|
| 1 | +From c71766e8ff7a7f950522d25896fba758585500df Mon Sep 17 00:00:00 2001 |
| 2 | +From: Song Liu < [email protected]> |
| 3 | +Date: Mon, 22 Apr 2024 21:14:40 -0700 |
| 4 | +Subject: [PATCH] arch/Kconfig: Move SPECULATION_MITIGATIONS to arch/Kconfig |
| 5 | + |
| 6 | +SPECULATION_MITIGATIONS is currently defined only for x86. As a result, |
| 7 | +IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) is always false for other |
| 8 | +archs. f337a6a21e2f effectively set "mitigations=off" by default on |
| 9 | +non-x86 archs, which is not desired behavior. Jakub observed this |
| 10 | +change when running bpf selftests on s390 and arm64. |
| 11 | + |
| 12 | +Fix this by moving SPECULATION_MITIGATIONS to arch/Kconfig so that it is |
| 13 | +available in all archs and thus can be used safely in kernel/cpu.c |
| 14 | + |
| 15 | +Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") |
| 16 | + |
| 17 | +Cc: Sean Christopherson < [email protected]> |
| 18 | +Cc: Ingo Molnar < [email protected]> |
| 19 | +Cc: Daniel Sneddon < [email protected]> |
| 20 | +Cc: Jakub Kicinski < [email protected]> |
| 21 | +Signed-off-by: Song Liu < [email protected]> |
| 22 | +--- |
| 23 | + arch/Kconfig | 10 ++++++++++ |
| 24 | + arch/x86/Kconfig | 10 ---------- |
| 25 | + 2 files changed, 10 insertions(+), 10 deletions(-) |
| 26 | + |
| 27 | +diff --git a/arch/Kconfig b/arch/Kconfig |
| 28 | +index 9f066785bb71..8f4af75005f8 100644 |
| 29 | +--- a/arch/Kconfig |
| 30 | ++++ b/arch/Kconfig |
| 31 | +@@ -1609,4 +1609,14 @@ config CC_HAS_SANE_FUNCTION_ALIGNMENT |
| 32 | + # strict alignment always, even with -falign-functions. |
| 33 | + def_bool CC_HAS_MIN_FUNCTION_ALIGNMENT || CC_IS_CLANG |
| 34 | + |
| 35 | ++menuconfig SPECULATION_MITIGATIONS |
| 36 | ++ bool "Mitigations for speculative execution vulnerabilities" |
| 37 | ++ default y |
| 38 | ++ help |
| 39 | ++ Say Y here to enable options which enable mitigations for |
| 40 | ++ speculative execution hardware vulnerabilities. |
| 41 | ++ |
| 42 | ++ If you say N, all mitigations will be disabled. You really |
| 43 | ++ should know what you are doing to say so. |
| 44 | ++ |
| 45 | + endmenu |
| 46 | +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
| 47 | +index 39886bab943a..50c890fce5e0 100644 |
| 48 | +--- a/arch/x86/Kconfig |
| 49 | ++++ b/arch/x86/Kconfig |
| 50 | +@@ -2486,16 +2486,6 @@ config PREFIX_SYMBOLS |
| 51 | + def_bool y |
| 52 | + depends on CALL_PADDING && !CFI_CLANG |
| 53 | + |
| 54 | +-menuconfig SPECULATION_MITIGATIONS |
| 55 | +- bool "Mitigations for speculative execution vulnerabilities" |
| 56 | +- default y |
| 57 | +- help |
| 58 | +- Say Y here to enable options which enable mitigations for |
| 59 | +- speculative execution hardware vulnerabilities. |
| 60 | +- |
| 61 | +- If you say N, all mitigations will be disabled. You really |
| 62 | +- should know what you are doing to say so. |
| 63 | +- |
| 64 | + if SPECULATION_MITIGATIONS |
| 65 | + |
| 66 | + config MITIGATION_PAGE_TABLE_ISOLATION |
| 67 | +-- |
| 68 | +2.43.0 |
| 69 | + |
0 commit comments