Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp900937lqt; Fri, 19 Apr 2024 14:10:24 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXsQMo94sjcWMldAn1BEKHAtT/IrCEfouNxxGrPsij/NxR474cpcqLKvyVsnn/S7QDq1ZfOHaOTFX32AvSM2JPszjDqPOsSBVhRHtpb7g== X-Google-Smtp-Source: AGHT+IEsDVcKaQc10lx8hew9lKjUwRgMpCoW8oe1dQu2vsT/ceHyioBvOFQ/KMmBTAAnmtvLXrut X-Received: by 2002:a05:6359:1790:b0:183:676f:c751 with SMTP id mb16-20020a056359179000b00183676fc751mr3746791rwb.27.1713561024390; Fri, 19 Apr 2024 14:10:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713561024; cv=pass; d=google.com; s=arc-20160816; b=TSI3xjdZRgxMaAIUXyyijlLJZRZr3GJAU1z8UrkjP5jlauSGjzzRky2PCtBgbMUbi/ G8YLPWnJlC45jaMFy0dDNAE9jZncnd7dpmyreDFZ2+t3FKFEi1aUnuCbQKOYdMJqjEfY KNbO5bTFwCWGVUoF7CJ2SyQ1lyc62lgLd/KZSSxkZk6VBgX/hWV/mnVOoJ0EMbaUMMqo EdFKIiDvtQKPSsT2jGy3VWno0kf3BblXBcC7AQ0ABjvgJtOV74sazJkoezB+kwXyKrgH 11UbWTEfVxH5BCpMD6spw6EsVOldH1FKZhyJ+j0rlClBCu1UmLwR8x7mYct2jx5XtTmI Barw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=qGUyY20vYw0t6MscoLWF9dYCxpHEleATJnwXzjPDKZQ=; fh=LmJGh0szG+L15nFY/wr8n/xsZPm6LJs8uE3Wlz1qB4w=; b=WIzoY430YJ6tccYwa4D+izmPbCYpwiR9YIiKHoGeNWRrkfa+AlJ775cYZT8NVj9Bzy j2c8/GpfKKjO/W5jDpBJv5OadIHIwClHmxgDyizXpG57rXRyxxY16GRsz89G0Umw1Cq6 0UhqjCf+xTwtymBCAp0KpmJ4Fo5VRyzGQQiEkvx50Ip3bYhhWyJ385Ydm60qCy2Yip7Y I+s4xYNjaC2vc5AKzxLQW1J9dvIMmdi44BjQZLJt2ef/95j/PrORVtKvmghXvlcX7cTN +Kp5LJ/K7fMpWBTsu0+gkAu6Pd8kU50qpsablmyl9po1T3zHo+ysB/R3BrktAHruL0D/ EQ3Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Whk4iVO4; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-151957-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151957-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id t15-20020ad45bcf000000b006992073ffd4si4838992qvt.507.2024.04.19.14.10.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 14:10:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-151957-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Whk4iVO4; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-151957-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151957-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 1DD471C20D0D for ; Fri, 19 Apr 2024 21:10:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3AECE13D25D; Fri, 19 Apr 2024 21:09:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Whk4iVO4" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A45913CFB5 for ; Fri, 19 Apr 2024 21:09:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713560997; cv=none; b=ZmCVsW1OEqn8L0aE8nusaNnP2ZXPsCjA8nv3ZaSJ0E+Nl+71XPelkU363MmID7Zwtl1sa+R8xGMnJPp0QBiw+g4ov6Pbm+g5aidJ5GYhZTVIKRZR+TrJLu9XhoAeUN0eo+IPBHIxJZdFYUfimSou6h0JZ8m/fFet33j+YofP/U8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713560997; c=relaxed/simple; bh=DGtafsiKW/Af+0pzOd16cGmdlqTg29dQsMtG6i/3gFU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fHgHQiMjkC+6xEr0OwuLEthzGsEvwe+WIJIs3j6wy6lZb8gZ32DJfZbqOSA6R/zYFaoUy0lEvQWWn/sjjzGgbH9/+xURcSq8p0LrB8FR74Su3vcAKVI0YNqw60Ct7TeLe2UAKYDhglA58ijw+BVcBjTN3Wb8UVhlLW7443q1xl8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Whk4iVO4; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2F1EEC4AF08; Fri, 19 Apr 2024 21:09:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713560996; bh=DGtafsiKW/Af+0pzOd16cGmdlqTg29dQsMtG6i/3gFU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Whk4iVO4tRoDzM8SuiKJm7WrlYWkCXHS7u9UhO4yvRBCoiNxCi43PmXCKBEYAVWO/ W8o2SZ0jp6H8bezLtCEKxTQ41Yyx0HMOXsEAcG4NuaU/UbseH2k5EXPyfVAObVEGIU 77swZYpL+gQKeX1+zrfWeBuMGhYDQhztesz1aXAVE7IU10Eeqr+i8U3oK8dba+OSGX