Boris, thank you. On 4/9/2021 2:39 PM, Borislav Petkov wrote: > On Fri, Apr 09, 2021 at 01:22:49PM -0500, Saripalli, RK wrote: >>> And I think you don't need this one either if we do a "light" controls >>> thing but lemme look at the rest first. > > Ok, and what I mean with "lite" version is something like this below > which needs finishing and testing. > > Initially, it could support the cmdline params: > > predict_store_fwd={on,off,auto} > > to give people the opportunity to experiment with the feature. > > If it turns out that prctl and seccomp per-task toggling is needed then > sure, we can extend but I don't see the reason for a whole separate set > of options yet. Especially is ssbd already controls this. > > AFAICT, of course and if I'm not missing some other aspect here. > > Thx.
Yes, these options should be fine for now. Like you said, if we get the need to add prctl and seccomp, I can always do that later. What do you think auto should default to?. In SSBD case, I believe auto defaults to prctl or seccomp. Since we will not have that here, we should choose something for auto. > > --- > diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c > index 2d11384dc9ab..226b73700f88 100644 > --- a/arch/x86/kernel/cpu/amd.c > +++ b/arch/x86/kernel/cpu/amd.c > @@ -1165,3 +1165,22 @@ void set_dr_addr_mask(unsigned long mask, int dr) > break; > } > } > + > +static int __init psf_cmdline(char *str) > +{ > + if (!boot_cpu_has(X86_FEATURE_PSFD)) > + return 0; > + > + if (!str) > + return -EINVAL; > + > + if (!strcmp(str, "off")) { > + x86_spec_ctrl_base |= SPEC_CTRL_PSFD; > + setup_clear_cpu_cap(X86_FEATURE_PSFD); > + } > + > + return 0; > +} > +early_param("predict_store_fwd", psf_cmdline); > + > + > All the other mitigation x86 mitigation code goes into kernel/cpu/bugs.c. I think psf_cmdline() or equivalent also belongs there and not in kernel/cpu/amd.c. Looking forward to your feedback. Thanks, RK