Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752866AbeAJSdh (ORCPT + 1 other); Wed, 10 Jan 2018 13:33:37 -0500 Received: from mail-dm3nam03on0058.outbound.protection.outlook.com ([104.47.41.58]:16560 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751417AbeAJSdb (ORCPT ); Wed, 10 Jan 2018 13:33:31 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [tip:x86/pti] x86/spectre: Add boot time option to select Spectre v2 mitigation To: mingo@kernel.org, peterz@infradead.org, linux-kernel@vger.kernel.org, ak@linux.intel.com, hpa@zytor.com, dave.hansen@intel.com, riel@redhat.com, torvalds@linux-foundation.org, luto@amacapital.net, gregkh@linux-foundation.org, tglx@linutronix.de, jikos@kernel.org, tim.c.chen@linux.intel.com, pjt@google.com, dwmw@amazon.co.uk, keescook@google.com, linux-tip-commits@vger.kernel.org References: <1515508997-6154-4-git-send-email-dwmw@amazon.co.uk> From: Tom Lendacky Message-ID: <1835548e-8f64-9e3b-59c2-9391ec5b7f13@amd.com> Date: Wed, 10 Jan 2018 12:33:22 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR13CA0023.namprd13.prod.outlook.com (10.169.208.33) To MWHPR12MB1149.namprd12.prod.outlook.com (10.169.204.13) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 3655d369-f66e-48b3-3872-08d55858a4f8 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020);SRVR:MWHPR12MB1149; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;3:dED3+muuMQdddHCHZOjtdV2nvApAku/ibMBYjdbRD95dZwWfULuPlJYZYRbAeaKIsOFBdz6zHupq1y4iZokRjSyipgPNNYNLtG8QaEkkju2RHjnIN8dqsr683cWGjEXpKJfzV4AT6ZBn8Ax3ZF5IRDk/hwIO1eZZ9hr73HdlM82kbR0BtssHD0iYwsRh/BDhEpx0A7/ARZ4P7zI3q5EGOO+WdoaQp19zIU2EbG0LtdfCqrRVDzScxm1NM9Vgv51H;25:ncZCy/mMyf5nLn295GGk1I2zPCwHXi3HxLO5TBCrUbuZnTwX+fD4ZMcSAR9HuwS9dKuLpjrE59PrgzgKwOCa3/ost04ZLC/Rg8YgeBInCdkPm/3/YX5EvlC4ZUppuJHD7qBxev0GVJxgs72a5BAOjk8qvJguWhd5BH+he7YqM/bUhnyOjKkDHszItH6SzSFYI8aCt+BGDkX8qpHoEhaKQUw1+L57gbhAv3fvZ+yx3l86Jfz+OIE9hhZRJLGbQXAjKRDtCuUDdMfkLmZUONKhqgdHLZ1FyQKbanHWMnUdL+OoRDW2oBKeVUCNhl1huqZX1H17A94a4sPKAcZEgpbQjQ==;31:SpKqDmbCU6AozfQug0IXnjEpIrlgpHsZtPZ5Gzbj/hTc62OLH3VBrzVii72smxWf5vFb0eKnMD7vhEIyvKV0bcEWB9QuEOnf1Op6Uj0MoINKB9w4xM7kGDyQW5aFeTelGhg2df9EzHqa1EcmO0xEjzvw+NjlxbrJC9vJRe9xvkOVrklYmlYu44SqQ8tvMxlUtWyUwQQqL9LmDvtjrkaEwZT/EfzSWewx71Ker7OZpeQ= X-MS-TrafficTypeDiagnostic: MWHPR12MB1149: X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;20:zHXD87qX00obj2Q1t6S00oHPeXDYV5wrKKG3VQGmgzBd7qbn1NxkXfYmnTg/+qMU+qARh02BSJUvATRl2s09bFc9zvNcJg/Pk98k83BKX5zrz43D2AckUpLyNj87fzzlXZ07cBjqFMKYGvjqRbRn/pusPOQfhshSkD/qKc6fycD2U8IvjKGmyrZtVMRjxLWcmPRG8LoTMmaCBhmjCTKpPZ1MecUPgQp+/I0ucYPf6Ph4/QJkhpHXGEMGSTlJ6R/sbocrtQ2H3Eby+0oHCF4aIC3Q31vVBji+EHciRhwEYoxgxFKapWvCAw4QRdhvjOLEsflBVekpgEmXGUSG5892NUnSQWcszBLT/NQyGI2gFox5hQ9oXnqPC4obdppZFSj+/kWMTCBeVXfrzIAyOuEGH+5tzwB0L86vWF769zkxCoWy3021MgQ0Yx6KlzZVY+dgo7X0xmKn2xcOx49WwD4CqOOnNN9HoWV2ja8HFC0jZeP+tN0eAPs1EGOSgsxbKRwQ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(211936372134217)(42068640409301)(84791874153150)(153496737603132)(146755900322472)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3231023)(944501119)(3002001)(6055026)(6041268)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(6072148)(201708071742011);SRVR:MWHPR12MB1149;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:MWHPR12MB1149; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;4:2BSt3WKWw8MzEYoFpN/2HvzW6XJfCPHNLP+cMaXC3mM6KIR/+GktfkMdGpPVmk/d60Oej5bFtAh9afU0IoOi335KyozM4dGGmV9Ec2tBncSzesIdFLCCBTep53x4cVq6WgFRGgG7KYLWq/zy4EkonZsUYGWx0JXNxSUaZPl5vXrczOwvwq5GNb59iOP++YFlpNZE307O9T9ZDVYvApw3aXyFNIiEDzqnvxIIPX3aFRImpeLkju47WPutdLXHbeDcdC03mm8OS+tIYPIS/Ix8CeJKZDn4PusxlvsnJz/zZic4kk6NT6O8R6H44LJfxS48sNRRGnomNzq8qGR0V6vMdNhvMfLmlZIrD3EPTWXR25NqLdHKlq2YeCeqinxJqxcCBHY4V93TkOAk+y+FjU58M0Ih4W+us8fneJ4G5JB0PosK1Ov6P1u+G4RqLjavoSTUtjPsDG2XvqXBftJCTGm8U9nLU0MzCLk4nhXcWdJMjXPFJKGwT5zXZDNVbskgrxJobXjJHEvfo00dGvHAbbg4/A== X-Forefront-PRVS: 0548586081 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6049001)(346002)(396003)(376002)(366004)(39380400002)(39860400002)(199004)(24454002)(189003)(25786009)(31696002)(2950100002)(106356001)(6666003)(52146003)(23676004)(2486003)(105586002)(86362001)(8676002)(53936002)(59450400001)(31686004)(52116002)(76176011)(77096006)(65826007)(53546011)(386003)(3260700006)(6486002)(6246003)(305945005)(68736007)(64126003)(6306002)(47776003)(50466002)(478600001)(230700001)(7736002)(90366009)(2906002)(36756003)(8936002)(83506002)(72206003)(316002)(7416002)(229853002)(966005)(65806001)(3846002)(6116002)(5660300001)(81166006)(81156014)(66066001)(58126008)(16526018)(16576012)(65956001)(97736004)(921003)(1121003);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1149;H:[10.236.65.116];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTQ5OzIzOmljLzBidzlUcHVsdU5SL0lVUlRmTFcvQmhw?= =?utf-8?B?V3Bnc2FKRmd5SXg0cFoycmZ1aWw1bS9CbFJFNmc0RWJxN1hONm1CUEs3R2Rk?= =?utf-8?B?dzlKaENSeTRnekU3bCs4VDRES3AyU3JxcXAxV2RnU1JKanJQTkdGWkJDK3Vy?= =?utf-8?B?eUYvRlFjNUhzeklYUVBaK1hRZDBxcUhPY28vOVZaMDk1ZDJwN2dOVlpvUllK?= =?utf-8?B?RWRmVGdhTktOTy91U2JYdmlFTkdhRHU2TTZQWE4zaFpjdzFBZFF6M0VYeXpN?= =?utf-8?B?M2JoVkNoWmF1Zmk0alljK3lJVGVsUnlSdjdoRmNjakx6VmpmMzRPMUJlVCsy?= =?utf-8?B?a3lWQ2YzR3NrdkZGY0V2S1AwQngyUHoxcFZsWmhhS1VFL3dnaHFMckZucGZm?= =?utf-8?B?SG5zK0YvS1h1WThoWnpqWE1MMm9tc2w5SHMvVnk0aUJMWmkzSzhrTHNvNmVZ?= =?utf-8?B?bkNUQ1pTamNkMWdRTTVJSC9HeG9XTGo5NlUxU2NDT2ZqKzJMN002NWJINlpl?= =?utf-8?B?U2kxRnVkcVV6bUp4cHJXdDNBekZwV1pOOHZHektQRExKcmM2UHdYV0M1RGwv?= =?utf-8?B?ajJlemZNczFrOVBnanRxVDRzcE9uMnpwN0N2eGYwNXRUV2d3bm5OeFlaMlpG?= =?utf-8?B?Z3VaVlV6MUpBaG1ZR0pGM1BOdW02WWpoZXNnR1RQemtBMEFwU2RUL2d0cmxn?