Re: [PATCH 1/5] x86/cpufeatures: Define feature bits to support mitigation of PSF

From: Saripalli, RK
Date: Fri Apr 09 2021 - 15:45:40 EST

Next message: Helge Deller: "Re: [PATCH v2 1/1] kernel.h: Split out panic and oops helpers"
Previous message: Martin Blumenstingl: "Re: [PATCH] staging: media: meson: vdec: matched alignment with parenthesis"
In reply to: Borislav Petkov: "Re: [PATCH 1/5] x86/cpufeatures: Define feature bits to support mitigation of PSF"
Next in thread: Borislav Petkov: "Re: [PATCH 1/5] x86/cpufeatures: Define feature bits to support mitigation of PSF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Boris, thank you.

On 4/9/2021 2:39 PM, Borislav Petkov wrote:
> On Fri, Apr 09, 2021 at 01:22:49PM -0500, Saripalli, RK wrote:
>>> And I think you don't need this one either if we do a "light" controls
>>> thing but lemme look at the rest first.
>
> Ok, and what I mean with "lite" version is something like this below
> which needs finishing and testing.
>
> Initially, it could support the cmdline params:
>
> predict_store_fwd={on,off,auto}
>
> to give people the opportunity to experiment with the feature.
>
> If it turns out that prctl and seccomp per-task toggling is needed then
> sure, we can extend but I don't see the reason for a whole separate set
> of options yet. Especially is ssbd already controls this.
>
> AFAICT, of course and if I'm not missing some other aspect here.
>
> Thx.

Yes, these options should be fine for now.
Like you said, if we get the need to add prctl and seccomp, I can always do that later.

What do you think auto should default to?.
In SSBD case, I believe auto defaults to prctl or seccomp.
Since we will not have that here, we should choose something for auto.

>
> ---
> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
> index 2d11384dc9ab..226b73700f88 100644
> --- a/arch/x86/kernel/cpu/amd.c
> +++ b/arch/x86/kernel/cpu/amd.c
> @@ -1165,3 +1165,22 @@ void set_dr_addr_mask(unsigned long mask, int dr)
> break;
> }
> }
> +
> +static int __init psf_cmdline(char *str)
> +{
> + if (!boot_cpu_has(X86_FEATURE_PSFD))
> + return 0;
> +
> + if (!str)
> + return -EINVAL;
> +
> + if (!strcmp(str, "off")) {
> + x86_spec_ctrl_base |= SPEC_CTRL_PSFD;
> + setup_clear_cpu_cap(X86_FEATURE_PSFD);
> + }
> +
> + return 0;
> +}
> +early_param("predict_store_fwd", psf_cmdline);
> +
> +
>

All the other mitigation x86 mitigation code goes into kernel/cpu/bugs.c.
I think psf_cmdline() or equivalent also belongs there and not in kernel/cpu/amd.c.

Looking forward to your feedback.

Thanks,
RK

Next message: Helge Deller: "Re: [PATCH v2 1/1] kernel.h: Split out panic and oops helpers"
Previous message: Martin Blumenstingl: "Re: [PATCH] staging: media: meson: vdec: matched alignment with parenthesis"
In reply to: Borislav Petkov: "Re: [PATCH 1/5] x86/cpufeatures: Define feature bits to support mitigation of PSF"
Next in thread: Borislav Petkov: "Re: [PATCH 1/5] x86/cpufeatures: Define feature bits to support mitigation of PSF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]