Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp742850lqt; Fri, 19 Apr 2024 09:05:53 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWya1ybgUalt+lzsooG4EU+Ccg3f5s1o55miK9MK0RBfFL9BsXe2RzTgx4iCa1L86FxDxZAmSSec+PUYVoLvMV0ZFZ8kL0e6k3c1CMPCg== X-Google-Smtp-Source: AGHT+IEbYJcxMLAVunfKTYlYpI9PXZ0W+EeuvJRYJnO9aFVDJRWE9MXsBlJidrFn7yiMkTo+U23q X-Received: by 2002:a2e:8206:0:b0:2da:c3a:2546 with SMTP id w6-20020a2e8206000000b002da0c3a2546mr1551007ljg.21.1713542753393; Fri, 19 Apr 2024 09:05:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713542753; cv=pass; d=google.com; s=arc-20160816; b=Ow4Ld3NxRAbQAEpTu5Pu3P82x6AaUGbSep+LA1/QliJ8N7uznHAC76h7j3gGxUkQzU n4+phcbHtjH7KbS/cPqCEIq+7HesT2n1kHsGLUHLT9Z9HAi7Inlv5/qa7l1T8HUphBTD Prqee44seh0U+H5pTbvBTnRyV7WVrUjZYdcvAmbbgRfU46G5H/rf72gGPBXaSHcXlUU+ S1BxyR0hN71LLXuZmwT2UlhFY3TYF3aNPO8eOWEoLCpiih907vsyWIskdSPqxHrj0Mo8 hggcYIEl4IJDxbeC+1VFWrl+TbbTLlJS1ZQw+gJ+wLgNGGzn3yNdC/THPzunJ9AzV0Wp MYNQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=fJnbhW7CgSjvyEaVPSVT4zdxbiNUwCbxOJvxumcvnvE=; fh=jcU+u2YrD3hBUfcKPHtTE3jWoDx40NnC29cDH9aOcek=; b=0yosRfr7wAh8RY57REJ+InRnuaD5B9LpMbNIGIC13MysleFuDzOiwzMCvbrc50i0Fz ex9OFFkEAR90Jblo1BnOvS43ebiapw5wjQU7wYM4G68uMpy2WwnaiHlQs4i6yKkTuwDE uvm8nQU811kej2Zl65nzuyY265fr1HZ+glvemEduISJ/pbHIG20yCRs3eNBdlMiRvMjT 7I5knl3xsgeekFE8l91Cf0W675If4P8YfACRf/FLwq6EZNGrKeiuggbqJa9+/+93kMGb RC56ZvMxEewIZtwP/gJBms5CSvI3UuWOc0m0h1j/H6RuMs9pa6ilvIcmnxtlChZ+dyLX rbmw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OwCCYdyR; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-151724-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151724-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id w6-20020aa7da46000000b005700cf95e53si2283449eds.14.2024.04.19.09.05.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 09:05:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-151724-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OwCCYdyR; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-151724-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151724-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 10CC31F2165D for ; Fri, 19 Apr 2024 16:05:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 33806130AEA; Fri, 19 Apr 2024 16:05:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OwCCYdyR" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5751812F59E; Fri, 19 Apr 2024 16:05:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713542744; cv=none; b=CsOIG8O5Hhrc+x8YV2AqhR23lxqeQTvL+yNaue0yGlLsaiNtJ49R49vMKuSrmrSbVjdOPTtRyQHR0Y1sPcmdxB18iYc+RdB6OfwFiOt9tCgtLl6e6zyzk6Xgu6az/KrsJEdUTkJ2yJHzHti0AqYUYeFuv2DkAC1sxlCAbVWw8gI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713542744; c=relaxed/simple; bh=3VqTx/MC+ZdPcEqq8wvrQXMLukiRoXnaGbZ1BaGpXo4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=rslob81SzlcobcpUHZ5NFthCV9tssEwDXIf5tezFVrV3drjkAgxFAwWg3f3io6yQodEqXv7CKToc+Chkhc8kvUDo/b/WiZna+8YkexCUiqekhmTni8SyLzqILFYjO5j3qUDDRibA9FS2G1h+7YZ8mV4Md9chxkVuTrkGsE1hLv0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OwCCYdyR; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 78379C32781; Fri, 19 Apr 2024 16:05:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713542743; bh=3VqTx/MC+ZdPcEqq8wvrQXMLukiRoXnaGbZ1BaGpXo4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=OwCCYdyRv/+5/Zt90V/3HakgGm2piuce3WMCL8Zx/Kv5xKhKrE2jJIC92F6qogMg2 2h2gqGWpgfgViad0yQPYAzIom6t56N1mf80JkNoe5m1jKHnIL8VDINOTEOGJDbFAYS Pn1p1DV6ZOUzQ/WG25q1ZF7GNNMALjZE+Z67Fv96tayRRWEsILvRdcxKd1ukgjL2Iw MNOq5bFmblTiPLgb/RBjcA1HyGiqoG+qsGyTYCWQuuiZSY6mvoFQYFfzcXiKUmJ17X OOi7/Fi3ufK1uZCNJkIWZsLzHdIKdWgoJ6nMu8npFKsljzNQY5OIZ61JrXkM822k0c cgmfxtZH/ytiA== Date: Fri, 19 Apr 2024 09:05:37 -0700 From: Josh Poimboeuf To: Sean Christopherson Cc: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Greg Kroah-Hartman , Peter Zijlstra , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Stephen Rothwell , Michael Ellerman , Geert Uytterhoeven Subject: Re: [PATCH 1/2] cpu: Re-enable CPU mitigations by default for !X86 architectures Message-ID: <20240419160537.namt5yaxhhvwwa3r@treble> References: <20240417001507.2264512-1-seanjc@google.com> <20240417001507.2264512-2-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20240417001507.2264512-2-seanjc@google.com> On Tue, Apr 16, 2024 at 05:15:06PM -0700, Sean Christopherson wrote: > Add a generic Kconfig, CPU_MITIGATIONS, to control whether or not CPU > mitigations are enabled by default, and force it on for all architectures > except x86. A recent commit to turn mitigations off by default if > SPECULATION_MITIGATIONS=n kinda sorta missed that "cpu_mitigations" is > completely generic, where as SPECULATION_MITIGATIONS is x86 specific. > > Alternatively, SPECULATION_MITIGATIONS could simply be defined in common > code, but that creates weirdness for x86 because SPECULATION_MITIGATIONS > ends up being defined twice, and the default behavior would likely depend > on the arbitrary include order (if the two definitions diverged). > > Ideally, CPU_MITIGATIONS would be unconditionally on by default for all > architectures, and manually turned off, but there is no way to unselect a > Kconfig. > > Reported-by: Stephen Rothwell > Reported-by: Michael Ellerman > Reported-by: Geert Uytterhoeven > Closes: https://lkml.kernel.org/r/20240413115324.53303a68%40canb.auug.org.au > Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") > Cc: stable@vger.kernel.org > Signed-off-by: Sean Christopherson It seems confusing to have two config options which have very similar names and similar purposes (with subtle differences depending on the arch). How about we instead just get rid of the x86-specific SPECULATION_MITIGATIONS and replace it with a menu which depends on CPU_MITIGATIONS: diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4474bf32d0a4..85a4d57bce1e 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2488,17 +2488,8 @@ config PREFIX_SYMBOLS def_bool y depends on CALL_PADDING && !CFI_CLANG -menuconfig SPECULATION_MITIGATIONS - bool "Mitigations for speculative execution vulnerabilities" - default y - help - Say Y here to enable options which enable mitigations for - speculative execution hardware vulnerabilities. - - If you say N, all mitigations will be disabled. You really - should know what you are doing to say so. - -if SPECULATION_MITIGATIONS +menu "CPU speculative execution mitigation defaults" + depends on CPU_MITIGATIONS config MITIGATION_PAGE_TABLE_ISOLATION bool "Remove the kernel mapping in user mode" @@ -2643,7 +2634,7 @@ config MITIGATION_SPECTRE_BHI indirect branches. See -endif +endmenu config ARCH_HAS_ADD_PAGES def_bool y diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig index 2b8fd6bb7da0..70c1e7eb64f0 100644 --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig @@ -191,6 +191,16 @@ config GENERIC_CPU_AUTOPROBE config GENERIC_CPU_VULNERABILITIES bool +config CPU_MITIGATIONS + bool "Mitigations for CPU speculative execution vulnerabilities" + default y + help + Say Y here to enable mitigations for CPU speculative execution + vulnerabilities. + + If you say N, all mitigations will be disabled. You really + should know what you are doing to say so. + config SOC_BUS bool select GLOB diff --git a/kernel/cpu.c b/kernel/cpu.c index 07ad53b7f119..bb0ff275fb46 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3207,8 +3207,8 @@ enum cpu_mitigations { }; static enum cpu_mitigations cpu_mitigations __ro_after_init = - IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : - CPU_MITIGATIONS_OFF; + IS_ENABLED(CONFIG_CPU_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : + CPU_MITIGATIONS_OFF; static int __init mitigations_parse_cmdline(char *arg) {