Users cannot disable multiple CPU features with the kernel parameter
clearcpuid=. For example, "clearcpuid=154 clearcpuid=227" only disables
CPUID bit 154.
Previous to commit 0c2a3913d6f5 ("x86/fpu: Parse clearcpuid= as early XSAVE
argument") it was possible to pass multiple clearcpuid options as kernel
parameters using individual entries. With the new code it isn't easy to
replicate exactly that behaviour but a comma separated list can be easily
implemented, eg) "clearcpuid=154,227"
Make the clearcpuid parse a comma-separated list of values instead of only
a single value.
Signed-off-by: Prarit Bhargava <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: "H. Peter Anvin" <[email protected]>
Cc: Andi Kleen <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
.../admin-guide/kernel-parameters.txt | 10 ++++----
arch/x86/kernel/fpu/init.c | 25 ++++++++++++++-----
2 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 858b6c0b9a15..0084fb0a0781 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -559,11 +559,11 @@
systems.
clearcpuid=BITNUM [X86]
- Disable CPUID feature X for the kernel. See
- arch/x86/include/asm/cpufeatures.h for the valid bit
- numbers. Note the Linux specific bits are not necessarily
- stable over kernel options, but the vendor specific
- ones should be.
+ Disable the comma-separated list of CPUID features for
+ the kernel. See arch/x86/include/asm/cpufeatures.h for
+ the valid bit numbers. Note the Linux specific bits
+ are not necessarily stable over kernel options, but
+ the vendor specific ones should be.
Also note that user programs calling CPUID directly
or using the feature without checking anything
will still see it. This just prevents it from
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
index 6abd83572b01..14bb3ab769d2 100644
--- a/arch/x86/kernel/fpu/init.c
+++ b/arch/x86/kernel/fpu/init.c
@@ -251,7 +251,8 @@ static void __init fpu__init_parse_early_param(void)
{
char arg[32];
char *argptr = arg;
- int bit;
+ char *argptrend;
+ int bit, i, ret;
if (cmdline_find_option_bool(boot_command_line, "no387"))
setup_clear_cpu_cap(X86_FEATURE_FPU);
@@ -272,11 +273,23 @@ static void __init fpu__init_parse_early_param(void)
setup_clear_cpu_cap(X86_FEATURE_XSAVES);
if (cmdline_find_option(boot_command_line, "clearcpuid", arg,
- sizeof(arg)) &&
- get_option(&argptr, &bit) &&
- bit >= 0 &&
- bit < NCAPINTS * 32)
- setup_clear_cpu_cap(bit);
+ sizeof(arg))) {
+ argptrend = argptr + strlen(argptr) - 1;
+ for (i = 0; i < (argptrend - argptr); i++)
+ if (arg[i] == ',')
+ arg[i] = '\0';
+ while (argptr < argptrend) {
+ ret = kstrtoint(argptr, 10, &bit);
+ if (!ret && (bit >= 0 && bit < NCAPINTS * 32))
+ setup_clear_cpu_cap(bit);
+ else {
+ pr_warn("x86/fpu: clearcpuid invalid entry %s\n",
+ arg);
+ return;
+ }
+ argptr += strlen(argptr) + 1;
+ }
+ }
}
/*
--
2.17.2
On Thu, Feb 21, 2019 at 08:12:25AM -0500, Prarit Bhargava wrote:
> Users cannot disable multiple CPU features with the kernel parameter
> clearcpuid=. For example, "clearcpuid=154 clearcpuid=227" only disables
> CPUID bit 154.
>
> Previous to commit 0c2a3913d6f5 ("x86/fpu: Parse clearcpuid= as early XSAVE
> argument") it was possible to pass multiple clearcpuid options as kernel
> parameters using individual entries. With the new code it isn't easy to
> replicate exactly that behaviour but a comma separated list can be easily
> implemented, eg) "clearcpuid=154,227"
>
> Make the clearcpuid parse a comma-separated list of values instead of only
> a single value.
So I think the feature is broken as is; because it doesn't clear the
CPUID bits for userspace.
something along the lines of:
https://lkml.kernel.org/r/[email protected]
would be required to make it so.
On Thu, Feb 21, 2019 at 08:12:25AM -0500, Prarit Bhargava wrote:
> Users cannot disable multiple CPU features with the kernel parameter
> clearcpuid=. For example, "clearcpuid=154 clearcpuid=227" only disables
> CPUID bit 154.
