| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <23c26b13-f195-4363-bfc1-92282459f1bb@suse.com>
Date: Mon, 27 Oct 2025 13:31:19 +0200
From: Nikolay Borisov <nik.borisov@...e.com>
To: David Kaplan <david.kaplan@....com>, Thomas Gleixner
<tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org, "H . Peter Anvin" <hpa@...or.com>
Cc: Alexander Graf <graf@...zon.com>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 52/56] x86/bugs: Support parsing mitigation options
On 10/13/25 17:34, David Kaplan wrote:
> Add arch-specific function for determining if an option is related to a
> mitigation and parsing it. These will be used for parsing a string of
> options for re-evaluating cpu mitigations.
>
> Signed-off-by: David Kaplan <david.kaplan@....com>
> ---
> arch/x86/include/asm/bugs.h | 2 ++
> arch/x86/kernel/cpu/bugs.c | 56 +++++++++++++++++++++++++++++++++++++
> 2 files changed, 58 insertions(+)
>
> diff --git a/arch/x86/include/asm/bugs.h b/arch/x86/include/asm/bugs.h
> index 2e1a7d282e51..1e142a676335 100644
> --- a/arch/x86/include/asm/bugs.h
> +++ b/arch/x86/include/asm/bugs.h
> @@ -13,5 +13,7 @@ static inline int ppro_with_ram_bug(void) { return 0; }
> extern void cpu_bugs_smt_update(void);
> void arch_cpu_reset_mitigations(void);
> void cpu_bugs_update_speculation_msrs(void);
> +bool arch_is_mitigation_opt(char *param);
> +int arch_parse_mitigation_opt(char *param, char *val);
>
> #endif /* _ASM_X86_BUGS_H */
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 2f82261d033d..26ceb42e0cfb 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -3991,6 +3991,62 @@ void __warn_thunk(void)
> }
>
> #ifdef CONFIG_DYNAMIC_MITIGATIONS
> +struct mitigation_info {
> + char *param;
> + int (*parse)(char *str);
> +};
> +
> +static struct mitigation_info mitigation_parsers[] = {
> + {"mds", mds_cmdline},
> + {"tsx_async_abort", tsx_async_abort_parse_cmdline},
> + {"mmio_stale_data", mmio_stale_data_parse_cmdline},
> + {"reg_file_data_sampling", rfds_parse_cmdline},
> + {"srbds", srbds_parse_cmdline},
> + {"gather_data_sampling", gds_parse_cmdline},
> + {"nospectre_v1", nospectre_v1_cmdline},
> + {"retbleed", retbleed_parse_cmdline},
> + {"indirect_target_selection", its_parse_cmdline},
> + {"spectre_v2_user", spectre_v2_user_parse_cmdline},
> + {"nospectre_v2", nospectre_v2_parse_cmdline},
> + {"spectre_v2", spectre_v2_parse_cmdline},
> + {"spectre_bhi", spectre_bhi_parse_cmdline},
> + {"nospec_store_bypass_disable", nossb_parse_cmdline},
> + {"spec_store_bypass_disable", ssb_parse_cmdline},
> + {"l1tf", l1tf_cmdline},
> + {"spec_rstack_overflow", srso_parse_cmdline},
> + {"tsa", tsa_parse_cmdline},
> + {"vmscape", vmscape_parse_cmdline}
> +};
> +
> +static struct mitigation_info *get_mitigation_info(char *param)
> +{
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(mitigation_parsers); i++) {
> + if (parameq(param, mitigation_parsers[i].param))
> + return &mitigation_parsers[i];
> + }
> +
> + return NULL;
> +}
> +
> +bool arch_is_mitigation_opt(char *param)
> +{
> + return get_mitigation_info(param);
nit: This has an implied conversion from a pointer to a bool, should it
be return get_mitigation_info != NULL
It would work either ways but being explicit is better?
> +}
> +
> +int arch_parse_mitigation_opt(char *param, char *val)
> +{
> + struct mitigation_info *info = get_mitigation_info(param);
> +
> + if (!info) {
> + pr_warn("Ignoring non-mitigation option %s\n", param);
nit: Do we want to be that verbose?
> + return 0;
> + }
> +
> + return info->parse(val);
> +}
> +
> void arch_cpu_reset_mitigations(void)
> {
> spectre_v1_reset_mitigation();
Powered by blists - more mailing lists