lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251013143444.3999-5-david.kaplan@amd.com>
Date: Mon, 13 Oct 2025 09:33:52 -0500
From: David Kaplan <david.kaplan@....com>
To: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
	Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar
	<mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
	<x86@...nel.org>, "H . Peter Anvin" <hpa@...or.com>
CC: Alexander Graf <graf@...zon.com>, Boris Ostrovsky
	<boris.ostrovsky@...cle.com>, <linux-kernel@...r.kernel.org>
Subject: [RFC PATCH 04/56] x86/bugs: Reset spectre_v1 mitigations

Add function to reset spectre_v1 mitigations back to their boot-time
defaults.

Signed-off-by: David Kaplan <david.kaplan@....com>
---
 arch/x86/include/asm/bugs.h |  1 +
 arch/x86/kernel/cpu/bugs.c  | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/arch/x86/include/asm/bugs.h b/arch/x86/include/asm/bugs.h
index f25ca2d709d4..e43b9412645e 100644
--- a/arch/x86/include/asm/bugs.h
+++ b/arch/x86/include/asm/bugs.h
@@ -11,5 +11,6 @@ static inline int ppro_with_ram_bug(void) { return 0; }
 #endif
 
 extern void cpu_bugs_smt_update(void);
+void arch_cpu_reset_mitigations(void);
 
 #endif /* _ASM_X86_BUGS_H */
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 6a526ae1fe99..9d5c6a3e50e1 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -46,6 +46,8 @@
  *				   may want to change based on other choices
  *				   made.  This function is optional.
  *   <vuln>_apply_mitigation() -- Enable the selected mitigation.
+ *   <vuln>_reset_mitigation() -- Undo's the apply_mitigation step, this is used
+ *				  with runtime mitigation patching.
  *
  * The compile-time mitigation in all cases should be AUTO.  An explicit
  * command-line option can override AUTO.  If no such option is
@@ -1247,6 +1249,15 @@ static void __init spectre_v1_apply_mitigation(void)
 	pr_info("%s\n", spectre_v1_strings[spectre_v1_mitigation]);
 }
 
+#ifdef CONFIG_DYNAMIC_MITIGATIONS
+static void spectre_v1_reset_mitigation(void)
+{
+	setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_USER);
+	setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_KERNEL);
+	spectre_v1_mitigation = SPECTRE_V1_MITIGATION_AUTO;
+}
+#endif
+
 static int __init nospectre_v1_cmdline(char *str)
 {
 	spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE;
@@ -3794,3 +3805,10 @@ void __warn_thunk(void)
 {
 	WARN_ONCE(1, "Unpatched return thunk in use. This should not happen!\n");
 }
+
+#ifdef CONFIG_DYNAMIC_MITIGATIONS
+void arch_cpu_reset_mitigations(void)
+{
+	spectre_v1_reset_mitigation();
+}
+#endif
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