>
> Previous to commit 0c2a3913d6f5 ("x86/fpu: Parse clearcpuid= as early XSAVE
> argument") it was possible to pass multiple clearcpuid options as kernel
> parameters using individual entries. With the new code it isn't easy to
> replicate exactly that behaviour but a comma separated list can be easily
> implemented, eg) "clearcpuid=154,227"
>
> Make the clearcpuid parse a comma-separated list of values instead of only
> a single value.
Can we also please kill the value thing entirely and only accept
strings. Having to reverse engineer the numbers is madness.
Also, wth would you want to disable XSAVE and EPB ?
On Thu, Feb 21, 2019 at 02:37:45PM +0100, Peter Zijlstra wrote:
> On Thu, Feb 21, 2019 at 08:12:25AM -0500, Prarit Bhargava wrote:
> > Users cannot disable multiple CPU features with the kernel parameter
> > clearcpuid=. For example, "clearcpuid=154 clearcpuid=227" only disables
> > CPUID bit 154.
> >
> > Previous to commit 0c2a3913d6f5 ("x86/fpu: Parse clearcpuid= as early XSAVE
> > argument") it was possible to pass multiple clearcpuid options as kernel
> > parameters using individual entries. With the new code it isn't easy to
> > replicate exactly that behaviour but a comma separated list can be easily
> > implemented, eg) "clearcpuid=154,227"
> >
> > Make the clearcpuid parse a comma-separated list of values instead of only
> > a single value.
>
> So I think the feature is broken as is; because it doesn't clear the
> CPUID bits for userspace.
Usually it's enough to make the kernel stop using something. I used it many
times for this.
People who want to affect user space usually run VMs anyways.
-Andi
On 2/21/19 1:58 PM, Andi Kleen wrote:
> On Thu, Feb 21, 2019 at 02:37:45PM +0100, Peter Zijlstra wrote:
>> On Thu, Feb 21, 2019 at 08:12:25AM -0500, Prarit Bhargava wrote:
>>> Users cannot disable multiple CPU features with the kernel parameter
>>> clearcpuid=. For example, "clearcpuid=154 clearcpuid=227" only disables
>>> CPUID bit 154.
>>>
>>> Previous to commit 0c2a3913d6f5 ("x86/fpu: Parse clearcpuid= as early XSAVE
>>> argument") it was possible to pass multiple clearcpuid options as kernel
>>> parameters using individual entries. With the new code it isn't easy to
>>> replicate exactly that behaviour but a comma separated list can be easily
>>> implemented, eg) "clearcpuid=154,227"
>>>
>>> Make the clearcpuid parse a comma-separated list of values instead of only
>>> a single value.
>>
>> So I think the feature is broken as is; because it doesn't clear the
>> CPUID bits for userspace.
>
> Usually it's enough to make the kernel stop using something. I used it many
> times for this.
>
> People who want to affect user space usually run VMs anyways.
Disabling AVX and/or AVX512, SMT and SMX are all use cases. Andi is correct --
this is to stop the kernel from using the feature. The Documentation is clear
on that:
Also note that user programs calling CPUID directly
or using the feature without checking anything
will still see it. This just prevents it from
being used by the kernel or shown in /proc/cpuinfo.
P.
>
> -Andi
>
On 2/21/19 8:48 AM, Peter Zijlstra wrote:
> On Thu, Feb 21, 2019 at 08:12:25AM -0500, Prarit Bhargava wrote:
>> Users cannot disable multiple CPU features with the kernel parameter
>> clearcpuid=. For example, "clearcpuid=154 clearcpuid=227" only disables
>> CPUID bit 154.
>>
>> Previous to commit 0c2a3913d6f5 ("x86/fpu: Parse clearcpuid= as early XSAVE
>> argument") it was possible to pass multiple clearcpuid options as kernel
>> parameters using individual entries. With the new code it isn't easy to
>> replicate exactly that behaviour but a comma separated list can be easily
>> implemented, eg) "clearcpuid=154,227"
>>
>> Make the clearcpuid parse a comma-separated list of values instead of only
>> a single value.
>
> Can we also please kill the value thing entirely and only accept
> strings. Having to reverse engineer the numbers is madness.
>
> Also, wth would you want to disable XSAVE and EPB ?
>
It looks like Fenghua has implemented this here:
https://marc.info/?l=linux-kernel&m=154908490105208&w=2
so please drop this patch.
Thanks,
P.