On Fri, Apr 05, 2019 at 03:39:58PM +0100, Steven Price wrote:
> On 04/04/2019 17:44, Josh Poimboeuf wrote:
> > Configure arm64 runtime CPU speculation bug mitigations in accordance
> > with the 'cpu_spec_mitigations=' cmdline options. This affects
> > Meltdown and Speculative Store Bypass.
> >
> > The default behavior is unchanged.
> >
> > Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
> > ---
> > Documentation/admin-guide/kernel-parameters.txt | 2 ++
> > arch/arm64/kernel/cpu_errata.c | 4 ++++
> > arch/arm64/kernel/cpufeature.c | 6 ++++++
> > 3 files changed, 12 insertions(+)
> >
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index e838af96daa4..0b54385ee7a8 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -2553,11 +2553,13 @@
> > off
> > Disable all speculative CPU mitigations.
> > Equivalent to: nopti [x86, powerpc]
> > + kpti=0 [arm64]
> > nospectre_v1 [powerpc]
> > nospectre_v2 [x86, powerpc, s390]
> > spectre_v2_user=off [x86]
> > nobp=0 [s390]
> > spec_store_bypass_disable=off [x86, powerpc]
> > + ssbd=force-off [arm64]
> > l1tf=off [x86]
> >
> > auto (default)
> > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> > index 9950bb0cbd52..db8d27e3fb1c 100644
> > --- a/arch/arm64/kernel/cpu_errata.c
> > +++ b/arch/arm64/kernel/cpu_errata.c
> > @@ -19,6 +19,7 @@
> > #include <linux/arm-smccc.h>
> > #include <linux/psci.h>
> > #include <linux/types.h>
> > +#include <linux/cpu.h>
> > #include <asm/cpu.h>
> > #include <asm/cputype.h>
> > #include <asm/cpufeature.h>
> > @@ -385,6 +386,9 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry,
> > return false;
> > }
> >
> > + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF)
> > + ssbd_state = ARM64_SSBD_FORCE_DISABLE;
> > +
> > switch (psci_ops.conduit) {
> > case PSCI_CONDUIT_HVC:
> > arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
> > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> > index 4061de10cea6..4512b582d50f 100644
> > --- a/arch/arm64/kernel/cpufeature.c
> > +++ b/arch/arm64/kernel/cpufeature.c
> > @@ -25,6 +25,7 @@
> > #include <linux/stop_machine.h>
> > #include <linux/types.h>
> > #include <linux/mm.h>
> > +#include <linux/cpu.h>
> > #include <asm/cpu.h>
> > #include <asm/cpufeature.h>
> > #include <asm/cpu_ops.h>
> > @@ -978,6 +979,11 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
> > __kpti_forced = -1;
> > }
> >
> > + if (cpu_spec_mitigations == CPU_SPEC_MITIGATIONS_OFF) {
> > + str = "cpu_spec_mitigations=off";
>
> Might also be worth changing the initialisation of str, currently it is:
>
> > char const *str = "command line option";
>
> But now we have two command line options, perhaps "kpti command line
> option".
Yes, agreed, thanks.
--
Josh
