This is a note to let you know that I've just added the patch titled

    [PATCH 21/27] x86/speculation: Support 'mitigations=' cmdline option

to the 5.0-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     0021-x86-speculation-Support-mitigations-cmdline-option.patch
and it can be found in the queue-5.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <sta...@vger.kernel.org> know about it.


>From 1aaa69ec96c73918d45177d9d35680f648d0faed Mon Sep 17 00:00:00 2001
From: Josh Poimboeuf <jpoim...@redhat.com>
Date: Fri, 12 Apr 2019 15:39:29 -0500
Subject: [PATCH 21/27] x86/speculation: Support 'mitigations=' cmdline option

commit d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812 upstream

Configure x86 runtime CPU speculation bug mitigations in accordance with
the 'mitigations=' cmdline option.  This affects Meltdown, Spectre v2,
Speculative Store Bypass, and L1TF.

The default behavior is unchanged.

Signed-off-by: Josh Poimboeuf <jpoim...@redhat.com>
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Tested-by: Jiri Kosina <jkos...@suse.cz> (on x86)
Reviewed-by: Jiri Kosina <jkos...@suse.cz>
Cc: Borislav Petkov <b...@alien8.de>
Cc: "H . Peter Anvin" <h...@zytor.com>
Cc: Andy Lutomirski <l...@kernel.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Jiri Kosina <ji...@kernel.org>
Cc: Waiman Long <long...@redhat.com>
Cc: Andrea Arcangeli <aarca...@redhat.com>
Cc: Jon Masters <j...@redhat.com>
Cc: Benjamin Herrenschmidt <b...@kernel.crashing.org>
Cc: Paul Mackerras <pau...@samba.org>
Cc: Michael Ellerman <m...@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Martin Schwidefsky <schwidef...@de.ibm.com>
Cc: Heiko Carstens <heiko.carst...@de.ibm.com>
Cc: linux-s...@vger.kernel.org
Cc: Catalin Marinas <catalin.mari...@arm.com>
Cc: Will Deacon <will.dea...@arm.com>
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-a...@vger.kernel.org
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Tyler Hicks <tyhi...@canonical.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Randy Dunlap <rdun...@infradead.org>
Cc: Steven Price <steven.pr...@arm.com>
Cc: Phil Auld <pa...@redhat.com>
Link: 
https://lkml.kernel.org/r/6616d0ae169308516cfdf5216bedd169f8a8291b.1555085500.git.jpoim...@redhat.com
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
 Documentation/admin-guide/kernel-parameters.txt | 16 +++++++++++-----
 arch/x86/kernel/cpu/bugs.c                      | 11 +++++++++--
 arch/x86/mm/pti.c                               |  4 +++-
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt 
b/Documentation/admin-guide/kernel-parameters.txt
index df6d9a7c1724..59a1181e52b8 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2540,15 +2540,20 @@
                        http://repo.or.cz/w/linux-2.6/mini2440.git
 
        mitigations=
-                       Control optional mitigations for CPU vulnerabilities.
-                       This is a set of curated, arch-independent options, each
-                       of which is an aggregation of existing arch-specific
-                       options.
+                       [X86] Control optional mitigations for CPU
+                       vulnerabilities.  This is a set of curated,
+                       arch-independent options, each of which is an
+                       aggregation of existing arch-specific options.
 
                        off
                                Disable all optional CPU mitigations.  This
                                improves system performance, but it may also
                                expose users to several CPU vulnerabilities.
+                               Equivalent to: nopti [X86]
+                                              nospectre_v2 [X86]
+                                              spectre_v2_user=off [X86]
+                                              spec_store_bypass_disable=off 
[X86]
+                                              l1tf=off [X86]
 
                        auto (default)
                                Mitigate all CPU vulnerabilities, but leave SMT
@@ -2556,12 +2561,13 @@
                                users who don't want to be surprised by SMT
                                getting disabled across kernel upgrades, or who
                                have other ways of avoiding SMT-based attacks.
-                               This is the default behavior.
+                               Equivalent to: (default behavior)
 
                        auto,nosmt
                                Mitigate all CPU vulnerabilities, disabling SMT
                                if needed.  This is for users who always want to
                                be fully mitigated, even if it means losing SMT.
+                               Equivalent to: l1tf=flush,nosmt [X86]
 
        mminit_loglevel=
                        [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 04c140ac36af..7c79672234e4 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -506,7 +506,8 @@ static enum spectre_v2_mitigation_cmd __init 
spectre_v2_parse_cmdline(void)
        char arg[20];
        int ret, i;
 
-       if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
+       if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") ||
+           cpu_mitigations_off())
                return SPECTRE_V2_CMD_NONE;
 
        ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, 
sizeof(arg));
@@ -771,7 +772,8 @@ static enum ssb_mitigation_cmd __init 
ssb_parse_cmdline(void)
        char arg[20];
        int ret, i;
 
-       if (cmdline_find_option_bool(boot_command_line, 
"nospec_store_bypass_disable")) {
+       if (cmdline_find_option_bool(boot_command_line, 
"nospec_store_bypass_disable") ||
+           cpu_mitigations_off()) {
                return SPEC_STORE_BYPASS_CMD_NONE;
        } else {
                ret = cmdline_find_option(boot_command_line, 
"spec_store_bypass_disable",
@@ -1095,6 +1097,11 @@ static void __init l1tf_select_mitigation(void)
        if (!boot_cpu_has_bug(X86_BUG_L1TF))
                return;
 
+       if (cpu_mitigations_off())
+               l1tf_mitigation = L1TF_MITIGATION_OFF;
+       else if (cpu_mitigations_auto_nosmt())
+               l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT;
+
        override_cache_bits(&boot_cpu_data);
 
        switch (l1tf_mitigation) {
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 4fee5c3003ed..5890f09bfc19 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -35,6 +35,7 @@
 #include <linux/spinlock.h>
 #include <linux/mm.h>
 #include <linux/uaccess.h>
+#include <linux/cpu.h>
 
 #include <asm/cpufeature.h>
 #include <asm/hypervisor.h>
@@ -115,7 +116,8 @@ void __init pti_check_boottime_disable(void)
                }
        }
 
-       if (cmdline_find_option_bool(boot_command_line, "nopti")) {
+       if (cmdline_find_option_bool(boot_command_line, "nopti") ||
+           cpu_mitigations_off()) {
                pti_mode = PTI_FORCE_OFF;
                pti_print_if_insecure("disabled on command line.");
                return;
-- 
2.21.0



Patches currently in stable-queue which might be from jpoim...@redhat.com are

queue-5.0/0019-x86-speculation-mds-Print-SMT-vulnerable-on-MSBDS-wi.patch
queue-5.0/0016-x86-speculation-Move-arch_smt_update-call-to-after-m.patch
queue-5.0/0024-x86-speculation-mds-Add-mitigations-support-for-MDS.patch
queue-5.0/0021-x86-speculation-Support-mitigations-cmdline-option.patch
queue-5.0/0022-powerpc-speculation-Support-mitigations-cmdline-opti.patch
queue-5.0/0020-cpu-speculation-Add-mitigations-cmdline-option.patch
queue-5.0/0023-s390-speculation-Support-mitigations-cmdline-option.patch
queue-5.0/0015-x86-speculation-mds-Add-mds-full-nosmt-cmdline-optio.patch
queue-5.0/0027-x86-speculation-mds-Fix-documentation-typo.patch
queue-5.0/0017-x86-speculation-mds-Add-SMT-warning-message.patch
queue-5.0/0018-x86-speculation-mds-Fix-comment.patch

Reply via email to