| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Apr 2024 10:51:07 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Jonathan Corbet <corbet@....net>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>
Cc: linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Daniel Sneddon <daniel.sneddon@...ux.intel.com>
Subject: [PATCH 3/3] x86/cpu: Ignore "mitigations" kernel parameter if SPECULATION_MITIGATIONS=n
Explicitly disallow enabling mitigations at runtime for kernels that were
built with CONFIG_SPECULATION_MITIGATIONS=n. Because more Kconfigs are
buried behind SPECULATION_MITIGATIONS, trying to provide sane behavior for
retroactively enabling mitigations is extremely difficult, bordering on
impossible. E.g. page table isolation and call depth tracking requrie
build-time support, BHI mitigations will still be off without additional
kernel parameters, etc.
Signed-off-by: Sean Christopherson <seanjc@...gle.com>
---
Documentation/admin-guide/kernel-parameters.txt | 3 +++
arch/x86/Kconfig | 10 +++++++---
kernel/cpu.c | 2 ++
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 70046a019d42..7d623df11a1a 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3423,6 +3423,9 @@
arch-independent options, each of which is an
aggregation of existing arch-specific options.
+ Note, "mitigations" is supported on x86 if and only if
+ the kernel was built with SPECULATION_MITIGATIONS=y.
+
off
Disable all optional CPU mitigations. This
improves system performance, but it may also
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 10a6251f58f3..f4e4dd360636 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2493,10 +2493,14 @@ menuconfig SPECULATION_MITIGATIONS
default y
help
Say Y here to enable options which enable mitigations for
- speculative execution hardware vulnerabilities.
+ speculative execution hardware vulnerabilities. Mitigations can
+ be disabled or restricted to SMT systems at runtime via the
+ "mitigations" kernel parameter.
- If you say N, all mitigations will be disabled. You really
- should know what you are doing to say so.
+ If you say N, all mitigations will be disabled. This CANNOT be
+ overridden at runtime.
+
+ Say 'Y', unless you really know what you are doing.
if SPECULATION_MITIGATIONS
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 07ad53b7f119..d445763d8047 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -3214,6 +3214,8 @@ static int __init mitigations_parse_cmdline(char *arg)
{
if (!strcmp(arg, "off"))
cpu_mitigations = CPU_MITIGATIONS_OFF;
+ else if (!IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS))
+ pr_crit("Kernel compiled without mitigations, system may still be vulnerable\n");
else if (!strcmp(arg, "auto"))
cpu_mitigations = CPU_MITIGATIONS_AUTO;
else if (!strcmp(arg, "auto,nosmt"))
--
2.44.0.478.gd926399ef9-goog
Powered by blists - more mailing lists