tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'x86-urgent-2024-04-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Ingo Molnar:

- Make the CPU_MITIGATIONS=n interaction with conflicting
mitigation-enabling boot parameters a bit saner.

- Re-enable CPU mitigations by default on non-x86

- Fix TDX shared bit propagation on mprotect()

- Fix potential show_regs() system hang when PKE initialization
is not fully finished yet.

- Add the 0x10-0x1f model IDs to the Zen5 range

- Harden #VC instruction emulation some more

* tag 'x86-urgent-2024-04-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n
cpu: Re-enable CPU mitigations by default for !X86 architectures
x86/tdx: Preserve shared bit on mprotect()
x86/cpu: Fix check for RDPKRU in __show_regs()
x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range
x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler

Linus Torvalds aec147c1 8d62e9bf

+53 -17
+3
Documentation/admin-guide/kernel-parameters.txt
··· 3423 3423 arch-independent options, each of which is an 3424 3424 aggregation of existing arch-specific options. 3425 3425 3426 + Note, "mitigations" is supported if and only if the 3427 + kernel was built with CPU_MITIGATIONS=y. 3428 + 3426 3429 off 3427 3430 Disable all optional CPU mitigations. This 3428 3431 improves system performance, but it may also
+8
arch/Kconfig
··· 9 9 # 10 10 source "arch/$(SRCARCH)/Kconfig" 11 11 12 + config ARCH_CONFIGURES_CPU_MITIGATIONS 13 + bool 14 + 15 + if !ARCH_CONFIGURES_CPU_MITIGATIONS 16 + config CPU_MITIGATIONS 17 + def_bool y 18 + endif 19 + 12 20 menu "General architecture-dependent options" 13 21 14 22 config ARCH_HAS_SUBPAGE_FAULTS
+12 -7
arch/x86/Kconfig
··· 62 62 select ACPI_HOTPLUG_CPU if ACPI_PROCESSOR && HOTPLUG_CPU 63 63 select ARCH_32BIT_OFF_T if X86_32 64 64 select ARCH_CLOCKSOURCE_INIT 65 + select ARCH_CONFIGURES_CPU_MITIGATIONS 65 66 select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE 66 67 select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION 67 68 select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64 ··· 2489 2488 def_bool y 2490 2489 depends on CALL_PADDING && !CFI_CLANG 2491 2490 2492 - menuconfig SPECULATION_MITIGATIONS 2493 - bool "Mitigations for speculative execution vulnerabilities" 2491 + menuconfig CPU_MITIGATIONS 2492 + bool "Mitigations for CPU vulnerabilities" 2494 2493 default y 2495 2494 help 2496 - Say Y here to enable options which enable mitigations for 2497 - speculative execution hardware vulnerabilities. 2495 + Say Y here to enable options which enable mitigations for hardware 2496 + vulnerabilities (usually related to speculative execution). 2497 + Mitigations can be disabled or restricted to SMT systems at runtime 2498 + via the "mitigations" kernel parameter. 2498 2499 2499 - If you say N, all mitigations will be disabled. You really 2500 - should know what you are doing to say so. 2500 + If you say N, all mitigations will be disabled. This CANNOT be 2501 + overridden at runtime. 2501 2502 2502 - if SPECULATION_MITIGATIONS 2503 + Say 'Y', unless you really know what you are doing. 2504 + 2505 + if CPU_MITIGATIONS 2503 2506 2504 2507 config MITIGATION_PAGE_TABLE_ISOLATION 2505 2508 bool "Remove the kernel mapping in user mode"
+1
arch/x86/include/asm/coco.h
··· 25 25 void cc_random_init(void); 26 26 #else 27 27 #define cc_vendor (CC_VENDOR_NONE) 28 + static const u64 cc_mask = 0; 28 29 29 30 static inline u64 cc_mkenc(u64 val) 30 31 {
+2 -1
arch/x86/include/asm/pgtable_types.h
