[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20250929073642.965938-1-pengcan@kylinos.cn>
Date: Mon, 29 Sep 2025 15:36:42 +0800
From: Can Peng <pengcan@...inos.cn>
To: masahiroy@...nel.org,
tglx@...utronix.de,
kees@...nel.org,
aliceryhl@...gle.com,
ojeda@...nel.org,
xur@...gle.com,
jpoimboe@...nel.org,
rppt@...nel.org,
david.kaplan@....com
Cc: pengcan@...inos.cn,
ruanjinjie@...wei.com,
namcao@...utronix.de,
linux-kernel@...r.kernel.org
Subject: [PATCH] cpu: Make CONFIG_CPU_MITIGATIONS user-configurable on non-x86 architectures
On non-x86 architectures, CONFIG_CPU_MITIGATIONS is currently controlled
indirectly via ARCH_CONFIGURES_CPU_MITIGATIONS, leaving no way for users
to disable mitigations at build time. This forces mitigations to be
enabled even in trusted or performance-critical environments where they
are unnecessary.
Introduce a user-visible Kconfig option for CONFIG_CPU_MITIGATIONS,
defaulting to 'y' for safety, but allowing it to be set to 'n' when
desired. This provides consistent configurability across all
architectures while preserving the default secure behavior.
Signed-off-by: Can Peng <pengcan@...inos.cn>
---
arch/Kconfig | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/Kconfig b/arch/Kconfig
index d1b4ffd6e085..b0ef0cc412eb 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -14,7 +14,18 @@ config ARCH_CONFIGURES_CPU_MITIGATIONS
if !ARCH_CONFIGURES_CPU_MITIGATIONS
config CPU_MITIGATIONS
- def_bool y
+ bool "Mitigations for CPU vulnerabilities"
+ default y
+ help
+ Say Y here to enable options which enable mitigations for hardware
+ vulnerabilities (usually related to speculative execution).
+ Mitigations can be disabled or restricted to SMT systems at runtime
+ via the "mitigations" kernel parameter.
+
+ If you say N, all mitigations will be disabled. This CANNOT be
+ overridden at runtime.
+
+ Say 'Y', unless you really know what you are doing.
endif
#
--
2.25.1
Powered by blists - more mailing lists