= =?utf-8?B?aEg4ODV1aDYzclJwNW50L1hMVEtTR1c1SFpreURza250dzBaR0crU1d2L1FN?= =?utf-8?B?VGtiWUF3YWNSa29tOVpodkRKSVUvb1Y0OHpNMEVEUmJpck9EelJpZjhZMm10?= =?utf-8?B?UjVETGl0eDEzZVdMY29WQ1hlcEVMWkkyMGF4cEUyL3lXTWFNOGN1SWJWcWdU?= =?utf-8?B?NUlaSFVyZC81RjIzWDJFNStaRGQ4RDlWV1VmbnF4T0NOMEFQSzczcnYyQzNC?= =?utf-8?B?NUUvcWlxQlo5OHdRWnV3bTg3c2U4WUFrMWE5eStySXgyeFQzSE5JeHhSSjV4?= =?utf-8?B?QnVNc0JJa2ppZnNJdTFFS3c2MXA4aGkydzlTTm5pYTFla0ZjSk1YcVpCZG9Q?= =?utf-8?B?dTc3MzRzSXB6RUdKT010dGpKc0FMN3AzaUgzMVJaK2ZJbHYrN1ZtWDBpM1Fv?= =?utf-8?B?WS9aL1NsNzR5K2JQTEpRNGZBTThMaUh1djRmU09Zd05HTUpKL3l4MDM2YU1Z?= =?utf-8?B?aDF3eHdUa0YvNkozOURVQ1lkYURoTWgxUVlGdE9pb0NUUk5ZVGEwclNITFhV?= =?utf-8?B?UVlrNDI5S1NOYW1ZUlY0OHRZeG11b3lodG43NjIxWjBKVDJmUXRiOUJmWHBP?= =?utf-8?B?MVhIUDVST3VEVDhaalNzVVFKcTFjK0w5Q1VIaXVUZ1BuUlg1cHpaQnN2SVBk?= =?utf-8?B?Uzh5RXIwbHFBRnZEalNoRUFqL0YrUHp2QlQweVZPUk1nK1ZDdTYrTmpDcnJa?= =?utf-8?B?YnJTVFpzQ09oMDFISHE2dGdjam53OWUrYzdXK3RmSDNtT09XelNsNnU2M1pJ?= =?utf-8?B?em5CalpLVU9oeHB6Z2NVN2xWNkg5c3huaTgzdk9yVlFRVm5QYVR5blpMc05k?= =?utf-8?B?cHJkZUQ4S3pTV2VWN0U1aWg5VGs1dnpnb0hyUVYvSkNlNjdIZUpSZDlsNjdh?= =?utf-8?B?bkpsTWVhS1ZXODN4SkNsNmkwTkVORVdqQW5HRlovUXR1aFo5OXJCa1ZaMFEr?= =?utf-8?B?K1ZDVEFkUlBpeVM0YWFoU0VwdDBSNDFFZk1nS3FOcjdkMmFCWjNhWEdYK3l2?= =?utf-8?B?blpTbGNYb3ExcHZIQmtLNWxkVjVnUm0vOWVBTEdHQ1NDY3VINFovWEc1aDdC?= =?utf-8?B?QUlaYWJCZWJWZXB3cTF3amliZWg2L0Rud3pjdzZlejdqYUR1b1VMeXY2V0dT?= =?utf-8?B?QWkzTHNraStTZDRRK3hqbndRaDJmeXdDVWt1ZU0xM1hvZFVwYVBzV2pNV3dm?= =?utf-8?B?T1JwTjBhMFl1d0czdmVPc3U1TGdJV2J2c2xva21aVUtHYUtJbXZpZ29PTjR5?= =?utf-8?B?RU9TeWU1dlcrNU5HblZ5aW9iNklHaHEzcUVKUT09?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;6:B5ool04mUc6CKdRaiYTE8UxXArnM51nEBC+W0uBPI3usMKFmG0r7CklGc77wPq73Neo4ifzS6FvoJVZYoyk8YrsvuaatdlXe4n3bw4KQ5SZLdOIDAOWCuX82sjgojkCzNxzJkwlRjCwriWsfj2y2Bv1kID1DXOlLkl65LveD9uqTahL0K4l0Q4uFT/85R3svcjAmYeLFb0pDgVOrbd7PUTf+xcJfHgQyPnpMW6Feg0qZPhzImIC9kE5mdPXm6lGmYWmY3MDPjHueUpBrnQryh33RBH6Cbelgn0dfMFDvJKAXVRhS5QecFVVgZg+gcGqBfjBLH/RCgaeJg7e+kNaLdf5ZU41EcbrDgF2TyPqVpHk=;5:zfSQS+714idCcyCUPcMIR4VGBH2jEgvQ2DWdJa/HYTzraEE5jtvZbyszU2Pi6N9Myem8eZjSeaa0tExr878X0ziZ+Z2wUyjhP14j2AzYHAxR5adJDXDOW5yXPUusoNt2dSLUY8Pxg3NHRqdtmT4ojAijarFiLvGByQVFt6v4Y9g=;24:IZ9S+Ucpdpii/Wj+xMlw7B9A0rjSbkzj4ftTvM/aFO7jChTiHUj3oB6kozgeP8Ka0cs3Nv/OayIj7nzYq6S4IzGYqI6qNdKWFL7ptAe6X4I=;7:Qd2A/uUO4sbJ/5BvI8Rz8GFQVKCoPtkXzCceDzk4k4vzdxgxZBQScvlQTiGaLlYQY5p184aVsi8++Gn+dpKONsVv5kRCOxSLC0fFrOaAdnGeunGhmaJ6ZNhTWFlvyJg8DqekStHoOJhKfwYFOXdJFbdTTkEeIH1Qj22YZ73UYRsofO+1eiXNTo23L6s+diwB14Ge6iUdvbmxuaeYDPpXfYqx4+vFFsBMlh7hn/nhgFYAg+7AbqkBWVz2tbjEIRw8 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;20:5NAzIZEUZaHwQbzTZjwQzvUeBTJMqwTcCnswuLxr5dat1rK4S1kIk1x6TZa9czjek/zqjv04KKCsVU7jjIr/2HxageboKPERtCLi+EN2Vi2LdKQMV3BcvvzC4yh/Rmkj16z3NnwsIFkq9FQt4imyyRhmIn09XzGyHkm1P0cP11E2pHnPR4seOyhD9IycsbXF+RsVmaquHL+Ng/cSIWck+ybFSLW2QdeOy1XSyGUVZ68DZvLAy0UBOzxoldE9jxQu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2018 