Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp2415061lqt;
        Mon, 22 Apr 2024 10:00:55 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCX4vsOX1D8JAi7nu1l6ims+5S21hnlo03WpQMsBbvRDyyS16Q6/j+0o5+TcatdKvs+gc32JXFzf3loEDO2jD5RhbrcJ4Gv9GouBPLxVHA==
X-Google-Smtp-Source: AGHT+IFipVDJFO6/5DcfMJFFIhjM7FAxrrE0NIRhqMrxwu+gcvB5BQMBXSFIAHq8FduMMGePJ0yU
X-Received: by 2002:a05:620a:4606:b0:790:6e28:17e1 with SMTP id br6-20020a05620a460600b007906e2817e1mr6790579qkb.9.1713805254958;
        Mon, 22 Apr 2024 10:00:54 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1713805254; cv=pass;
        d=google.com; s=arc-20160816;
        b=YAjjgwMsB3HvwR0QAVdVE2SpEFZLNa8DPDpRUhHJk79wfj7I4YOyiPYtFhUqgZ5yPR
         Lw5RCsgedI6BbVd9NycfMC3LxKXBsC+cU9G9p8mvDA43UmeQMmpD66gkItAnrCq/JpKM
         k0A4OLXa2hZiwXF11bZ5ZT1wHntDlN43sUgfQIzjZV8VVRKGrRFBiS23gg8+KASGl3Py
         MwqmWaHXJVswYnPNW9GK8sQNDzRDM+3o8Lc1A8Kxk3iFAbMEgKMQ20wK7JSF4cVASu7P
         XmRzEQEOsi4raI98lHl8jV1S2fi4vXQ2aDwvqNwjCDyVKEAJ1N23C28Gsiy9NvVPA23R
         QR1g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=SSeOQnWU630u1dd7rprYG6Ohpor9yXklkuz0WMDXmKo=;
        fh=5XJJypkQeI5s73nZGmyRskmPdYeXtfodQOf0GbSr5UU=;
        b=fUWNdqZPkbgejVmxFXaZTVYGdd89WHX2D5Vdp0IkfkIWJDkMXxPNrgBT3TO4zoP2Ev
         CfuRrhxyZYuZg7ZLWh0N5tT/zIPgG4hG816eb6q3rYIwtxETiUdvlIqzk5h5+9pQXQXD
         CRhS2OgHqmVb0mKFS2ST5oHcvjIVQCye1z9g9NGeS7umAbSlQE8qOSs+AZaQ6MMUMtmO
         kBHT37MH91Capc6Xe6wr97wSm0G42gT1Omq1+iZaMsPRdwglbu23jgOP2WkyWQ6ZlMnu
         8cp1AHZh0oi8GcJ0ITeBfpUG2tHTJtYL8f+szU4FIUwncn1Lnwnq/I9aLkjp8WPyB9e9
         dPLg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-153772-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-153772-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-153772-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id cz34-20020a05620a36e200b007907884cbd7si1927984qkb.294.2024.04.22.10.00.54
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 22 Apr 2024 10:00:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-153772-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-153772-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-153772-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id AD4A71C211F1
	for <linux.lists.archive@gmail.com>; Mon, 22 Apr 2024 17:00:54 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 79645155315;
	Mon, 22 Apr 2024 16:59:04 +0000 (UTC)
Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 317FA155314
	for <linux-kernel@vger.kernel.org>; Mon, 22 Apr 2024 16:59:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.52
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713805143; cv=none; b=WJgJc67Ilr3dKMG6v6l6aWKs8MVK60EoP8aZ+FHLd/HAywcvyr5pj1KaTqyeZJ8qHTY9nKdvzxTrvSDqBMgBQGaUwT41iq98DmnPN0HV+yiTqqtwd2nrNymxunNC5ZbCxNOl8ZVs4IVLBgKdB0s8AIKtV8I5EuF2D3pN3kFcD9g=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713805143; c=relaxed/simple;
	bh=ucoBbncin5B2WXivebCu8MnWkr4EwZjdf99LIOzMXAs=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=duqV11NmCYM+u3NHg3E0YX/g2EpWAG9I+UoNVpn5wGnxwiKif1SqdC0TxV3vLvfRdENjZc6IMWHxCz8Iu7u4toUsLnX/dqL3sUd0ZK5XJqC41IIZSETiMPEiZHaWjJlTrkcxw3Dp1wFe9YBxxAVg7KlbakcYHa8bl7cWQT02Vdw=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.221.52
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-346b146199eso3553683f8f.0
        for <linux-kernel@vger.kernel.org>; Mon, 22 Apr 2024 09:59:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713805140; x=1714409940;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=SSeOQnWU630u1dd7rprYG6Ohpor9yXklkuz0WMDXmKo=;
        b=PiWT0sxdd/Yfo12lfftNZiU7B9bcj+DHkx5yk6kORheXIaT3sakLwnOSLNYkqjQByG
         S2D1iGAMkBxbkSBqvFPjcaexglPg6d3G6NnuAdw03N0N1vYtDhnJGtIveImajzEB6WZc
         qZC/X+hG/SCpyNOxMQSwxgxTmCxfdbg7dVtMSI3FYbRGqkSIAqA14KIPXzzPHbXvc/re
         WQbo0VDBA9vvuQKd+9Tx5PtC9xgeBNgRTcIWbFZKNMxvLMhOjxJdBccgM0c8LCiSQxEr
         FZ/24w72BNLvRUQBQ1oPOqJkHWO1QE8+3d4qpacIL1O5rzPNBq+IInu1i7ZOY00JaEo2
         FLDw==
X-Gm-Message-State: AOJu0YwWG2knxp816DWDuemE7NOcnUqA7ycpZ43A4jHdv2TvgQFXY5YR
	JBxuCRfsA0L6ksf8y6jEMDYHw4bI//BVpdTfOhf0i7onBeDeYObm
X-Received: by 2002:a05:6000:4022:b0:34a:5d59:5501 with SMTP id cp34-20020a056000402200b0034a5d595501mr8842558wrb.4.1713805140523;
        Mon, 22 Apr 2024 09:59:00 -0700 (PDT)
Received: from localhost (fwdproxy-lla-117.fbsv.net. [2a03:2880:30ff:75::face:b00c])
        by smtp.gmail.com with ESMTPSA id hy25-20020a1709068a7900b00a4e03c28fd5sm5967668ejc.43.2024.04.22.09.58.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 22 Apr 2024 09:59:00 -0700 (PDT)
From: Breno Leitao <leitao@debian.org>
To: jpoimboe@kernel.org,
	mingo@redhat.com,
	Thomas Gleixner <tglx@linutronix.de>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH v3 07/10] x86/bugs: Add a separate config for Spectre v1
Date: Mon, 22 Apr 2024 09:58:21 -0700
Message-ID: <20240422165830.2142904-8-leitao@debian.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240422165830.2142904-1-leitao@debian.org>
References: <20240422165830.2142904-1-leitao@debian.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Currently, the CONFIG_SPECULATION_MITIGATIONS is halfway populated,
where some mitigations have entries in Kconfig, and they could be
modified, while others mitigations do not have Kconfig entries, and
could not be controlled at build time.

