This is a note to let you know that I've just added the patch titled x86/spectre: Simplify spectre_v2 command line parsing to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: x86-spectre-simplify-spectre_v2-command-line-parsing.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Fri Feb 23 17:23:58 CET 2018 From: Jack Wang <jinpu.wang@xxxxxxxxxxxxxxxx> Date: Fri, 23 Feb 2018 11:42:12 +0100 Subject: x86/spectre: Simplify spectre_v2 command line parsing To: gregkh@xxxxxxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx Cc: KarimAllah Ahmed <karahmed@xxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, peterz@xxxxxxxxxxxxx, bp@xxxxxxxxx, Jack Wang <jinpu.wang@xxxxxxxxxxxxxxxx> Message-ID: <1519382538-15143-24-git-send-email-jinpu.wangl@xxxxxxxxxxxxxxxx> From: KarimAllah Ahmed <karahmed@xxxxxxxxx> (cherry picked from commit 9005c6834c0ffdfe46afa76656bd9276cca864f6) [dwmw2: Use ARRAY_SIZE] Signed-off-by: KarimAllah Ahmed <karahmed@xxxxxxxxx> Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx> Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: peterz@xxxxxxxxxxxxx Cc: bp@xxxxxxxxx Link: https://lkml.kernel.org/r/1517484441-1420-3-git-send-email-dwmw@xxxxxxxxxxxx Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx> [jwang: cherry pick to 4.4] Signed-off-by: Jack Wang <jinpu.wang@xxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/x86/kernel/cpu/bugs.c | 84 +++++++++++++++++++++++++++++---------------- 1 file changed, 55 insertions(+), 29 deletions(-) --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -119,13 +119,13 @@ static inline const char *spectre_v2_mod static void __init spec2_print_if_insecure(const char *reason) { if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) - pr_info("%s\n", reason); + pr_info("%s selected on command line.\n", reason); } static void __init spec2_print_if_secure(const char *reason) { if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) - pr_info("%s\n", reason); + pr_info("%s selected on command line.\n", reason); } static inline bool retp_compiler(void) @@ -140,42 +140,68 @@ static inline bool match_option(const ch return len == arglen && !strncmp(arg, opt, len); } +static const struct { + const char *option; + enum spectre_v2_mitigation_cmd cmd; + bool secure; +} mitigation_options[] = { + { "off", SPECTRE_V2_CMD_NONE, false }, + { "on", SPECTRE_V2_CMD_FORCE, true }, + { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, + { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, + { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, + { "auto", SPECTRE_V2_CMD_AUTO, false }, +}; + static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) { char arg[20]; - int ret; + int ret, i; + enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; + + if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) + return SPECTRE_V2_CMD_NONE; + else { + ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, + sizeof(arg)); + if (ret < 0) + return SPECTRE_V2_CMD_AUTO; - ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, - sizeof(arg)); - if (ret > 0) { - if (match_option(arg, ret, "off")) { - goto disable; - } else if (match_option(arg, ret, "on")) { - spec2_print_if_secure("force enabled on command line."); - return SPECTRE_V2_CMD_FORCE; - } else if (match_option(arg, ret, "retpoline")) { - spec2_print_if_insecure("retpoline selected on command line."); - return SPECTRE_V2_CMD_RETPOLINE; - } else if (match_option(arg, ret, "retpoline,amd")) { - if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD) { - pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n"); - return