18:33:27.4327 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3655d369-f66e-48b3-3872-08d55858a4f8 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1149 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 1/10/2018 12:14 PM, tip-bot for David Woodhouse wrote: > Commit-ID: fe1678d070e36070c43005c71ce783df57852252 > Gitweb: https://git.kernel.org/tip/fe1678d070e36070c43005c71ce783df57852252 > Author: David Woodhouse > AuthorDate: Tue, 9 Jan 2018 14:43:09 +0000 > Committer: Thomas Gleixner > CommitDate: Wed, 10 Jan 2018 19:09:09 +0100 > > x86/spectre: Add boot time option to select Spectre v2 mitigation > > Add a spectre_v2= option to select the mitigation used for the indirect > branch speculation vulnerability. > > Currently, the only option available is retpoline, in its various forms. > This will be expanded to cover the new IBRS/IBPB microcode features. > > The RETPOLINE_AMD feature relies on a serializing LFENCE for speculation > control. For AMD hardware, only set RETPOLINE_AMD if LFENCE is a > serializing instruction, which is indicated by the LFENCE_RDTSC feature. > > [ tglx: Folded back the LFENCE/AMD fixes and reworked it so IBRS > integration becomes simple ] > > Signed-off-by: David Woodhouse > Signed-off-by: Thomas Gleixner > Cc: gnomes@lxorguk.ukuu.org.uk > Cc: Rik van Riel > Cc: Andi Kleen > Cc: Peter Zijlstra > Cc: Linus Torvalds > Cc: Jiri Kosina > Cc: Andy Lutomirski > Cc: Dave Hansen > Cc: Kees Cook > Cc: Tim Chen > Cc: Greg Kroah-Hartman > Cc: Paul Turner > Cc: Tom Lendacky > Link: https://lkml.kernel.org/r/1515508997-6154-4-git-send-email-dwmw@amazon.co.uk > > > --- > Documentation/admin-guide/kernel-parameters.txt | 28 +++++ > arch/x86/include/asm/nospec-branch.h | 10 ++ > arch/x86/kernel/cpu/bugs.c | 158 +++++++++++++++++++++++- > arch/x86/kernel/cpu/common.c | 4 - > 4 files changed, 195 insertions(+), 5 deletions(-) > ... > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 76ad6cb..4f7a2a0 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -11,6 +11,9 @@ > #include > #include > #include > + > +#include > +#include > #include > #include > #include > @@ -21,6 +24,8 @@ > #include > #include > > +static void __init spectre_v2_select_mitigation(void); > + > void __init check_bugs(void) > { > identify_boot_cpu(); > @@ -30,6 +35,9 @@ void __init check_bugs(void) > print_cpu_info(&boot_cpu_data); > } > > + /* Select the proper spectre mitigation before patching alternatives */ > + spectre_v2_select_mitigation(); > + > #ifdef CONFIG_X86_32 > /* > * Check whether we are able to run this kernel safely on