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> > > --- > > Documentation/admin-guide/kernel-parameters.txt | 2 ++ > > arch/arm64/kernel/cpu_errata.c | 4 ++++ > > arch/arm64/kernel/cpufeature.c | 6 ++++++ > > 3 files changed, 12 insertions(+) > > Just wanted to make you aware that this is probably going to conflict badly > with some patches we have pending to hook up the sysfs entries: > > http://lists.infradead.org/pipermail/linux-arm-kernel/2019-March/640326.html > > That patch series isn't quite there yet, so I'm expecting a v7, but I think > it will change the shape of this patch quite a lot. Thanks for the heads up Will. I will drop the arm64 patch for now then.
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index e838af96daa4..0b54385ee7a8 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2553,11 +2553,13 @@ off Disable all speculative CPU mitigations. Equivalent to: nopti [x86, powerpc] + kpti=0 [arm64] nospectre_v1 [powerpc] nospectre_v2 [x86, powerpc, s390] spectre_v2_user=off [x86] nobp=0 [s390] spec_store_bypass_disable=off [x86, powerpc] + ssbd=force-off [arm64] l1tf=off [x86] auto (default) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 9950bb0cbd52..db8d27e3fb1c 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -19,6 +19,7 @@ #include <linux/arm-smccc.h> #include <linux/psci.h> #include <linux/types.h> +#include <linux/cpu.h> #include <asm/cpu.h> #include <asm/cputype.h> #include <asm/cpufeature.h> @@ -385,6 +386,9 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return false; } + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) + ssbd_state = ARM64_SSBD_FORCE_DISABLE; + switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4061de10cea6..4512b582d50f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -25,6 +25,7 @@ #include <linux/stop_machine.h> #include <linux/types.h> #include <linux/mm.h> +#include <linux/cpu.h> #include <asm/cpu.h> #include <asm/cpufeature.h> #include <asm/cpu_ops.h> @@ -978,6 +979,11 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, __kpti_forced = -1; } + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) { + str = "cpu_spec_mitigations=off"; + __kpti_forced = -1; + } + /* Forced? */ if (__kpti_forced) { pr_info_once("kernel page table isolation forced %s by %s\n",
Configure arm64 runtime CPU speculation bug mitigations in accordance with the 'cpu_spec_mitigations=' cmdline options. This affects Meltdown and Speculative Store Bypass. The default behavior is unchanged. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> --- Documentation/admin-guide/kernel-parameters.txt | 2 ++ arch/arm64/kernel/cpu_errata.c | 4 ++++ arch/arm64/kernel/cpufeature.c | 6 ++++++ 3 files changed, 12 insertions(+)