Hello,
I think dmesg/sysfs output messages are not suitable if retpoline config is off:
I intentionally compiled the kernel 4.15.0 with CONFIG_RETPOLINE=n for test and
boot it with the following kernel command line option to check dmesg/sysfs:
(a) no command line option or "spectre_v2=on" or "spectre_v2=auto"
$ dmesg | grep -i spectre
[ 0.017714] Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Minimal generic ASM retpoline
(b) "spectre_v2=off"
$ dmesg | grep -i spectre
[ 0.017002] Spectre V2 mitigation: disabled on command line.
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Vulnerable
(c) "spectre_v2=retpoline"
$ dmesg | grep -i spectre
[ 0.018002] Spectre V2 mitigation: kernel not compiled with retpoline; no mitigation available!
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Vulnerable
I think the output of (c) is correct for this case, or are these outputs actually right?
Also, the output of (a) is the same with following condition:
(1) CONFIG_RETPOLINE=n, and
(2) CONFIG_RETPOLINE=y but the compiler did not support retpoline
These cannot be distinguished unless option of (c) is explicitly used.
Regards,
Tomohiro Misono
Hi Misono-san,
At 01/30/2018 12:52 PM, Misono, Tomohiro wrote:
> Hello,
>
> I think dmesg/sysfs output messages are not suitable if retpoline config is off:
>
> I intentionally compiled the kernel 4.15.0 with CONFIG_RETPOLINE=n for test and
> boot it with the following kernel command line option to check dmesg/sysfs:
>
> (a) no command line option or "spectre_v2=on" or "spectre_v2=auto"
> $ dmesg | grep -i spectre
> [ 0.017714] Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline
> $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
> Minimal generic ASM retpoline
>
> (b) "spectre_v2=off"
> $ dmesg | grep -i spectre
> [ 0.017002] Spectre V2 mitigation: disabled on command line.
> $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
> Vulnerable
>
> (c) "spectre_v2=retpoline"
> $ dmesg | grep -i spectre
> [ 0.018002] Spectre V2 mitigation: kernel not compiled with retpoline; no mitigation available!
> $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
> Vulnerable
>
> I think the output of (c) is correct for this case, or are these outputs actually right?
>
> Also, the output of (a) is the same with following condition:
> (1) CONFIG_RETPOLINE=n, and
> (2) CONFIG_RETPOLINE=y but the compiler did not support retpoline
> These cannot be distinguished unless option of (c) is explicitly used.
>
+Cc maintainers and x86 mail list... first.
IMO, Selecting 'on' or 'auto' to "spectre_v2=" should also consider the
setting of the CONFIG_RETPOLINE configuration option.
So, check if CONFIG_RETPOLINE is y before setup CPU capability.
Thanks,
dou.
--------------8<-----------------------------
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 390b3dc3d438..10188f856099 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -193,8 +193,9 @@ static void __init spectre_v2_select_mitigation(void)
case SPECTRE_V2_CMD_FORCE:
/* FALLTRHU */
case SPECTRE_V2_CMD_AUTO:
- goto retpoline_auto;
-
+ if (IS_ENABLED(CONFIG_RETPOLINE))
+ goto retpoline_auto;
+ break;
case SPECTRE_V2_CMD_RETPOLINE_AMD:
if (IS_ENABLED(CONFIG_RETPOLINE))
goto retpoline_amd;
> Regards,
> Tomohiro Misono
>
>
>
>
Commit-ID: 9471eee9186a46893726e22ebb54cade3f9bc043
Gitweb: https://git.kernel.org/tip/9471eee9186a46893726e22ebb54cade3f9bc043
Author: Dou Liyang <[email protected]>
AuthorDate: Tue, 30 Jan 2018 14:13:50 +0800
Committer: Thomas Gleixner <[email protected]>
CommitDate: Tue, 30 Jan 2018 15:30:35 +0100
x86/spectre: Check CONFIG_RETPOLINE in command line parser
The spectre_v2 option 'auto' does not check whether CONFIG_RETPOLINE is
enabled. As a consequence it fails to emit the appropriate warning and sets
feature flags which have no effect at all.
Add the missing IS_ENABLED() check.
Fixes: da285121560e ("x86/spectre: Add boot time option to select Spectre v2 mitigation")
Signed-off-by: Dou Liyang <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: Tomohiro" <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
---
arch/x86/kernel/cpu/bugs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 3bfb2b2..400c34e 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -213,10 +213,10 @@ static void __init spectre_v2_select_mitigation(void)
return;
case SPECTRE_V2_CMD_FORCE:
- /* FALLTRHU */
case SPECTRE_V2_CMD_AUTO:
- goto retpoline_auto;
-
+ if (IS_ENABLED(CONFIG_RETPOLINE))
+ goto retpoline_auto;
+ break;
case SPECTRE_V2_CMD_RETPOLINE_AMD:
if (IS_ENABLED(CONFIG_RETPOLINE))
goto retpoline_amd;