lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 May 2019 09:04:41 +0200 From: Geert Uytterhoeven <geert@...ux-m68k.org> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Ben Hutchings <ben@...adent.org.uk> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Peter Zijlstra <peterz@...radead.org>, Catalin Marinas <catalin.marinas@....com>, Heiko Carstens <heiko.carstens@...ibm.com>, Paul Mackerras <paulus@...ba.org>, "H . Peter Anvin" <hpa@...or.com>, Andrea Arcangeli <aarcange@...hat.com>, linux-s390 <linux-s390@...r.kernel.org>, Michael Ellerman <mpe@...erman.id.au>, Steven Price <steven.price@....com>, Linus Torvalds <torvalds@...ux-foundation.org>, Jon Masters <jcm@...hat.com>, Waiman Long <longman@...hat.com>, Linux-Arch <linux-arch@...r.kernel.org>, Will Deacon <will.deacon@....com>, Jiri Kosina <jikos@...nel.org>, Borislav Petkov <bp@...en8.de>, Andy Lutomirski <luto@...nel.org>, Josh Poimboeuf <jpoimboe@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Linux ARM <linux-arm-kernel@...ts.infradead.org>, Phil Auld <pauld@...hat.com>, Randy Dunlap <rdunlap@...radead.org>, stable <stable@...r.kernel.org>, Tyler Hicks <tyhicks@...onical.com>, Jiri Kosina <jkosina@...e.cz>, Martin Schwidefsky <schwidefsky@...ibm.com>, linuxppc-dev <linuxppc-dev@...ts.ozlabs.org> Subject: Re: [PATCH 4.4 247/266] cpu/speculation: Add mitigations= cmdline option Hi Greg, Ben, On Wed, May 15, 2019 at 1:12 PM Greg Kroah-Hartman <gregkh@...uxfoundation.org> wrote: > From: Josh Poimboeuf <jpoimboe@...hat.com> > > commit 98af8452945c55652de68536afdde3b520fec429 upstream. > > Keeping track of the number of mitigations for all the CPU speculation > bugs has become overwhelming for many users. It's getting more and more > complicated to decide which mitigations are needed for a given > architecture. Complicating matters is the fact that each arch tends to > have its own custom way to mitigate the same vulnerability. > > Most users fall into a few basic categories: > > a) they want all mitigations off; > > b) they want all reasonable mitigations on, with SMT enabled even if > it's vulnerable; or > > c) they want all reasonable mitigations on, with SMT disabled if > vulnerable. > > Define a set of curated, arch-independent options, each of which is an > aggregation of existing options: > > - mitigations=off: Disable all mitigations. > > - mitigations=auto: [default] Enable all the default mitigations, but > leave SMT enabled, even if it's vulnerable. > > - mitigations=auto,nosmt: Enable all the default mitigations, disabling > SMT if needed by a mitigation. > > Currently, these options are placeholders which don't actually do > anything. They will be fleshed out in upcoming patches. > > Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com> > Signed-off-by: Thomas Gleixner <tglx@...utronix.de> > [bwh: Backported to 4.4: > - Drop the auto,nosmt option which we can't support This doesn't really stand out. I.e. I completely missed it, and started wondering why "auto,nosmt" was not documented in kernel-parameters.txt below... > --- a/Documentation/kernel-parameters.txt > +++ b/Documentation/kernel-parameters.txt > @@ -2173,6 +2173,25 @@ bytes respectively. Such letter suffixes > in the "bleeding edge" mini2440 support kernel at > http://repo.or.cz/w/linux-2.6/mini2440.git > > + mitigations= > + Control optional mitigations for CPU vulnerabilities. > + This is a set of curated, arch-independent options, each > + of which is an aggregation of existing arch-specific > + options. > + > + off > + Disable all optional CPU mitigations. This > + improves system performance, but it may also > + expose users to several CPU vulnerabilities. > + > + auto (default) > + Mitigate all CPU vulnerabilities, but leave SMT > + enabled, even if it's vulnerable. This is for > + users who don't want to be surprised by SMT > + getting disabled across kernel upgrades, or who > + have other ways of avoiding SMT-based attacks. > + This is the default behavior. > + > mminit_loglevel= > [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this > parameter allows control of the logging verbosity for > --- a/kernel/cpu.c > +++ b/kernel/cpu.c > @@ -842,3 +842,16 @@ void init_cpu_online(const struct cpumas > { > cpumask_copy(to_cpumask(cpu_online_bits), src); > } > + > +enum cpu_mitigations cpu_mitigations = CPU_MITIGATIONS_AUTO; > + > +static int __init mitigations_parse_cmdline(char *arg) > +{ > + if (!strcmp(arg, "off")) > + cpu_mitigations = CPU_MITIGATIONS_OFF; > + else if (!strcmp(arg, "auto")) > + cpu_mitigations = CPU_MITIGATIONS_AUTO; Perhaps else pr_crit("mitigations=%s is not supported\n", arg); ? Actually that makes sense on mainline, too. Cooking a patch... > + > + return 0; > +} > +early_param("mitigations", mitigations_parse_cmdline); Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Powered by blists - more mailing lists