Re: [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
Hi, On 2/26/19 7:05 PM, Jeremy Linton wrote: There are various reasons, including bencmarking, to disable spectrev2 mitigation on a machine. Provide a command-line to do so. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Cheers, Andre. Cc: Jonathan Corbet Cc: linux-...@vger.kernel.org --- Documentation/admin-guide/kernel-parameters.txt | 8 arch/arm64/kernel/cpu_errata.c | 13 + 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 858b6c0b9a15..4d4d6a9537ae 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2842,10 +2842,10 @@ check bypass). With this option data leaks are possible in the system. - nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 - (indirect branch prediction) vulnerability. System may - allow data leaks with this option, which is equivalent - to spectre_v2=off. + nospectre_v2[X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for + the Spectre variant 2 (indirect branch prediction) + vulnerability. System may allow data leaks with this + option. nospec_store_bypass_disable [HW] Disable all mitigations for the Speculative Store Bypass vulnerability diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 9950bb0cbd52..d2b2c69d31bb 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void) : "=" (tmp)); } +static bool __nospectre_v2; +static int __init parse_nospectre_v2(char *str) +{ + __nospectre_v2 = true; + return 0; +} +early_param("nospectre_v2", parse_nospectre_v2); + static void enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) { @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return; + } + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) return;
Re: [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
On 28/02/2019 18:21, Catalin Marinas wrote: On Thu, Feb 28, 2019 at 06:14:34PM +, Suzuki K Poulose wrote: On 27/02/2019 01:05, Jeremy Linton wrote: There are various reasons, including bencmarking, to disable spectrev2 mitigation on a machine. Provide a command-line to do so. Signed-off-by: Jeremy Linton Cc: Jonathan Corbet Cc: linux-...@vger.kernel.org diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 9950bb0cbd52..d2b2c69d31bb 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void) : "=" (tmp)); } +static bool __nospectre_v2; +static int __init parse_nospectre_v2(char *str) +{ + __nospectre_v2 = true; + return 0; +} +early_param("nospectre_v2", parse_nospectre_v2); + static void enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) { @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return; + } + Could we not disable the "cap" altogether instead, rather than disabling the work around ? Or do we need that information ? There are a few ideas here but I think we settled on always reporting in sysfs even if the mitigation is disabled in .config. So I guess we need the "cap" around for the reporting part. Thanks Catalin. Reviewed-by: Suzuki K Poulose
Re: [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
On Thu, Feb 28, 2019 at 06:14:34PM +, Suzuki K Poulose wrote: > On 27/02/2019 01:05, Jeremy Linton wrote: > > There are various reasons, including bencmarking, to disable spectrev2 > > mitigation on a machine. Provide a command-line to do so. > > > > Signed-off-by: Jeremy Linton > > Cc: Jonathan Corbet > > Cc: linux-...@vger.kernel.org > > > > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c > > index 9950bb0cbd52..d2b2c69d31bb 100644 > > --- a/arch/arm64/kernel/cpu_errata.c > > +++ b/arch/arm64/kernel/cpu_errata.c > > @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void) > > : "=" (tmp)); > > } > > +static bool __nospectre_v2; > > +static int __init parse_nospectre_v2(char *str) > > +{ > > + __nospectre_v2 = true; > > + return 0; > > +} > > +early_param("nospectre_v2", parse_nospectre_v2); > > + > > static void > > enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) > > { > > @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct > > arm64_cpu_capabilities *entry) > > if (!entry->matches(entry, SCOPE_LOCAL_CPU)) > > return; > > + if (__nospectre_v2) { > > + pr_info_once("spectrev2 mitigation disabled by command line > > option\n"); > > + return; > > + } > > + > > Could we not disable the "cap" altogether instead, rather than disabling the > work around ? Or do we need that information ? There are a few ideas here but I think we settled on always reporting in sysfs even if the mitigation is disabled in .config. So I guess we need the "cap" around for the reporting part. -- Catalin
Re: [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation
Hi Jeremy On 27/02/2019 01:05, Jeremy Linton wrote: There are various reasons, including bencmarking, to disable spectrev2 mitigation on a machine. Provide a command-line to do so. Signed-off-by: Jeremy Linton Cc: Jonathan Corbet Cc: linux-...@vger.kernel.org diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 9950bb0cbd52..d2b2c69d31bb 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void) : "=" (tmp)); } +static bool __nospectre_v2; +static int __init parse_nospectre_v2(char *str) +{ + __nospectre_v2 = true; + return 0; +} +early_param("nospectre_v2", parse_nospectre_v2); + static void enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) { @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return; + } + Could we not disable the "cap" altogether instead, rather than disabling the work around ? Or do we need that information ? Cheers Suzuki