SMP. > @@ -62,6 +70,153 @@ void __init check_bugs(void) > #endif > } > > +/* The kernel command line selection */ > +enum spectre_v2_mitigation_cmd { > + SPECTRE_V2_CMD_NONE, > + SPECTRE_V2_CMD_AUTO, > + SPECTRE_V2_CMD_FORCE, > + SPECTRE_V2_CMD_RETPOLINE, > + SPECTRE_V2_CMD_RETPOLINE_GENERIC, > + SPECTRE_V2_CMD_RETPOLINE_AMD, > +}; > + > +static const char *spectre_v2_strings[] = { > + [SPECTRE_V2_NONE] = "Vulnerable", > + [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", > + [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", > + [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", > + [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", > +}; > + > +#undef pr_fmt > +#define pr_fmt(fmt) "Spectre V2 mitigation: " fmt > + > +static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; > + > +static void __init spec2_print_if_insecure(const char *reason) > +{ > + if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) > + pr_info("%s\n", reason); > +} > + > +static void __init spec2_print_if_secure(const char *reason) > +{ > + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) > + pr_info("%s\n", reason); > +} > + > +static inline bool retp_compiler(void) > +{ > + return __is_defined(RETPOLINE); > +} > + > +static inline bool match_option(const char *arg, int arglen, const char *opt) > +{ > + int len = strlen(opt); > + > + return len == arglen && !strncmp(arg, opt, len); > +} > + > +static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) > +{ > + char arg[20]; > + int ret; > + > + ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, > + sizeof(arg)); > + if (ret > 0) { > + if (match_option(arg, ret, "off")) { > + goto disable; > + } else if (match_option(arg, ret, "on")) { > + spec2_print_if_secure("force enabled on command line."); > + return SPECTRE_V2_CMD_FORCE; > + } else if (match_option(arg, ret, "retpoline")) { > + spec2_print_if_insecure("retpoline selected on command line."); > + return SPECTRE_V2_CMD_RETPOLINE; > + } else if (match_option(arg, ret, "retpoline,amd")) { > + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { I missed this in the first review, but this should be != X86_VENDOR_AMD. Sorry about that. Thanks, Tom > + pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n"); > + return SPECTRE_V2_CMD_AUTO; > + } > + spec2_print_if_insecure("AMD retpoline selected on command line."); > + return SPECTRE_V2_CMD_RETPOLINE_AMD; > + } else if (match_option(arg, ret, "retpoline,generic")) { > + spec2_print_if_insecure("generic retpoline selected on command line."); > + return SPECTRE_V2_CMD_RETPOLINE_GENERIC; > + } else if (match_option(arg, ret, "auto")) { > + return SPECTRE_V2_CMD_AUTO; > + } > + } > + > + if (!cmdline_find_option_bool(boot_command_line, "nospectre_v2")) > + return