Re: [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
Hi,
On 2/26/19 7:05 PM, Jeremy Linton wrote:
There are various reasons, including bencmarking, to disable spectrev2
mitigation on a machine. Provide a command-line to do so.
Signed-off-by: Jeremy Linton
Reviewed-by: Andre Przywara
Cheers,
Andre.
Cc: Jonathan Corbet
Cc: linux-...@vger.kernel.org
---
Documentation/admin-guide/kernel-parameters.txt | 8
arch/arm64/kernel/cpu_errata.c | 13 +
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt
b/Documentation/admin-guide/kernel-parameters.txt
index 858b6c0b9a15..4d4d6a9537ae 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2842,10 +2842,10 @@
check bypass). With this option data leaks are possible
in the system.
- nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2
- (indirect branch prediction) vulnerability. System may
- allow data leaks with this option, which is equivalent
- to spectre_v2=off.
+ nospectre_v2[X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for
+ the Spectre variant 2 (indirect branch prediction)
+ vulnerability. System may allow data leaks with this
+ option.
nospec_store_bypass_disable
[HW] Disable all mitigations for the Speculative Store
Bypass vulnerability
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 9950bb0cbd52..d2b2c69d31bb 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
: "=" (tmp));
}
+static bool __nospectre_v2;
+static int __init parse_nospectre_v2(char *str)
+{
+ __nospectre_v2 = true;
+ return 0;
+}
+early_param("nospectre_v2", parse_nospectre_v2);
+
static void
enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
{
@@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct
arm64_cpu_capabilities *entry)
if (!entry->matches(entry, SCOPE_LOCAL_CPU))
return;
+ if (__nospectre_v2) {
+ pr_info_once("spectrev2 mitigation disabled by command line
option\n");
+ return;
+ }
+
if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
return;
Re: [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
On 28/02/2019 18:21, Catalin Marinas wrote:
On Thu, Feb 28, 2019 at 06:14:34PM +, Suzuki K Poulose wrote:
On 27/02/2019 01:05, Jeremy Linton wrote:
There are various reasons, including bencmarking, to disable spectrev2
mitigation on a machine. Provide a command-line to do so.
Signed-off-by: Jeremy Linton
Cc: Jonathan Corbet
Cc: linux-...@vger.kernel.org
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 9950bb0cbd52..d2b2c69d31bb 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
: "=" (tmp));
}
+static bool __nospectre_v2;
+static int __init parse_nospectre_v2(char *str)
+{
+ __nospectre_v2 = true;
+ return 0;
+}
+early_param("nospectre_v2", parse_nospectre_v2);
+
static void
enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
{
@@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct
arm64_cpu_capabilities *entry)
if (!entry->matches(entry, SCOPE_LOCAL_CPU))
return;
+ if (__nospectre_v2) {
+ pr_info_once("spectrev2 mitigation disabled by command line
option\n");
+ return;
+ }
+
Could we not disable the "cap" altogether instead, rather than disabling the
work around ? Or do we need that information ?
There are a few ideas here but I think we settled on always reporting in
sysfs even if the mitigation is disabled in .config. So I guess we need
the "cap" around for the reporting part.
Thanks Catalin.
Reviewed-by: Suzuki K Poulose
Re: [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
On Thu, Feb 28, 2019 at 06:14:34PM +, Suzuki K Poulose wrote:
> On 27/02/2019 01:05, Jeremy Linton wrote:
> > There are various reasons, including bencmarking, to disable spectrev2
> > mitigation on a machine. Provide a command-line to do so.
> >
> > Signed-off-by: Jeremy Linton
> > Cc: Jonathan Corbet
> > Cc: linux-...@vger.kernel.org
>
>
> > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> > index 9950bb0cbd52..d2b2c69d31bb 100644
> > --- a/arch/arm64/kernel/cpu_errata.c
> > +++ b/arch/arm64/kernel/cpu_errata.c
> > @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
> > : "=" (tmp));
> > }
> > +static bool __nospectre_v2;
> > +static int __init parse_nospectre_v2(char *str)
> > +{
> > + __nospectre_v2 = true;
> > + return 0;
> > +}
> > +early_param("nospectre_v2", parse_nospectre_v2);
> > +
> > static void
> > enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
> > {
> > @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct
> > arm64_cpu_capabilities *entry)
> > if (!entry->matches(entry, SCOPE_LOCAL_CPU))
> > return;
> > + if (__nospectre_v2) {
> > + pr_info_once("spectrev2 mitigation disabled by command line
> > option\n");
> > + return;
> > + }
> > +
>
> Could we not disable the "cap" altogether instead, rather than disabling the
> work around ? Or do we need that information ?
There are a few ideas here but I think we settled on always reporting in
sysfs even if the mitigation is disabled in .config. So I guess we need
the "cap" around for the reporting part.
--
Catalin
Re: [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
Hi Jeremy
On 27/02/2019 01:05, Jeremy Linton wrote:
There are various reasons, including bencmarking, to disable spectrev2
mitigation on a machine. Provide a command-line to do so.
Signed-off-by: Jeremy Linton
Cc: Jonathan Corbet
Cc: linux-...@vger.kernel.org
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 9950bb0cbd52..d2b2c69d31bb 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
: "=" (tmp));
}
+static bool __nospectre_v2;
+static int __init parse_nospectre_v2(char *str)
+{
+ __nospectre_v2 = true;
+ return 0;
+}
+early_param("nospectre_v2", parse_nospectre_v2);
+
static void
enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
{
@@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct
arm64_cpu_capabilities *entry)
if (!entry->matches(entry, SCOPE_LOCAL_CPU))
return;
+ if (__nospectre_v2) {
+ pr_info_once("spectrev2 mitigation disabled by command line
option\n");
+ return;
+ }
+
Could we not disable the "cap" altogether instead, rather than disabling the
work around ? Or do we need that information ?
Cheers
Suzuki
[PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
There are various reasons, including bencmarking, to disable spectrev2
mitigation on a machine. Provide a command-line to do so.
Signed-off-by: Jeremy Linton
Cc: Jonathan Corbet
Cc: linux-...@vger.kernel.org
---
Documentation/admin-guide/kernel-parameters.txt | 8
arch/arm64/kernel/cpu_errata.c | 13 +
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt
b/Documentation/admin-guide/kernel-parameters.txt
index 858b6c0b9a15..4d4d6a9537ae 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2842,10 +2842,10 @@
check bypass). With this option data leaks are possible
in the system.
- nospectre_v2[X86,PPC_FSL_BOOK3E] Disable all mitigations for the
Spectre variant 2
- (indirect branch prediction) vulnerability. System may
- allow data leaks with this option, which is equivalent
- to spectre_v2=off.
+ nospectre_v2[X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for
+ the Spectre variant 2 (indirect branch prediction)
+ vulnerability. System may allow data leaks with this
+ option.
nospec_store_bypass_disable
[HW] Disable all mitigations for the Speculative Store
Bypass vulnerability
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 9950bb0cbd52..d2b2c69d31bb 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)
: "=" (tmp));
}
+static bool __nospectre_v2;
+static int __init parse_nospectre_v2(char *str)
+{
+ __nospectre_v2 = true;
+ return 0;
+}
+early_param("nospectre_v2", parse_nospectre_v2);
+
static void
enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)
{
@@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct
arm64_cpu_capabilities *entry)
if (!entry->matches(entry, SCOPE_LOCAL_CPU))
return;
+ if (__nospectre_v2) {
+ pr_info_once("spectrev2 mitigation disabled by command line
option\n");
+ return;
+ }
+
if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
return;
--
2.20.1
