| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMuHMdVFaQLbH7F=Ard5MzUzG1FTfwLH=7xz=LpA3YaZyj2+Zg@mail.gmail.com>
Date: Thu, 16 May 2019 09:04:41 +0200
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ben Hutchings <ben@...adent.org.uk>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Peter Zijlstra <peterz@...radead.org>,
Catalin Marinas <catalin.marinas@....com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Paul Mackerras <paulus@...ba.org>,
"H . Peter Anvin" <hpa@...or.com>,
Andrea Arcangeli <aarcange@...hat.com>,
linux-s390 <linux-s390@...r.kernel.org>,
Michael Ellerman <mpe@...erman.id.au>,
Steven Price <steven.price@....com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Jon Masters <jcm@...hat.com>, Waiman Long <longman@...hat.com>,
Linux-Arch <linux-arch@...r.kernel.org>,
Will Deacon <will.deacon@....com>,
Jiri Kosina <jikos@...nel.org>, Borislav Petkov <bp@...en8.de>,
Andy Lutomirski <luto@...nel.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
Phil Auld <pauld@...hat.com>,
Randy Dunlap <rdunlap@...radead.org>,
stable <stable@...r.kernel.org>,
Tyler Hicks <tyhicks@...onical.com>,
Jiri Kosina <jkosina@...e.cz>,
Martin Schwidefsky <schwidefsky@...ibm.com>,
linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>
Subject: Re: [PATCH 4.4 247/266] cpu/speculation: Add mitigations= cmdline option
Hi Greg, Ben,
On Wed, May 15, 2019 at 1:12 PM Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
> From: Josh Poimboeuf <jpoimboe@...hat.com>
>
> commit 98af8452945c55652de68536afdde3b520fec429 upstream.
>
> Keeping track of the number of mitigations for all the CPU speculation
> bugs has become overwhelming for many users. It's getting more and more
> complicated to decide which mitigations are needed for a given
> architecture. Complicating matters is the fact that each arch tends to
> have its own custom way to mitigate the same vulnerability.
>
> Most users fall into a few basic categories:
>
> a) they want all mitigations off;
>
> b) they want all reasonable mitigations on, with SMT enabled even if
> it's vulnerable; or
>
> c) they want all reasonable mitigations on, with SMT disabled if
> vulnerable.
>
> Define a set of curated, arch-independent options, each of which is an
> aggregation of existing options:
>
> - mitigations=off: Disable all mitigations.
>
> - mitigations=auto: [default] Enable all the default mitigations, but
> leave SMT enabled, even if it's vulnerable.
>
> - mitigations=auto,nosmt: Enable all the default mitigations, disabling
> SMT if needed by a mitigation.
>
> Currently, these options are placeholders which don't actually do
> anything. They will be fleshed out in upcoming patches.
>
> Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> [bwh: Backported to 4.4:
> - Drop the auto,nosmt option which we can't support
This doesn't really stand out. I.e. I completely missed it, and started
wondering why "auto,nosmt" was not documented in
kernel-parameters.txt below...
> --- a/Documentation/kernel-parameters.txt
> +++ b/Documentation/kernel-parameters.txt
> @@ -2173,6 +2173,25 @@ bytes respectively. Such letter suffixes
> in the "bleeding edge" mini2440 support kernel at
> http://repo.or.cz/w/linux-2.6/mini2440.git
>
> + mitigations=
> + Control optional mitigations for CPU vulnerabilities.
> + This is a set of curated, arch-independent options, each
> + of which is an aggregation of existing arch-specific
> + options.
> +
> + off
> + Disable all optional CPU mitigations. This
> + improves system performance, but it may also
> + expose users to several CPU vulnerabilities.
> +
> + auto (default)
> + Mitigate all CPU vulnerabilities, but leave SMT
> + enabled, even if it's vulnerable. This is for
> + users who don't want to be surprised by SMT
> + getting disabled across kernel upgrades, or who
> + have other ways of avoiding SMT-based attacks.
> + This is the default behavior.
> +
> mminit_loglevel=
> [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
> parameter allows control of the logging verbosity for
> --- a/kernel/cpu.c
> +++ b/kernel/cpu.c
> @@ -842,3 +842,16 @@ void init_cpu_online(const struct cpumas
> {
> cpumask_copy(to_cpumask(cpu_online_bits), src);
> }
> +
> +enum cpu_mitigations cpu_mitigations = CPU_MITIGATIONS_AUTO;
> +
> +static int __init mitigations_parse_cmdline(char *arg)
> +{
> + if (!strcmp(arg, "off"))
> + cpu_mitigations = CPU_MITIGATIONS_OFF;
> + else if (!strcmp(arg, "auto"))
> + cpu_mitigations = CPU_MITIGATIONS_AUTO;
Perhaps
else
pr_crit("mitigations=%s is not supported\n", arg);
?
Actually that makes sense on mainline, too.
Cooking a patch...
> +
> + return 0;
> +}
> +early_param("mitigations", mitigations_parse_cmdline);
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Powered by blists - more mailing lists