SPECTRE_V2_CMD_AUTO; > +disable: > + spec2_print_if_insecure("disabled on command line."); > + return SPECTRE_V2_CMD_NONE; > +} > + > +static void __init spectre_v2_select_mitigation(void) > +{ > + enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); > + enum spectre_v2_mitigation mode = SPECTRE_V2_NONE; > + > + /* > + * If the CPU is not affected and the command line mode is NONE or AUTO > + * then nothing to do. > + */ > + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && > + (cmd == SPECTRE_V2_CMD_NONE || cmd == SPECTRE_V2_CMD_AUTO)) > + return; > + > + switch (cmd) { > + case SPECTRE_V2_CMD_NONE: > + return; > + > + case SPECTRE_V2_CMD_FORCE: > + /* FALLTRHU */ > + case SPECTRE_V2_CMD_AUTO: > + goto retpoline_auto; > + > + case SPECTRE_V2_CMD_RETPOLINE_AMD: > + if (IS_ENABLED(CONFIG_RETPOLINE)) > + goto retpoline_amd; > + break; > + case SPECTRE_V2_CMD_RETPOLINE_GENERIC: > + if (IS_ENABLED(CONFIG_RETPOLINE)) > + goto retpoline_generic; > + break; > + case SPECTRE_V2_CMD_RETPOLINE: > + if (IS_ENABLED(CONFIG_RETPOLINE)) > + goto retpoline_auto; > + break; > + } > + pr_err("kernel not compiled with retpoline; no mitigation available!"); > + return; > + > +retpoline_auto: > + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { > + retpoline_amd: > + if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { > + pr_err("LFENCE not serializing. Switching to generic retpoline\n"); > + goto retpoline_generic; > + } > + mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : > + SPECTRE_V2_RETPOLINE_MINIMAL_AMD; > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > + } else { > + retpoline_generic: > + mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC : > + SPECTRE_V2_RETPOLINE_MINIMAL; > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > + } > + > + spectre_v2_enabled = mode; > + pr_info("%s\n", spectre_v2_strings[mode]); > +} > + > +#undef pr_fmt > + > #ifdef CONFIG_SYSFS > ssize_t cpu_show_meltdown(struct device *dev, > struct device_attribute *attr, char *buf) > @@ -86,6 +241,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev, > { > if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) > return sprintf(buf, "Not affected\n"); > - return sprintf(buf, "Vulnerable\n"); > + > + return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]); > } > #endif > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index 7a671d1..372ba3f 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -905,10 +905,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) > setup_force_cpu_bug(X86_BUG_SPECTRE_V1); > setup_force_cpu_bug(X86_BUG_SPECTRE_V2); > > -#ifdef CONFIG_RETPOLINE > - setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > -#endif > - > fpu__init_system(c); > > #ifdef CONFIG_X86_32 >