| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Apr 2019 15:39:27 -0500
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...en8.de>,
"H . Peter Anvin" <hpa@...or.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Jiri Kosina <jikos@...nel.org>,
Waiman Long <longman@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Jon Masters <jcm@...hat.com>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>,
linuxppc-dev@...ts.ozlabs.org,
Martin Schwidefsky <schwidefsky@...ibm.com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
linux-s390@...r.kernel.org,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
linux-arm-kernel@...ts.infradead.org, linux-arch@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Tyler Hicks <tyhicks@...onical.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Randy Dunlap <rdunlap@...radead.org>,
Steven Price <steven.price@....com>,
Phil Auld <pauld@...hat.com>
Subject: [PATCH v2 0/5] cpu/speculation: Add 'mitigations=' cmdline option
v2:
- docs improvements: [Randy, Michael]
- Rename to "mitigations=" [Michael]
- Add cpu_mitigations_off() function wrapper [Michael]
- x86: Simplify logic [Boris]
- powerpc: Fix no_rfi_flush checking bug (use '&&' instead of '||')
- arm64: Rebase onto Jeremy Linton's v7 patches [Will]
- arm64: "kpti command line option" [Steve P]
- arm64: Add nospectre_v2 support
-----------
Keeping track of the number of mitigations for all the CPU speculation
bugs has become overwhelming for many users. It's getting more and more
complicated to decide which mitigations are needed for a given
architecture. Complicating matters is the fact that each arch tends to
have its own custom way to mitigate the same vulnerability.
Most users fall into a few basic categories:
a) they want all mitigations off;
b) they want all reasonable mitigations on, with SMT enabled even if
it's vulnerable; or
c) they want all reasonable mitigations on, with SMT disabled if
vulnerable.
Define a set of curated, arch-independent options, each of which is an
aggregation of existing options:
- mitigations=off: Disable all mitigations.
- mitigations=auto: [default] Enable all the default mitigations, but
leave SMT enabled, even if it's vulnerable.
- mitigations=auto,nosmt: Enable all the default mitigations, disabling
SMT if needed by a mitigation.
Josh Poimboeuf (5):
cpu/speculation: Add 'mitigations=' cmdline option
x86/speculation: Support 'mitigations=' cmdline option
powerpc/speculation: Support 'mitigations=' cmdline option
s390/speculation: Support 'mitigations=' cmdline option
arm64/speculation: Support 'mitigations=' cmdline option
.../admin-guide/kernel-parameters.txt | 34 +++++++++++++++++++
arch/arm64/kernel/cpu_errata.c | 6 +++-
arch/arm64/kernel/cpufeature.c | 8 ++++-
arch/powerpc/kernel/security.c | 6 ++--
arch/powerpc/kernel/setup_64.c | 2 +-
arch/s390/kernel/nospec-branch.c | 3 +-
arch/x86/kernel/cpu/bugs.c | 11 ++++--
arch/x86/mm/pti.c | 4 ++-
include/linux/cpu.h | 24 +++++++++++++
kernel/cpu.c | 15 ++++++++
10 files changed, 103 insertions(+), 10 deletions(-)
--
2.17.2
Powered by blists - more mailing lists