Create an entry for the Spectre v1 CPU mitigation under
CONFIG_SPECULATION_MITIGATIONS. This allow users to enable or disable
it at compilation time.

Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
 arch/x86/Kconfig           | 10 ++++++++++
 arch/x86/kernel/cpu/bugs.c |  3 ++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index f5c941a0a837..43dd45720fb1 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2708,6 +2708,16 @@ config MITIGATION_RETBLEED
 	  unprivileged attacker can use these flaws to bypass conventional
 	  memory security restrictions to gain read access to privileged memory
 	  that would otherwise be inaccessible.
+
+config MITIGATION_SPECTRE_V1
+	bool "Mitigate SPECTRE V1 hardware bug"
+	default y
+	help
+	  Enable mitigation for Spectre V1 (Bounds Check Bypass). Spectre V1 is a
+	  class of side channel attacks that takes advantage of speculative
+	  execution that bypasses conditional branch instructions used for
+	  memory access bounds check.
+	  See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
 endif
 
 config ARCH_HAS_ADD_PAGES
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index c6c404b1c6ac..00c3438519be 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -875,7 +875,8 @@ enum spectre_v1_mitigation {
 };
 
 static enum spectre_v1_mitigation spectre_v1_mitigation __ro_after_init =
-	SPECTRE_V1_MITIGATION_AUTO;
+	IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V1) ?
+		SPECTRE_V1_MITIGATION_AUTO : SPECTRE_V1_MITIGATION_NONE;
 
 static const char * const spectre_v1_strings[] = {
 	[SPECTRE_V1_MITIGATION_NONE] = "Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers",
-- 
2.43.0