Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752719AbeAJSEK (ORCPT + 1 other); Wed, 10 Jan 2018 13:04:10 -0500 Received: from mail-dm3nam03on0050.outbound.protection.outlook.com ([104.47.41.50]:6626 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752006AbeAJSDh (ORCPT ); Wed, 10 Jan 2018 13:03:37 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [tip:x86/pti] x86/spectre: Add boot time option to select Spectre v2 mitigation To: linux-kernel@vger.kernel.org, peterz@infradead.org, tim.c.chen@linux.intel.com, gregkh@linux-foundation.org, hpa@zytor.com, mingo@kernel.org, dwmw@amazon.co.uk, luto@amacapital.net, riel@redhat.com, dave.hansen@intel.com, keescook@google.com, ak@linux.intel.com, pjt@google.com, torvalds@linux-foundation.org, jikos@kernel.org, tglx@linutronix.de, linux-tip-commits@vger.kernel.org References: <1515508997-6154-4-git-send-email-dwmw@amazon.co.uk> From: Tom Lendacky Message-ID: <7689f631-7179-79f4-111b-418214432cc7@amd.com> Date: Wed, 10 Jan 2018 12:03:27 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR2201CA0062.namprd22.prod.outlook.com (10.174.103.15) To BN6PR12MB1138.namprd12.prod.outlook.com (10.168.226.140) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b553bb51-874c-4f33-cc16-08d5585477db X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603307)(7153060)(7193020);SRVR:BN6PR12MB1138; X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1138;3:m4TZXFHEUH0c8X/8epzyANKrl7rqMfKAztwARqC+UojHJHugiFFNeZD58VWRyf4F+weTQqkLJ147saMTeocKAKQofMzzg2pKsknfOLGZ/K37URsqnN2B4uvLFdaVJ1dIFDfv1T7c9Y4U77/oNqJYxOVca7O06fwQpy8+SSMarYZUYVrToae95XPJzh7WZQgbTq9Byj3z995yWT8FIfDJMP5QPfCpIoyJ3aaI2LeFNlMd1Tfb+2as7LoE9YuYlh0K;25:slz3JcWb+d7NQ88t3fqhFNbmgIVnzf1PS1O02nYBMMooGn/w/1DLNW0/QkhUF1PAbJdwo2IeDL2Wb2ImEfmc8Ofwbz0dqzV8JKndMZenzBXrvSsKopec8BVFVCU7U45Lah1iY5yd2pRZcue2SOaAr4nZ5Zq6pRKWX9/GyxsGF0eXv9BlIqx5nOaMPbntN9RAYeUgcTwKHdL+2ABHcX4Nqiqw8AX94cWIqpIF5aZOZmp/bf4kck9sOJ1M9xIfCtkMPuJ4/NlY3ZRO5D9BvFGwM1VyyMWGmf0NOQIgTJ+TRdF4k43KTVq+nP86XjdsbviJM7xNpFCR3997zS1U0WUlLg==;31:ZnQn/2ILv8ctmM4TDPb8PQ0fX3gLwMx297kGSuMO8INcZLtF6Ar+LqbSBNGcEjxzNwtRTQSwKvlNigWan7zV89gR9vvWYRDPbqgsEQ5iYZnY1HerWDKE2eNE2UDUtKoJNI9S7iaBJHfP3pDN9WbK3dVviIxgV3DXyAe1HLeSI10JmrsafcV4pno32Mq3aD9coXymD8L7YShZ3U2ditHYZzu1QQBU/uX49AGKn8u077o= X-MS-TrafficTypeDiagnostic: BN6PR12MB1138: X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1138;20:GvAECXoVMWlhatsysbYIyhUCnrCDlokNDRQrIuaztyy6mYHAeUMktVNQuPC4bABI7e8o7wv6IA3OasmZH88HlZAnVdt8Z5RnLHaaRDug7uD2aPJ7jAVFmsHBoZ5aXqpEiu/f6GygO2ULl+LCTe239oIJc6IBtfGq506n9DorL7taLLok5bI43xFnwjMqWY46uuRp5ihdv4QKSnzvlxYcmVSj4jzPJI+XdRn/K/T61Vj9XgxbZYTf1g/WA8hYgFEGC7ZKqFtqxXEAzdV4JGaRh7xh+VlmukIBc2gOL5MnN6aG7Cz30Qmgaas0Sl3Qjp5245zrEux2feKW2r0HP0sZT4izEkJeODyyl8yAzTm6CF/JmmLiOFaa56fJNrEsigBntTCTip2USSX+F9eO/Bbpley+PGiNcGo0DXxuQL9gEn5yFWMfaUKOofelCjYTB4bmBhFA19hFhkPaAnctTwiRcGD200ozercIEKFl6MpDsfblwCCBvImHGrKMl9nZXwaL