[v5,01/10] arm64: Provide a command line to disable spectre_v2 mitigation

There are various reasons, including bencmarking, to disable spectrev2
mitigation on a machine. Provide a command-line to do so.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

Cc: Jonathan Corbet <corbet@lwn.net>
Cc: linux-doc@vger.kernel.org
---
 Documentation/admin-guide/kernel-parameters.txt |  8 ++++----
 arch/arm64/kernel/cpu_errata.c                  | 13 +++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

-- 
2.20.1

Hi Jeremy

On 27/02/2019 01:05, Jeremy Linton wrote:
> There are various reasons, including bencmarking, to disable spectrev2

> mitigation on a machine. Provide a command-line to do so.

> 

> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

> Cc: Jonathan Corbet <corbet@lwn.net>

> Cc: linux-doc@vger.kernel.org



> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c

> index 9950bb0cbd52..d2b2c69d31bb 100644

> --- a/arch/arm64/kernel/cpu_errata.c

> +++ b/arch/arm64/kernel/cpu_errata.c

> @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)

>   		     : "=&r" (tmp));

>   }

>   

> +static bool __nospectre_v2;

> +static int __init parse_nospectre_v2(char *str)

> +{

> +	__nospectre_v2 = true;

> +	return 0;

> +}

> +early_param("nospectre_v2", parse_nospectre_v2);

> +

>   static void

>   enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

>   {

> @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

>   	if (!entry->matches(entry, SCOPE_LOCAL_CPU))

>   		return;

>   

> +	if (__nospectre_v2) {

> +		pr_info_once("spectrev2 mitigation disabled by command line option\n");

> +		return;

> +	}

> +


Could we not disable the "cap" altogether instead, rather than disabling the
work around ? Or do we need that information ?

Cheers
Suzuki

On Thu, Feb 28, 2019 at 06:14:34PM +0000, Suzuki K Poulose wrote:
> On 27/02/2019 01:05, Jeremy Linton wrote:

> > There are various reasons, including bencmarking, to disable spectrev2

> > mitigation on a machine. Provide a command-line to do so.

> > 

> > Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

> > Cc: Jonathan Corbet <corbet@lwn.net>

> > Cc: linux-doc@vger.kernel.org

> 

> 

> > diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c

> > index 9950bb0cbd52..d2b2c69d31bb 100644

> > --- a/arch/arm64/kernel/cpu_errata.c

> > +++ b/arch/arm64/kernel/cpu_errata.c

> > @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)

> >   		     : "=&r" (tmp));

> >   }

> > +static bool __nospectre_v2;

> > +static int __init parse_nospectre_v2(char *str)

> > +{

> > +	__nospectre_v2 = true;

> > +	return 0;

> > +}

> > +early_param("nospectre_v2", parse_nospectre_v2);

> > +

> >   static void

> >   enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

> >   {

> > @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

> >   	if (!entry->matches(entry, SCOPE_LOCAL_CPU))

> >   		return;

> > +	if (__nospectre_v2) {

> > +		pr_info_once("spectrev2 mitigation disabled by command line option\n");

> > +		return;

> > +	}

> > +

> 

> Could we not disable the "cap" altogether instead, rather than disabling the

> work around ? Or do we need that information ?


There are a few ideas here but I think we settled on always reporting in
sysfs even if the mitigation is disabled in .config. So I guess we need
the "cap" around for the reporting part.

-- 
Catalin

On 28/02/2019 18:21, Catalin Marinas wrote:
> On Thu, Feb 28, 2019 at 06:14:34PM +0000, Suzuki K Poulose wrote:

>> On 27/02/2019 01:05, Jeremy Linton wrote:

>>> There are various reasons, including bencmarking, to disable spectrev2

>>> mitigation on a machine. Provide a command-line to do so.

>>>

>>> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>

>>> Cc: Jonathan Corbet <corbet@lwn.net>

>>> Cc: linux-doc@vger.kernel.org

>>

>>

>>> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c

>>> index 9950bb0cbd52..d2b2c69d31bb 100644

>>> --- a/arch/arm64/kernel/cpu_errata.c

>>> +++ b/arch/arm64/kernel/cpu_errata.c

>>> @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)

>>>    		     : "=&r" (tmp));

>>>    }

>>> +static bool __nospectre_v2;

>>> +static int __init parse_nospectre_v2(char *str)

>>> +{

>>> +	__nospectre_v2 = true;

>>> +	return 0;

>>> +}

>>> +early_param("nospectre_v2", parse_nospectre_v2);

>>> +

>>>    static void

>>>    enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

>>>    {

>>> @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

>>>    	if (!entry->matches(entry, SCOPE_LOCAL_CPU))

>>>    		return;

>>> +	if (__nospectre_v2) {

>>> +		pr_info_once("spectrev2 mitigation disabled by command line option\n");

>>> +		return;

>>> +	}

>>> +

>>

>> Could we not disable the "cap" altogether instead, rather than disabling the

>> work around ? Or do we need that information ?

> 

> There are a few ideas here but I think we settled on always reporting in

> sysfs even if the mitigation is disabled in .config. So I guess we need

> the "cap" around for the reporting part.

> 


Thanks Catalin.

Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>

Hi,

On 2/26/19 7:05 PM, Jeremy Linton wrote:
> There are various reasons, including bencmarking, to disable spectrev2

> mitigation on a machine. Provide a command-line to do so.

> 

> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>


Reviewed-by: Andre Przywara <andre.przywara@arm.com>


Cheers,
Andre.

> Cc: Jonathan Corbet <corbet@lwn.net>

> Cc: linux-doc@vger.kernel.org

> ---

>   Documentation/admin-guide/kernel-parameters.txt |  8 ++++----

>   arch/arm64/kernel/cpu_errata.c                  | 13 +++++++++++++

>   2 files changed, 17 insertions(+), 4 deletions(-)

> 

> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt

> index 858b6c0b9a15..4d4d6a9537ae 100644

> --- a/Documentation/admin-guide/kernel-parameters.txt

> +++ b/Documentation/admin-guide/kernel-parameters.txt

> @@ -2842,10 +2842,10 @@

>   			check bypass). With this option data leaks are possible

>   			in the system.

>   

> -	nospectre_v2	[X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2

> -			(indirect branch prediction) vulnerability. System may

> -			allow data leaks with this option, which is equivalent

> -			to spectre_v2=off.

> +	nospectre_v2	[X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for

> +			the Spectre variant 2 (indirect branch prediction)

> +			vulnerability. System may allow data leaks with this

> +			option.

>   

>   	nospec_store_bypass_disable

>   			[HW] Disable all mitigations for the Speculative Store Bypass vulnerability

> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c

> index 9950bb0cbd52..d2b2c69d31bb 100644

> --- a/arch/arm64/kernel/cpu_errata.c

> +++ b/arch/arm64/kernel/cpu_errata.c

> @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void)

>   		     : "=&r" (tmp));

>   }

>   

> +static bool __nospectre_v2;

> +static int __init parse_nospectre_v2(char *str)

> +{

> +	__nospectre_v2 = true;

> +	return 0;

> +}

> +early_param("nospectre_v2", parse_nospectre_v2);

> +

>   static void

>   enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

>   {

> @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

>   	if (!entry->matches(entry, SCOPE_LOCAL_CPU))

>   		return;

>   

> +	if (__nospectre_v2) {

> +		pr_info_once("spectrev2 mitigation disabled by command line option\n");

> +		return;

> +	}

> +

>   	if (psci_ops.smccc_version == SMCCC_VERSION_1_0)

>   		return;

>   

>