Commit 98fdaeb2 authored by Breno Leitao's avatar Breno Leitao Committed by Ingo Molnar
Browse files

x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 



Change the default value of spectre v2 in user mode to respect the
CONFIG_MITIGATION_SPECTRE_V2 config option.

Currently, user mode spectre v2 is set to auto
(SPECTRE_V2_USER_CMD_AUTO) by default, even if
CONFIG_MITIGATION_SPECTRE_V2 is disabled.

Set the spectre_v2 value to auto (SPECTRE_V2_USER_CMD_AUTO) if the
Spectre v2 config (CONFIG_MITIGATION_SPECTRE_V2) is enabled, otherwise
set the value to none (SPECTRE_V2_USER_CMD_NONE).

Important to say the command line argument "spectre_v2_user" overwrites
the default value in both cases.

When CONFIG_MITIGATION_SPECTRE_V2 is not set, users have the flexibility
to opt-in for specific mitigations independently. In this scenario,
setting spectre_v2= will not enable spectre_v2_user=, and command line
options spectre_v2_user and spectre_v2 are independent when
CONFIG_MITIGATION_SPECTRE_V2=n.

Signed-off-by: default avatarBreno Leitao <leitao@debian.org>
Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
Reviewed-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
Acked-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: David Kaplan <David.Kaplan@amd.com>
Link: https://lore.kernel.org/r/20241031-x86_bugs_last_v2-v2-2-b7ff1dab840e@debian.org
parent 2a08b832

Documentation/admin-guide/kernel-parameters.txt

+2 −0
Original line number Diff line number Diff line
@@ -6582,6 +6582,8 @@ 


			Selecting 'on' will also enable the mitigation

			against user space to user space task attacks.

			Selecting specific mitigation does not force enable

			user mitigations.



			Selecting 'off' will disable both the kernel and

			the user space protections.

arch/x86/kernel/cpu/bugs.c

+7 −3
Original line number Diff line number Diff line
@@ -1308,9 +1308,13 @@ static __ro_after_init enum spectre_v2_mitigation_cmd spectre_v2_cmd; 
static enum spectre_v2_user_cmd __init

spectre_v2_parse_user_cmdline(void)

{

	enum spectre_v2_user_cmd mode;

	char arg[20];

	int ret, i;



	mode = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ?

		SPECTRE_V2_USER_CMD_AUTO : SPECTRE_V2_USER_CMD_NONE;



	switch (spectre_v2_cmd) {

	case SPECTRE_V2_CMD_NONE:

		return SPECTRE_V2_USER_CMD_NONE;
@@ -1323,7 +1327,7 @@ spectre_v2_parse_user_cmdline(void) 
	ret = cmdline_find_option(boot_command_line, "spectre_v2_user",

				  arg, sizeof(arg));

	if (ret < 0)

		return SPECTRE_V2_USER_CMD_AUTO;

		return mode;



	for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) {

		if (match_option(arg, ret, v2_user_options[i].option)) {
@@ -1333,8 +1337,8 @@ spectre_v2_parse_user_cmdline(void) 
		}

	}



	pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg);

	return SPECTRE_V2_USER_CMD_AUTO;

	pr_err("Unknown user space protection option (%s). Switching to default\n", arg);

	return mode;

}



static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)