X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(211936372134217)(42068640409301)(84791874153150)(153496737603132)(146755900322472)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231023)(944501075)(3002001)(6055026)(6041268)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123560045)(6072148)(201708071742011);SRVR:BN6PR12MB1138;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:BN6PR12MB1138; X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1138;4:CLow6Sq8aTRGVkP15u3lElS6i6ezMOxlRkEYiTnpkLNI3tZvPpj320VDTv5YqeSBaJ74YfQo2otCSj5R+ypvkgTEAvOmygmjU31gc0O4HExIAVVXHO0AYLKIk4IyH+AB1IVaJ0kCKd0mIBImVRvqw1StZiPGomatL+ax/5y0MAxKrNgD33nh6ad+yVL9znCrcnsx2laRqcQ3ztrZbZ34rN56tDokdIktCiIDKUl6PPtOZknViqFJRsyngXmBBGGIZWg7JXdZljtNpUuzVzJLRxh1zekwKY2Otk+RpHYSKaRixsuO0SoHZ9QdQxRJhmOuPMXnOvqbpWswMjLBAG1FOEe3xqYLBnrzk8lmF+XD0ULbl8K6/s+2JoOmXavK0/76Ld3YrNt/lgS8IYvIto/Q8VOSbURz5HRm/XKdAduJKyssFEd+/ws6/gR87Iumug6S0d3w0/T1JSR6ZkYRK0gYboGaNvAeYMngGCSFnyTlX0F1xGMaFd29j+aDf82VlPtzs9J6iNqw1fnP3IqjK3jYLA== X-Forefront-PRVS: 0548586081 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6049001)(396003)(366004)(39860400002)(376002)(346002)(39380400002)(199004)(189003)(24454002)(5660300001)(31696002)(36756003)(72206003)(64126003)(86362001)(7416002)(3260700006)(31686004)(16576012)(65826007)(6666003)(6246003)(478600001)(16526018)(25786009)(2950100002)(966005)(2906002)(7736002)(316002)(8936002)(58126008)(50466002)(81166006)(8676002)(81156014)(97736004)(53936002)(59450400001)(386003)(65956001)(305945005)(105586002)(65806001)(106356001)(52116002)(76176011)(53546011)(52146003)(2486003)(6306002)(23676004)(66066001)(47776003)(229853002)(77096006)(90366009)(6486002)(68736007)(83506002)(3846002)(6116002)(230700001)(921003)(1121003);DIR:OUT;SFP:1101;SCL:1;SRVR:BN6PR12MB1138;H:[10.236.65.116];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM4OzIzOlJMODBlMm5GRHNwNk9QNVp4QSs2NXMvT3Rw?= =?utf-8?B?WFVFNDdTR0RKYmtYcGVONHlHNDh6eTN5R3NNdzNJREhqbVFTS2FhMUIvOGhM?= =?utf-8?B?UTBkWmtMR2FMZys1bWNDSzVBc3NLN05UeUFDc0xqeVZtSXIyR2hHYUltQjlX?= =?utf-8?B?a0djcmIvUzZhdEhxaFVseDRiTVd4a24wZTZDWjRObGwzWGtsdGk0a3NESVA4?= =?utf-8?B?M1pxc2RRRGFmNHdkUE5JYURXNjAwSElvaEZYRmVobnN3MUl5NnNzL3hLenh0?= =?utf-8?B?WWtrbjlKZTVjMHZTVXMxV1Z5cmtXcjhReng4TnNYRWJ6NjVHQXVsZmQxVFhB?= =?utf-8?B?dG5mWHVCNno1bjYxMHlBK0hPbTlxZzQxdGRYOW8rVmg1Qmt2dFhrQ3BGREJH?= =?utf-8?B?WHRnSU9MNkphWko0RXprSGZYMWJqYXNtWXd2S3lIMFVWejgzSW1NdEdvSjN4?= =?utf-8?B?RFRKTGZhZHZmWWdBM1V6SEdQbFZVOHpjWlIwakJCZmttcVV0UW1IVmY2MGhD?= =?utf-8?B?Nk9UVE1BU1YwaUM0ZkpZV0wxY2IybEdRWVd4N2YrajVMcFIzNDMvNjBYS25Z?= =?utf-8?B?bExadlI3YzJIMVBGeXh2YWF3SThIWGFKdC8yaTFZRFZlYnlhbmZFdHZESllt?= =?utf-8?B?S2UxZUd3ZHNuZ1J4YURDV2RKWHBjc0xEUm4vUzFUQzVqM01LNzY1S1E2aFpt?