cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n

Explicitly disallow enabling mitigations at runtime for kernels that were
built with CONFIG_CPU_MITIGATIONS=n, as some architectures may omit code
entirely if mitigations are disabled at compile time.

E.g. on x86, a large pile of Kconfigs are buried behind CPU_MITIGATIONS,
and trying to provide sane behavior for retroactively enabling mitigations
is extremely difficult, bordering on impossible.  E.g. page table isolation
and call depth tracking require build-time support, BHI mitigations will
still be off without additional kernel parameters, etc.

  [ bp: Touchups. ]

Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20240420000556.2645001-3-seanjc@google.com
This commit is contained in:
Sean Christopherson 2024-04-19 17:05:55 -07:00 committed by Borislav Petkov (AMD)
parent fe42754b94
commit ce0abef6a1
4 changed files with 30 additions and 6 deletions

View File

@ -3423,6 +3423,9 @@
arch-independent options, each of which is an
aggregation of existing arch-specific options.
Note, "mitigations" is supported if and only if the
kernel was built with CPU_MITIGATIONS=y.
off
Disable all optional CPU mitigations. This
improves system performance, but it may also

View File

@ -2495,9 +2495,13 @@ menuconfig CPU_MITIGATIONS
help
Say Y here to enable options which enable mitigations for hardware
vulnerabilities (usually related to speculative execution).
Mitigations can be disabled or restricted to SMT systems at runtime
via the "mitigations" kernel parameter.
If you say N, all mitigations will be disabled. You really
should know what you are doing to say so.
If you say N, all mitigations will be disabled. This CANNOT be
overridden at runtime.
Say 'Y', unless you really know what you are doing.
if CPU_MITIGATIONS

View File

@ -221,7 +221,18 @@ void cpuhp_report_idle_dead(void);
static inline void cpuhp_report_idle_dead(void) { }
#endif /* #ifdef CONFIG_HOTPLUG_CPU */
#ifdef CONFIG_CPU_MITIGATIONS
extern bool cpu_mitigations_off(void);
extern bool cpu_mitigations_auto_nosmt(void);
#else
static inline bool cpu_mitigations_off(void)
{
return true;
}
static inline bool cpu_mitigations_auto_nosmt(void)
{
return false;
}
#endif
#endif /* _LINUX_CPU_H_ */

View File

@ -3196,6 +3196,7 @@ void __init boot_cpu_hotplug_init(void)
this_cpu_write(cpuhp_state.target, CPUHP_ONLINE);
}
#ifdef CONFIG_CPU_MITIGATIONS
/*
* These are used for a global "mitigations=" cmdline option for toggling
* optional CPU mitigations.
@ -3206,9 +3207,7 @@ enum cpu_mitigations {
CPU_MITIGATIONS_AUTO_NOSMT,
};
static enum cpu_mitigations cpu_mitigations __ro_after_init =
IS_ENABLED(CONFIG_CPU_MITIGATIONS) ? CPU_MITIGATIONS_AUTO :
CPU_MITIGATIONS_OFF;
static enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO;
static int __init mitigations_parse_cmdline(char *arg)
{
@ -3224,7 +3223,6 @@ static int __init mitigations_parse_cmdline(char *arg)
return 0;
}
early_param("mitigations", mitigations_parse_cmdline);
/* mitigations=off */
bool cpu_mitigations_off(void)
@ -3239,3 +3237,11 @@ bool cpu_mitigations_auto_nosmt(void)
return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT;
}
EXPORT_SYMBOL_GPL(cpu_mitigations_auto_nosmt);
#else
static int __init mitigations_parse_cmdline(char *arg)
{
pr_crit("Kernel compiled without mitigations, ignoring 'mitigations'; system may still be vulnerable\n");
return 0;
}
#endif
early_param("mitigations", mitigations_parse_cmdline);