| Message ID | 20240423045548.1324969-1-song@kernel.org (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | arch/Kconfig: Move SPECULATION_MITIGATIONS to arch/Kconfig | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Not a local patch |
On Mon, Apr 22, 2024, Song Liu wrote: > SPECULATION_MITIGATIONS is currently defined only for x86. As a result, > IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) is always false for other > archs. f337a6a21e2f effectively set "mitigations=off" by default on > non-x86 archs, which is not desired behavior. Jakub observed this > change when running bpf selftests on s390 and arm64. > > Fix this by moving SPECULATION_MITIGATIONS to arch/Kconfig so that it is > available in all archs and thus can be used safely in kernel/cpu.c Yeah, it's a known issue that we've been slow to fix because we've haven't come to an agreement on exactly what the Kconfig should look like[1], though there's general consensus to add CPU_MITIGATIONS in common code[2][3]. I'll poke Josh's thread and make sure a fix gets into rc6. [1] https://lore.kernel.org/all/20240417001507.2264512-2-seanjc@google.com [2] https://lore.kernel.org/all/20240420000556.2645001-2-seanjc@google.com [3] https://lore.kernel.org/all/9d3c997264829d0e2b28718222724ae8f9e7d8b4.1713559768.git.jpoimboe@kernel.org
diff --git a/arch/Kconfig b/arch/Kconfig index 9f066785bb71..8f4af75005f8 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -1609,4 +1609,14 @@ config CC_HAS_SANE_FUNCTION_ALIGNMENT # strict alignment always, even with -falign-functions. def_bool CC_HAS_MIN_FUNCTION_ALIGNMENT || CC_IS_CLANG +menuconfig SPECULATION_MITIGATIONS + bool "Mitigations for speculative execution vulnerabilities" + default y + help + Say Y here to enable options which enable mitigations for + speculative execution hardware vulnerabilities. + + If you say N, all mitigations will be disabled. You really + should know what you are doing to say so. + endmenu diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 39886bab943a..50c890fce5e0 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2486,16 +2486,6 @@ config PREFIX_SYMBOLS def_bool y depends on CALL_PADDING && !CFI_CLANG -menuconfig SPECULATION_MITIGATIONS - bool "Mitigations for speculative execution vulnerabilities" - default y - help - Say Y here to enable options which enable mitigations for - speculative execution hardware vulnerabilities. - - If you say N, all mitigations will be disabled. You really - should know what you are doing to say so. - if SPECULATION_MITIGATIONS config MITIGATION_PAGE_TABLE_ISOLATION
SPECULATION_MITIGATIONS is currently defined only for x86. As a result, IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) is always false for other archs. f337a6a21e2f effectively set "mitigations=off" by default on non-x86 archs, which is not desired behavior. Jakub observed this change when running bpf selftests on s390 and arm64. Fix this by moving SPECULATION_MITIGATIONS to arch/Kconfig so that it is available in all archs and thus can be used safely in kernel/cpu.c Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") Cc: stable@vger.kernel.org Cc: Sean Christopherson <seanjc@google.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Daniel Sneddon <daniel.sneddon@linux.intel.com> Cc: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Song Liu <song@kernel.org> --- arch/Kconfig | 10 ++++++++++ arch/x86/Kconfig | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-)