= =?utf-8?B?SS81M0xzM053QWdtREJ3VUhDenoyd0dydmdPU3hBcWVRbzhOSFRSRk0yOHNO?= =?utf-8?B?UlJHN2F1TGMzU3k3ek1yQWV4TkM1SHEvYm13NFY5UDU4MEtCU2J2ZWduL1Bz?= =?utf-8?B?OWhMbWJKcGlRUzZ5S2VnRUhPbmQzZzdqUGpwbmR4MUEyLzBncWZBSnVjb1Rz?= =?utf-8?B?ODAvd2JVVVV1Z054L1B4ekVlRGNyMDN2MzA3OVFDMVpzbFBDZEI4NkRMNzVB?= =?utf-8?B?ZXB5YVFGTjQzRnNtSmZKWWhGdE92L2ZkUkZTazJlL2xCam5IQmlBMXJQQTA0?= =?utf-8?B?Z25OL1ZpN0JSeWRTblN6VVZ0RjZzUHJMYU5rSDh6RjVEdUZoVFA4ZzRIMDh6?= =?utf-8?B?cDFpSEp2d1RZOXM1UDZyTDh1WUZnWUw2ZExqOCtIbHk1Q00rNDg3MzlwZFRt?= =?utf-8?B?MVIrbUkyMm9WMk9HUmFqaXdacWpHVktrSUJoZ085Qm1GbFBITnJhTFgzbkF1?= =?utf-8?B?Z25xbVFZSysrTzRNSStwWUhJSkROZXpFT2trUTBOc2MyMS9BK29tYTBlN29s?= =?utf-8?B?bHJEcE02WnlQam5LV1BRTjNsRXA4V1dsOFlJSVNZcS9YdTM3REVQNGhFK3pX?= =?utf-8?B?aUg5VDJPejFEVkhRL2FwZFNOQXFpUW1EcHpFYlEvdDk4QXprU3NEWll3Q3NG?= =?utf-8?B?UkhyTytpYkZoZnFjWTZYcFVoekl0aGdqck1SUTlDQTJ6Ykpsdjh6MSs3QWlE?= =?utf-8?B?SUZPdkxCRnRtbXFDRVNlSEUvZDRqRS91VXc2T3BOM2RWN2RKYTNzSEY1M1Rz?= =?utf-8?B?Y2dnRndUMlV2OTFHQ05xdHAwaDNteE5NMElaa0xIMCtRZ0xCK3VPd2E1cEF1?= =?utf-8?B?QVR6djZQdWdvWUNBNDBnQ0hSVFJrTXRPL3hKVnFZTlZmd0RxNUl6ZUlsVFU4?= =?utf-8?B?b1c0S2dISC90anR2OFdNczNqSWlITjFQSFZIY1Y2OXBsbGw1VXFpaFc0UnVG?= =?utf-8?B?NGlzc0JsTks2TlpSSWl1UjMxT0JkNEloalZ0UUp1TS9EV3VmWHZmcklFUW43?= =?utf-8?B?TWRTc21GTjcrS2RkdHlXc2FVNFcvZkwyNlpjYjBWQndHZzc5MkRVekdYcXV6?= =?utf-8?B?ZEZuTHBUWXRVUnZQMWNjS2pkN1VIYXhaUkUvYi9KNEIvYUR5c0NkcitqQWp6?= =?utf-8?B?Z0ZVbWJJQ2lKQXd0UUtmRmpRK1dOVU83Nm1qc04ya2ViaVprVWYzaXQwNi9J?= =?utf-8?B?bVBOcFErS1hLR2tZRzhMSG0vZ1NQUm0xZ29ueC9BVHMwMks2SS9KdFhHcVdN?= =?utf-8?B?MWttSEF0OHdtSlBBNTZ0UUtld3NsUEUrTHhUUT09?= X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1138;6:BFkzGXZdCSOymld5FKPAXDE86kkpMDnLfWPldvRx0mG2t0n1a1n3gYUCkHJ9RU6SZSsMe3Gq6ybJQSUVpEsNNuchPaNRGj40afTClY014RRX3p9J5/68BzHWt8+nee/QL8uUjfBRQ2m8APhxWxXwK2DG+KQyGORAYbSqaTD75RXWEZOrDOLjICB3xKx8i2aLpDHkEueF/Ihvfiu9kol01U1ErzJ8uyqqmmZg+HBULP/3ReFgIx6+plia+CTMIcxyOqxp8GlhB3PjDwMWMCf3VtkgeohFzEt4fGWB06TawEe+CMNXJE9B3vliXPVCzZ61v+bM601YwsN84nNzSgVY90rMiOepxkRKqhDpkTnEoEY=;5:3Q4pW3VOA6iPUtWJTkiPHXEc7Kgmum6/TH9GSIPZpDwXnhdBPkkSMJ0j67pFyHo8OUpQ+3Psbj2z+igl8TXJ8lLtKUa0VhKnqI/zsGDlFLD0mgT+/VV7fKub0PzOj1xJdzynm5hujRFa3Gu/FOUMO/HL0cEMVD+K1HtxKKkljWQ=;24:wmnP0pjHSNUAI9GEJeeV8AUelpgioIzCAbbmZOF481X/Sr4Pr83k0cfIoxoJOu0M5BImjR4T18cglXYKyOUNsF9LsiQvV31kYjcTpRa3ZzA=;7:Sm/2gJ07+WdTEVgfb4xm3rI2IS7I3beaNrJfSmyUnNpzV9UpLgfcrKMl2SCPny2xvqhVXohIB2RLKzB+c8B/0PKoC6LoRNHUYRU18/7aeu9mkAvbL5p1LY3Avmsd6yscow/uxoBa+ZGUzhX28k9/B7eeHEqWN8je1mMMa/yaG4IlZP4Gnf0RiPF3HcVybNzo2jKrmz3XAtcYQ+Mw+6wWWw3aEiU3ROGl0TIoQR+vWfa2BI4jl94KWmGZnyLtgkuy SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1138;20:vwn8IeW3NJ+CYwp4Ip8pleUXSpnjtK9/B7K1GLKwrBH/cd/iaKXmryq+NBxSsDT3P3t61cbP2Ta5m9/Wmo+n+CrVc0g1qFFxrCmwZIrLCoVc/RRUI/nsVvrEIAow3CsSaoG5YKQccetDfuYKbbP0R6n4wQcuaVnB6+NmVnHR5K6UnL01vvegB0vbjai0ymjTPJlhgj02cIAMNBnw1cXT2Uo9KjaAxnk8M4nCzf+sdiMLo0bt6MLUaTgCuQv7cojH