··· 148 148 #define _COMMON_PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ 149 149 _PAGE_SPECIAL | _PAGE_ACCESSED | \ 150 150 _PAGE_DIRTY_BITS | _PAGE_SOFT_DIRTY | \ 151 - _PAGE_DEVMAP | _PAGE_ENC | _PAGE_UFFD_WP) 151 + _PAGE_DEVMAP | _PAGE_CC | _PAGE_UFFD_WP) 152 152 #define _PAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PAT) 153 153 #define _HPAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PSE | _PAGE_PAT_LARGE) 154 154 ··· 173 173 }; 174 174 #endif 175 175 176 + #define _PAGE_CC (_AT(pteval_t, cc_mask)) 176 177 #define _PAGE_ENC (_AT(pteval_t, sme_me_mask)) 177 178 178 179 #define _PAGE_CACHE_MASK (_PAGE_PWT | _PAGE_PCD | _PAGE_PAT)
+1 -2
arch/x86/kernel/cpu/amd.c
··· 459 459 460 460 case 0x1a: 461 461 switch (c->x86_model) { 462 - case 0x00 ... 0x0f: 463 - case 0x20 ... 0x2f: 462 + case 0x00 ... 0x2f: 464 463 case 0x40 ... 0x4f: 465 464 case 0x70 ... 0x7f: 466 465 setup_force_cpu_cap(X86_FEATURE_ZEN5);
+1 -1
arch/x86/kernel/process_64.c
··· 139 139 log_lvl, d3, d6, d7); 140 140 } 141 141 142 - if (cpu_feature_enabled(X86_FEATURE_OSPKE)) 142 + if (cr4 & X86_CR4_PKE) 143 143 printk("%sPKRU: %08x\n", log_lvl, read_pkru()); 144 144 } 145 145
+4 -2
arch/x86/kernel/sev-shared.c
··· 1203 1203 break; 1204 1204 1205 1205 case SVM_EXIT_MONITOR: 1206 - if (opcode == 0x010f && modrm == 0xc8) 1206 + /* MONITOR and MONITORX instructions generate the same error code */ 1207 + if (opcode == 0x010f && (modrm == 0xc8 || modrm == 0xfa)) 1207 1208 return ES_OK; 1208 1209 break; 1209 1210 1210 1211 case SVM_EXIT_MWAIT: 1211 - if (opcode == 0x010f && modrm == 0xc9) 1212 + /* MWAIT and MWAITX instructions generate the same error code */ 1213 + if (opcode == 0x010f && (modrm == 0xc9 || modrm == 0xfb)) 1212 1214 return ES_OK; 1213 1215 break; 1214 1216
+11
include/linux/cpu.h
··· 221 221 static inline void cpuhp_report_idle_dead(void) { } 222 222 #endif /* #ifdef CONFIG_HOTPLUG_CPU */ 223 223 224 + #ifdef CONFIG_CPU_MITIGATIONS 224 225 extern bool cpu_mitigations_off(void); 225 226 extern bool cpu_mitigations_auto_nosmt(void); 227 + #else 228 + static inline bool cpu_mitigations_off(void) 229 + { 230 + return true; 231 + } 232 + static inline bool cpu_mitigations_auto_nosmt(void) 233 + { 234 + return false; 235 + } 236 + #endif 226 237 227 238 #endif /* _LINUX_CPU_H_ */
+10 -4
kernel/cpu.c
··· 3196 3196 this_cpu_write(cpuhp_state.target, CPUHP_ONLINE); 3197 3197 } 3198 3198 3199 + #ifdef CONFIG_CPU_MITIGATIONS 3199 3200 /* 3200 3201 * These are used for a global "mitigations=" cmdline option for toggling 3201 3202 * optional CPU mitigations. ··· 3207 3206 CPU_MITIGATIONS_AUTO_NOSMT, 3208 3207 }; 3209 3208 3210 - static enum cpu_mitigations cpu_mitigations __ro_after_init = 3211 - IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : 3212 - CPU_MITIGATIONS_OFF; 3209 + static enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO; 3213 3210 3214 3211 static int __init mitigations_parse_cmdline(char *arg) 3215 3212 { ··· 3223 3224 3224 3225 return 0; 3225 3226 } 3226 - early_param("mitigations", mitigations_parse_cmdline); 3227 3227 3228 3228 /* mitigations=off */ 3229 3229 bool cpu_mitigations_off(void) ··· 3237 3239 return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT; 3238 3240 } 3239 3241 EXPORT_SYMBOL_GPL(cpu_mitigations_auto_nosmt); 3242 + #else 3243 + static int __init mitigations_parse_cmdline(char *arg) 3244 + { 3245 + pr_crit("Kernel compiled without mitigations, ignoring 'mitigations'; system may still be vulnerable\n"); 3246 + return 0; 3247 + } 3248 + #endif 3249 + early_param("mitigations", mitigations_parse_cmdline);