SPECTRE_V2_CMD_AUTO; - } - spec2_print_if_insecure("AMD retpoline selected on command line."); - return SPECTRE_V2_CMD_RETPOLINE_AMD; - } else if (match_option(arg, ret, "retpoline,generic")) { - spec2_print_if_insecure("generic retpoline selected on command line."); - return SPECTRE_V2_CMD_RETPOLINE_GENERIC; - } else if (match_option(arg, ret, "auto")) { + for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { + if (!match_option(arg, ret, mitigation_options[i].option)) + continue; + cmd = mitigation_options[i].cmd; + break; + } + + if (i >= ARRAY_SIZE(mitigation_options)) { + pr_err("unknown option (%s). Switching to AUTO select\n", + mitigation_options[i].option); return SPECTRE_V2_CMD_AUTO; } } - if (!cmdline_find_option_bool(boot_command_line, "nospectre_v2")) + if ((cmd == SPECTRE_V2_CMD_RETPOLINE || + cmd == SPECTRE_V2_CMD_RETPOLINE_AMD || + cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC) && + !IS_ENABLED(CONFIG_RETPOLINE)) { + pr_err("%s selected but not compiled in. Switching to AUTO select\n", + mitigation_options[i].option); return SPECTRE_V2_CMD_AUTO; -disable: - spec2_print_if_insecure("disabled on command line."); - return SPECTRE_V2_CMD_NONE; + } + + if (cmd == SPECTRE_V2_CMD_RETPOLINE_AMD && + boot_cpu_data.x86_vendor != X86_VENDOR_AMD) { + pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n"); + return SPECTRE_V2_CMD_AUTO; + } + + if (mitigation_options[i].secure) + spec2_print_if_secure(mitigation_options[i].option); + else + spec2_print_if_insecure(mitigation_options[i].option); + + return cmd; } /* Check for Skylake-like CPUs (for RSB handling) */ Patches currently in stable-queue which might be from jinpu.wang@xxxxxxxxxxxxxxxx are queue-4.4/x86-paravirt-remove-noreplace-paravirt-cmdline-option.patch queue-4.4/documentation-document-array_index_nospec.patch queue-4.4/kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch queue-4.4/x86-nospec-fix-header-guards-names.patch queue-4.4/x86-retpoline-avoid-retpolines-for-built-in-__init-functions.patch queue-4.4/vfs-fdtable-prevent-bounds-check-bypass-via-speculative-execution.patch queue-4.4/kvm-nvmx-invvpid-handling-improvements.patch queue-4.4/x86-cpu-bugs-make-retpoline-module-warning-conditional.patch queue-4.4/x86-spectre-check-config_retpoline-in-command-line-parser.patch queue-4.4/x86-implement-array_index_mask_nospec.patch queue-4.4/array_index_nospec-sanitize-speculative-array-de-references.patch queue-4.4/kvm-vmx-make-indirect-call-speculation-safe.patch queue-4.4/x86-spectre-fix-spelling-mistake-vunerable-vulnerable.patch queue-4.4/kvm-nvmx-fix-kernel-panics-induced-by-illegal-invept-invvpid-types.patch queue-4.4/module-retpoline-warn-about-missing-retpoline-in-module.patch queue-4.4/x86-kvm-update-spectre-v1-mitigation.patch queue-4.4/x86-get_user-use-pointer-masking-to-limit-speculation.patch queue-4.4/x86-syscall-sanitize-syscall-table-de-references-under-speculation.patch queue-4.4/kvm-nvmx-vmx_complete_nested_posted_interrupt-can-t-fail.patch queue-4.4/x86-spectre-simplify-spectre_v2-command-line-parsing.patch queue-4.4/x86-speculation-fix-typo-ibrs_att-which-should-be-ibrs_all.patch queue-4.4/x86-spectre-report-get_user-mitigation-for-spectre_v1.patch queue-4.4/x86-introduce-barrier_nospec.patch queue-4.4/kvm-async_pf-fix-df-due-to-inject-page-not-present-and-page-ready-exceptions-simultaneously.patch queue-4.4/kvm-vmx-clean-up-declaration-of-vpid-ept-invalidation-types.patch queue-4.4/x86-bugs-drop-one-mitigation-from-dmesg.patch queue-4.4/x86-retpoline-remove-the-esp-rsp-thunk.patch queue-4.4/nl80211-sanitize-array-index-in-parse_txq_params.patch queue-4.4/kvm-nvmx-kmap-can-t-fail.patch