X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2018 18:03:32.0746 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b553bb51-874c-4f33-cc16-08d5585477db X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1138 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 1/10/2018 11:35 AM, tip-bot for David Woodhouse wrote: > Commit-ID: d569ded27d11bcb1643b14c54403910d9b3328b1 > Gitweb: https://git.kernel.org/tip/d569ded27d11bcb1643b14c54403910d9b3328b1 > Author: David Woodhouse > AuthorDate: Tue, 9 Jan 2018 14:43:09 +0000 > Committer: Thomas Gleixner > CommitDate: Wed, 10 Jan 2018 18:28:22 +0100 > > x86/spectre: Add boot time option to select Spectre v2 mitigation > > Add a spectre_v2= option to select the mitigation used for the indirect > branch speculation vulnerability. > > Currently, the only option available is retpoline, in its various forms. > This will be expanded to cover the new IBRS/IBPB microcode features. > > The RETPOLINE_AMD feature relies on a serializing LFENCE for speculation > control. For AMD hardware, only set RETPOLINE_AMD if LFENCE is a > serializing instruction, which is indicated by the LFENCE_RDTSC feature. > > [ tglx: Folded back the LFENCE/AMD fixes and reworked it so IBRS > integration becomes simple ] > > Signed-off-by: David Woodhouse > Signed-off-by: Thomas Gleixner > Cc: gnomes@lxorguk.ukuu.org.uk > Cc: Rik van Riel > Cc: Andi Kleen > Cc: Peter Zijlstra > Cc: Linus Torvalds > Cc: Jiri Kosina > Cc: Andy Lutomirski > Cc: Dave Hansen > Cc: Kees Cook > Cc: Tim Chen > Cc: Greg Kroah-Hartman > Cc: Paul Turner > Cc: Tom Lendacky > Link: https://lkml.kernel.org/r/1515508997-6154-4-git-send-email-dwmw@amazon.co.uk > > > --- > Documentation/admin-guide/kernel-parameters.txt | 28 +++++ > arch/x86/include/asm/nospec-branch.h | 10 ++ > arch/x86/kernel/cpu/bugs.c | 158 +++++++++++++++++++++++- > arch/x86/kernel/cpu/common.c | 4 - > 4 files changed, 195 insertions(+), 5 deletions(-) > ... > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 76ad6cb..5b96fed 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -11,6 +11,9 @@ > #include > #include > #include > + > +#include > +#include > #include > #include > #include > @@ -21,6 +24,8 @@ > #include > #include > > +static void __init spectre_v2_select_mitigation(void); > + > void __init check_bugs(void) > { > identify_boot_cpu(); > @@ -30,6 +35,9 @@ void __init check_bugs(void) > print_cpu_info(&boot_cpu_data); > } > > + /* Select the proper spectre mitigation before patching alternatives */ > + spectre_v2_select_mitigation(); > + > #ifdef CONFIG_X86_32 > /* > * Check whether we are able to run this kernel safely on SMP. > @@ -62,6 +70,153 @@ void __init check_bugs(void) > #endif > } > > +/* The kernel command line selection */ > +enum spectre_v2_mitigation_cmd { > + SPECTRE_V2_CMD_NONE, > + SPECTRE_V2_CMD_AUTO, > + SPECTRE_V2_CMD_FORCE, > + SPECTRE_V2_CMD_RETPOLINE, > + SPECTRE_V2_CMD_RETPOLINE_GENERIC, > + SPECTRE_V2_CMD_RETPOLINE_AMD, > +}; > + > +static const char *spectre_v2_strings[] = { > + [SPECTRE_V2_NONE] = "Vulnerable", > + [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", > + [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", > + [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", > + [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", > +}; > + > +#undef pr_fmt > +#define pr_fmt(fmt) "Spectre V2 mitigation: " fmt > + > +static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; > + > +static void __init spec2_print_if_insecure(const char *reason) > +{ > + if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) > + pr_info("%s\n", reason); > +} > + > +static void __init spec2_print_if_secure(const char *reason) > +{ > + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) > + pr_info("%s\n", reason); > +} > + > +static inline bool retp_compiler(void) > +{ > + return __is_defined(RETPOLINE); > +} > + > +static inline bool match_option(const char *arg, int arglen, const char *opt) > +{ > + int len = strlen(opt); > + > + return len == arglen && !strncmp(arg, opt, len); > +} > + > +static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) > +{ > + char arg[20]; > + int ret; > + > + ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, > + sizeof(arg)); > + if (ret > 0) { > + if (match_option(arg, ret, "off")) { > + goto disable; > + } else if (match_option(arg, ret, "on")) { > + spec2_print_if_secure("force enabled on command line."); > + return SPECTRE_V2_CMD_FORCE; > + } else if (match_option(arg, ret, "retpoline")) { > + spec2_print_if_insecure("retpoline selected on command line."); > + return SPECTRE_V2_CMD_RETPOLINE; > + } else if (match_option(arg, ret, "retpoline,amd")) { > + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { > + pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n"); > + return SPECTRE_V2_CMD_AUTO; > + } > + if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { > + pr_err("LFENCE not serializing. Switching to generic retpoline\n"); > + return SPECTRE_V2_CMD_RETPOLINE_GENERIC; > + } > + spec2_print_if_insecure("AMD retpoline selected on command line."); > + return SPECTRE_V2_CMD_RETPOLINE_AMD; > + } else if (match_option(arg, ret, "retpoline,generic")) { > + spec2_print_if_insecure("generic retpoline selected on command line."); > + return SPECTRE_V2_CMD_RETPOLINE_GENERIC; > + } else if (match_option(arg, ret, "auto")) { > + return SPECTRE_V2_CMD_AUTO; > + } > + } > + > + if (!cmdline_find_option_bool(boot_command_line, "nospectre_v2")) > + return