Merge tag 'x86_bugs_for_v6.11_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Mitigation control on the kernel command line

---------------------------------------------

Spectre variant 2 mitigation can be disabled or force enabled at the

kernel command line.

In general the kernel selects reasonable default mitigations for the

current CPU.

	nospectre_v1

Spectre default mitigations can be disabled or changed at the kernel

command line with the following options:

		[X86,PPC] Disable mitigations for Spectre Variant 1

		(bounds check bypass). With this option data leaks are

		possible in the system.

	- nospectre_v1

	- nospectre_v2

	- spectre_v2={option}

	- spectre_v2_user={option}

	- spectre_bhi={option}

	nospectre_v2

		[X86] Disable all mitigations for the Spectre variant 2

		(indirect branch prediction) vulnerability. System may

		allow data leaks with this option, which is equivalent

		to spectre_v2=off.

        spectre_v2=

		[X86] Control mitigation of Spectre variant 2

		(indirect branch speculation) vulnerability.

		The default operation protects the kernel from

		user space attacks.

		on

			unconditionally enable, implies

			spectre_v2_user=on

		off

			unconditionally disable, implies

		        spectre_v2_user=off

		auto

			kernel detects whether your CPU model is

		        vulnerable

		Selecting 'on' will, and 'auto' may, choose a

		mitigation method at run time according to the

		CPU, the available microcode, the setting of the

		CONFIG_MITIGATION_RETPOLINE configuration option,

		and the compiler with which the kernel was built.

		Selecting 'on' will also enable the mitigation

		against user space to user space task attacks.

		Selecting 'off' will disable both the kernel and

		the user space protections.

		Specific mitigations can also be selected manually:

                retpoline               auto pick between generic,lfence

                retpoline,generic       Retpolines

                retpoline,lfence        LFENCE; indirect branch

                retpoline,amd           alias for retpoline,lfence

                eibrs                   Enhanced/Auto IBRS

                eibrs,retpoline         Enhanced/Auto IBRS + Retpolines

                eibrs,lfence            Enhanced/Auto IBRS + LFENCE

                ibrs                    use IBRS to protect kernel

		Not specifying this option is equivalent to

		spectre_v2=auto.

		In general the kernel by default selects

		reasonable mitigations for the current CPU. To

		disable Spectre variant 2 mitigations, boot with

		spectre_v2=off. Spectre variant 1 mitigations

		cannot be disabled.

	spectre_bhi=

		[X86] Control mitigation of Branch History Injection

		(BHI) vulnerability.  This setting affects the deployment

		of the HW BHI control and the SW BHB clearing sequence.

		on

			(default) Enable the HW or SW mitigation as

			needed.

		off

			Disable the mitigation.

For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt

For more details on the available options, refer to Documentation/admin-guide/kernel-parameters.txt

Mitigation selection guide

--------------------------

			deployment of the HW BHI control and the SW BHB

			clearing sequence.

			on   - (default) Enable the HW or SW mitigation

			       as needed.

			on     - (default) Enable the HW or SW mitigation as

				 needed.  This protects the kernel from

				 both syscalls and VMs.

			vmexit - On systems which don't have the HW mitigation

				 available, enable the SW mitigation on vmexit

				 ONLY.  On such systems, the host kernel is

				 protected from VM-originated BHI attacks, but

				 may still be vulnerable to syscall attacks.

			off    - Disable the mitigation.

	spectre_v2=	[X86,EARLY] Control mitigation of Spectre variant 2

#endif

#define __SYSCALL(nr, sym) extern long __ia32_##sym(const struct pt_regs *);

#define __SYSCALL_NORETURN(nr, sym) extern long __noreturn __ia32_##sym(const struct pt_regs *);

#include <asm/syscalls_32.h>

#undef  __SYSCALL

#undef  __SYSCALL_NORETURN

#define __SYSCALL_NORETURN __SYSCALL

/*

 * The sys_call_table[] is no longer used for system calls, but

 * kernel/trace/trace_syscalls.c still wants to know the system

#endif

#define __SYSCALL(nr, sym) case nr: return __ia32_##sym(regs);

long ia32_sys_call(const struct pt_regs *regs, unsigned int nr)

{

	switch (nr) {

#include <asm/syscall.h>

#define __SYSCALL(nr, sym) extern long __x64_##sym(const struct pt_regs *);

#define __SYSCALL_NORETURN(nr, sym) extern long __noreturn __x64_##sym(const struct pt_regs *);

#include <asm/syscalls_64.h>

#undef  __SYSCALL

#undef  __SYSCALL_NORETURN

#define __SYSCALL_NORETURN __SYSCALL

/*

 * The sys_call_table[] is no longer used for system calls, but

 * kernel/trace/trace_syscalls.c still wants to know the system

#undef  __SYSCALL

#define __SYSCALL(nr, sym) case nr: return __x64_##sym(regs);

long x64_sys_call(const struct pt_regs *regs, unsigned int nr)

{

	switch (nr) {

#include <asm/syscall.h>

#define __SYSCALL(nr, sym) extern long __x64_##sym(const struct pt_regs *);

#define __SYSCALL_NORETURN(nr, sym) extern long __noreturn __x64_##sym(const struct pt_regs *);

#include <asm/syscalls_x32.h>

#undef  __SYSCALL

#define __SYSCALL(nr, sym) case nr: return __x64_##sym(regs);

#undef  __SYSCALL_NORETURN

#define __SYSCALL_NORETURN __SYSCALL

#define __SYSCALL(nr, sym) case nr: return __x64_##sym(regs);

long x32_sys_call(const struct pt_regs *regs, unsigned int nr)

{

	switch (nr) {