| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<LV3PR12MB926557B2FC8316392BD5B96994FCA@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Mon, 27 Oct 2025 13:56:39 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Nikolay Borisov <nik.borisov@...e.com>, Thomas Gleixner
<tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Peter Zijlstra
<peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta
<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
Peter Anvin" <hpa@...or.com>
CC: Alexander Graf <graf@...zon.com>, Boris Ostrovsky
<boris.ostrovsky@...cle.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH 52/56] x86/bugs: Support parsing mitigation options
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Nikolay Borisov <nik.borisov@...e.com>
> Sent: Monday, October 27, 2025 6:31 AM
> To: Kaplan, David <David.Kaplan@....com>; Thomas Gleixner
> <tglx@...utronix.de>; Borislav Petkov <bp@...en8.de>; Peter Zijlstra
> <peterz@...radead.org>; Josh Poimboeuf <jpoimboe@...nel.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>
> Cc: Alexander Graf <graf@...zon.com>; Boris Ostrovsky
> <boris.ostrovsky@...cle.com>; linux-kernel@...r.kernel.org
> Subject: Re: [RFC PATCH 52/56] x86/bugs: Support parsing mitigation options
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On 10/13/25 17:34, David Kaplan wrote:
> > Add arch-specific function for determining if an option is related to a
> > mitigation and parsing it. These will be used for parsing a string of
> > options for re-evaluating cpu mitigations.
> >
> > Signed-off-by: David Kaplan <david.kaplan@....com>
> > ---
> > arch/x86/include/asm/bugs.h | 2 ++
> > arch/x86/kernel/cpu/bugs.c | 56
> +++++++++++++++++++++++++++++++++++++
> > 2 files changed, 58 insertions(+)
> >
> > diff --git a/arch/x86/include/asm/bugs.h b/arch/x86/include/asm/bugs.h
> > index 2e1a7d282e51..1e142a676335 100644
> > --- a/arch/x86/include/asm/bugs.h
> > +++ b/arch/x86/include/asm/bugs.h
> > @@ -13,5 +13,7 @@ static inline int ppro_with_ram_bug(void) { return 0; }
> > extern void cpu_bugs_smt_update(void);
> > void arch_cpu_reset_mitigations(void);
> > void cpu_bugs_update_speculation_msrs(void);
> > +bool arch_is_mitigation_opt(char *param);
> > +int arch_parse_mitigation_opt(char *param, char *val);
> >
> > #endif /* _ASM_X86_BUGS_H */
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 2f82261d033d..26ceb42e0cfb 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -3991,6 +3991,62 @@ void __warn_thunk(void)
> > }
> >
> > #ifdef CONFIG_DYNAMIC_MITIGATIONS
> > +struct mitigation_info {
> > + char *param;
> > + int (*parse)(char *str);
> > +};
> > +
> > +static struct mitigation_info mitigation_parsers[] = {
> > + {"mds", mds_cmdline},
> > + {"tsx_async_abort", tsx_async_abort_parse_cmdline},
> > + {"mmio_stale_data", mmio_stale_data_parse_cmdline},
> > + {"reg_file_data_sampling", rfds_parse_cmdline},
> > + {"srbds", srbds_parse_cmdline},
> > + {"gather_data_sampling", gds_parse_cmdline},
> > + {"nospectre_v1", nospectre_v1_cmdline},
> > + {"retbleed", retbleed_parse_cmdline},
> > + {"indirect_target_selection", its_parse_cmdline},
> > + {"spectre_v2_user", spectre_v2_user_parse_cmdline},
> > + {"nospectre_v2", nospectre_v2_parse_cmdline},
> > + {"spectre_v2", spectre_v2_parse_cmdline},
> > + {"spectre_bhi", spectre_bhi_parse_cmdline},
> > + {"nospec_store_bypass_disable", nossb_parse_cmdline},
> > + {"spec_store_bypass_disable", ssb_parse_cmdline},
> > + {"l1tf", l1tf_cmdline},
> > + {"spec_rstack_overflow", srso_parse_cmdline},
> > + {"tsa", tsa_parse_cmdline},
> > + {"vmscape", vmscape_parse_cmdline}
> > +};
> > +
> > +static struct mitigation_info *get_mitigation_info(char *param)
> > +{
> > + int i;
> > +
> > + for (i = 0; i < ARRAY_SIZE(mitigation_parsers); i++) {
> > + if (parameq(param, mitigation_parsers[i].param))
> > + return &mitigation_parsers[i];
> > + }
> > +
> > + return NULL;
> > +}
> > +
> > +bool arch_is_mitigation_opt(char *param)
> > +{
> > + return get_mitigation_info(param);
>
> nit: This has an implied conversion from a pointer to a bool, should it
> be return get_mitigation_info != NULL
>
> It would work either ways but being explicit is better?
Ack
>
> > +}
> > +
> > +int arch_parse_mitigation_opt(char *param, char *val)
> > +{
> > + struct mitigation_info *info = get_mitigation_info(param);
> > +
> > + if (!info) {
> > + pr_warn("Ignoring non-mitigation option %s\n", param);
>
> nit: Do we want to be that verbose?
My thinking was that the admin is writing a series of cmdline options to this interface, but the interface only recognizes a small number of specific cmdline options (the ones related to mitigation settings). It therefore may make sense to warn them if they've written an option (thinking it will have an effect) but it is not supported by this interface. It's also a way to notify them if they made a typo on an option.
That said, open to other ideas here.
Thanks
--David Kaplan
Powered by blists - more mailing lists