• Josh Poimboeuf's avatar
    cpu/speculation: Add 'mitigations=' cmdline option · beb5611c
    Josh Poimboeuf authored
    Keeping track of the number of mitigations for all the CPU speculation
    bugs has become overwhelming for many users.  It's getting more and more
    complicated to decide which mitigations are needed for a given
    architecture.  Complicating matters is the fact that each arch tends to
    have its own custom way to mitigate the same vulnerability.
    
    Most users fall into a few basic categories:
    
    a) they want all mitigations off;
    
    b) they want all reasonable mitigations on, with SMT enabled even if
       it's vulnerable; or
    
    c) they want all reasonable mitigations on, with SMT disabled if
       vulnerable.
    
    Define a set of curated, arch-independent options, each of which is an
    aggregation of existing options:
    
    - mitigations=off: Disable all mitigations.
    
    - mitigations=auto: [default] Enable all the default mitigations, but
      leave SMT enabled, even if it's vulnerable.
    
    - mitigations=auto,nosmt: Enable all the default mitigations, disabling
      SMT if needed by a mitigation.
    
    Currently, these options are placeholders which don't actually do
    anything.  They will be fleshed out in upcoming patches.
    Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
    Reviewed-by: default avatarJiri Kosina <jkosina@suse.cz>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: "H . Peter Anvin" <hpa@zytor.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Jiri Kosina <jikos@kernel.org>
    Cc: Waiman Long <longman@redhat.com>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Jon Masters <jcm@redhat.com>
    Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Cc: Paul Mackerras <paulus@samba.org>
    Cc: Michael Ellerman <mpe@ellerman.id.au>
    Cc: linuxppc-dev@lists.ozlabs.org
    Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
    Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
    Cc: linux-s390@vger.kernel.org
    Cc: Catalin Marinas <catalin.marinas@arm.com>
    Cc: Will Deacon <will.deacon@arm.com>
    Cc: linux-arm-kernel@lists.infradead.org
    Cc: linux-arch@vger.kernel.org
    Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Cc: Tyler Hicks <tyhicks@canonical.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Randy Dunlap <rdunlap@infradead.org>
    Cc: Steven Price <steven.price@arm.com>
    Cc: Phil Auld <pauld@redhat.com>
    Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com
    
    CVE-2017-5715
    CVE-2017-5754
    CVE-2018-3639
    CVE-2018-3620
    CVE-2018-3646
    
    (backported from commit 98af8452 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git)
    [juergh: Adjusted file path Documentation/kernel-parameters.txt.)]
    Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
    Acked-by: default avatarTyler Hicks <tyhicks@canonical.com>
    Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    beb5611c
cpu.c 27.5 KB