QzjQgmfPtdEG7n5ww0c0zJZ+jW8MmYw/nl0j06avAZZxucnTqQyg1D7Ou5gjy6YBYF h1L5A9WoZyXuy90TYsZgK8R2VlDIL8Aa2+81Adyl5Y/UgACukxGPublN4XjIzQLK9G 36awxkaRmsbHQ== From: Josh Poimboeuf To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, Linus Torvalds , Daniel Sneddon , Pawan Gupta , Thomas Gleixner , Alexandre Chartre , Konrad Rzeszutek Wilk , Peter Zijlstra , Greg Kroah-Hartman , Sean Christopherson , Andrew Cooper , Dave Hansen , Nikolay Borisov , KP Singh , Waiman Long , Borislav Petkov , Ingo Molnar , Stephen Rothwell , Michael Ellerman , Geert Uytterhoeven Subject: [PATCH v4 2/5] cpu/speculation: Fix CPU mitigation defaults for !x86 Date: Fri, 19 Apr 2024 14:09:48 -0700 Message-ID: <9d3c997264829d0e2b28718222724ae8f9e7d8b4.1713559768.git.jpoimboe@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit CPU speculative execution mitigations were inadvertently disabled on non-x86 arches by the following commit: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") Fix it by replacing CONFIG_SPECULATION_MITIGATIONS with a new generic CONFIG_CPU_MITIGATIONS option and moving the x86-specific mitigations to a separate menu which depends on CONFIG_CPU_MITIGATIONS. Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") Reported-by: Stephen Rothwell Reported-by: Michael Ellerman Reported-by: Geert Uytterhoeven Closes: https://lkml.kernel.org/r/20240413115324.53303a68%40canb.auug.org.au Signed-off-by: Josh Poimboeuf --- arch/Kconfig | 10 ++++++++++ arch/x86/Kconfig | 15 +++------------ kernel/cpu.c | 4 ++-- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index 9f066785bb71..5c96849eb957 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -11,6 +11,16 @@ source "arch/$(SRCARCH)/Kconfig" menu "General architecture-dependent options" +config CPU_MITIGATIONS + bool "Mitigations for CPU speculative execution vulnerabilities" + default y + help + Say Y here to enable mitigations for CPU speculative execution + vulnerabilities. + + If you say N, all mitigations will be disabled. You really + should know what you are doing to say so. + config ARCH_HAS_SUBPAGE_FAULTS bool help diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4474bf32d0a4..85a4d57bce1e 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2488,17 +2488,8 @@ config PREFIX_SYMBOLS def_bool y depends on CALL_PADDING && !CFI_CLANG -menuconfig SPECULATION_MITIGATIONS - bool "Mitigations for speculative execution vulnerabilities" - default y - help - Say Y here to enable options which enable mitigations for - speculative execution hardware vulnerabilities. - - If you say N, all mitigations will be disabled. You really - should know what you are doing to say so. - -if SPECULATION_MITIGATIONS +menu "CPU speculative execution mitigation defaults" + depends on CPU_MITIGATIONS config MITIGATION_PAGE_TABLE_ISOLATION bool "Remove the kernel mapping in user mode" @@ -2643,7 +2634,7 @@ config MITIGATION_SPECTRE_BHI indirect branches. See -endif +endmenu config ARCH_HAS_ADD_PAGES def_bool y diff --git a/kernel/cpu.c b/kernel/cpu.c index 07ad53b7f119..bb0ff275fb46 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3207,8 +3207,8 @@ enum cpu_mitigations { }; static enum cpu_mitigations cpu_mitigations __ro_after_init = - IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : - CPU_MITIGATIONS_OFF; + IS_ENABLED(CONFIG_CPU_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : + CPU_MITIGATIONS_OFF; static int __init mitigations_parse_cmdline(char *arg) { -- 2.44.0