SPECTRE_V2_CMD_AUTO; > +disable: > + spec2_print_if_insecure("disabled on command line."); > + return SPECTRE_V2_CMD_NONE; > +} > + > +static void __init spectre_v2_select_mitigation(void) > +{ > + enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); > + enum spectre_v2_mitigation mode = SPECTRE_V2_NONE; > + > + /* > + * If the CPU is not affected and the command line mode is NONE or AUTO > + * then nothing to do. > + */ > + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && > + (cmd == SPECTRE_V2_CMD_NONE || cmd == SPECTRE_V2_CMD_AUTO)) > + return; > + > + switch (cmd) { > + case SPECTRE_V2_CMD_NONE: > + return; > + > + case SPECTRE_V2_CMD_FORCE: > + /* FALLTRHU */ > + case SPECTRE_V2_CMD_AUTO: > + goto retpoline_auto; > + > + case SPECTRE_V2_CMD_RETPOLINE_AMD: > + if (IS_ENABLED(CONFIG_RETPOLINE)) > + goto retpoline_amd; > + break; > + case SPECTRE_V2_CMD_RETPOLINE_GENERIC: > + if (IS_ENABLED(CONFIG_RETPOLINE)) > + goto retpoline_generic; > + break; > + case SPECTRE_V2_CMD_RETPOLINE: > + if (IS_ENABLED(CONFIG_RETPOLINE)) > + goto retpoline_auto; > + break; > + } > + pr_err("kernel not compiled with retpoline; no mitigation available!"); > + return; > + > +retpoline_auto: > + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { Not specifying anything on the command line will get SPECTRE_V2_CMD_AUTO, so boot_cpu_has(X86_FEATURE_LFENCE_RDTSC) needs to be checked since it won't have been checked previously. Thanks, Tom > + retpoline_amd: > + mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : > + SPECTRE_V2_RETPOLINE_MINIMAL_AMD; > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > + } else { > + retpoline_generic: > + mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC : > + SPECTRE_V2_RETPOLINE_MINIMAL; > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > + } > + > + spectre_v2_enabled = mode; > + pr_info("%s\n", spectre_v2_strings[mode]); > +} > + > +#undef pr_fmt > + > #ifdef CONFIG_SYSFS > ssize_t cpu_show_meltdown(struct device *dev, > struct device_attribute *attr, char *buf) > @@ -86,6 +241,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev, > { > if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) > return sprintf(buf, "Not affected\n"); > - return sprintf(buf, "Vulnerable\n"); > + > + return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]); > } > #endif > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index 7a671d1..372ba3f 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -905,10 +905,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) > setup_force_cpu_bug(X86_BUG_SPECTRE_V1); > setup_force_cpu_bug(X86_BUG_SPECTRE_V2); > > -#ifdef CONFIG_RETPOLINE > - setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > -#endif > - > fpu__init_system(c); > > #ifdef CONFIG_X86_32 >