lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230615164417.3588162-6-leitao@debian.org>
Date:   Thu, 15 Jun 2023 09:44:16 -0700
From:   Breno Leitao <leitao@...ian.org>
To:     pawan.kumar.gupta@...ux.intel.com, jpoimboe@...nel.org,
        peterz@...radead.org, tglx@...utronix.de, bp@...en8.de,
        Ingo Molnar <mingo@...hat.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>
Cc:     leit@...com, linux-kernel@...r.kernel.org
Subject: [PATCH 1/2] x86/speculation: Disable mitigations if CONFIG says so

There is no way to disable certain mitigations(MDS, TAA, MMIO) today.
They are enabled even when the kernel has
CONFIG_SPECULATION_MITIGATIONS=n.

Create a function that says if the speculative mitigations are enabled
or not. They should use CONFIG_SPECULATION_MITIGATIONS as one source of
information.

Just enable MDS, TAA, MMIO mitigations if speculative mitigations are
enabled.

Signed-off-by: Breno Leitao <leitao@...ian.org>
---
 arch/x86/kernel/cpu/bugs.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 182af64387d0..703649a29181 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -87,6 +87,12 @@ void update_spec_ctrl_cond(u64 val)
 		wrmsrl(MSR_IA32_SPEC_CTRL, val);
 }
 
+static inline bool cpu_speculative_mitigations_off(void)
+{
+	return cpu_mitigations_off() ||
+		!IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS);
+}
+
 noinstr u64 spec_ctrl_current(void)
 {
 	return this_cpu_read(x86_spec_ctrl_current);
@@ -278,7 +284,7 @@ static const char * const mds_strings[] = {
 
 static void __init mds_select_mitigation(void)
 {
-	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
+	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_speculative_mitigations_off()) {
 		mds_mitigation = MDS_MITIGATION_OFF;
 		return;
 	}
@@ -352,7 +358,7 @@ static void __init taa_select_mitigation(void)
 		return;
 	}
 
-	if (cpu_mitigations_off()) {
+	if (cpu_speculative_mitigations_off()) {
 		taa_mitigation = TAA_MITIGATION_OFF;
 		return;
 	}
@@ -443,7 +449,7 @@ static void __init mmio_select_mitigation(void)
 
 	if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) ||
 	     boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN) ||
-	     cpu_mitigations_off()) {
+	     cpu_speculative_mitigations_off()) {
 		mmio_mitigation = MMIO_MITIGATION_OFF;
 		return;
 	}
@@ -516,7 +522,7 @@ early_param("mmio_stale_data", mmio_stale_data_parse_cmdline);
 
 static void __init md_clear_update_mitigation(void)
 {
-	if (cpu_mitigations_off())
+	if (cpu_speculative_mitigations_off())
 		return;
 
 	if (!static_key_enabled(&mds_user_clear))
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