Lines Matching +full:i +full:- +full:leak +full:- +full:current
1 // SPDX-License-Identifier: GPL-2.0
6 * - Rafael R. Reilova (moved everything from head.S),
8 * - Channing Corn (tests & fixes),
9 * - Andrew D. Balsa (code cleanup).
20 #include <asm/spec-ctrl.h>
24 #include <asm/processor-flags.h>
31 #include <asm/intel-family.h>
125 * As MDS and TAA mitigations are inter-related, print MDS in check_bugs()
136 * - i386 is no longer supported. in check_bugs()
137 * - In order to run on anything without a TSC, we need to be in check_bugs()
143 init_utsname()->machine[1] = in check_bugs()
183 hostval |= ssbd_tif_to_spec_ctrl(ti->flags); in x86_virt_spec_ctrl()
187 hostval |= stibp_tif_to_spec_ctrl(ti->flags); in x86_virt_spec_ctrl()
206 * current's TIF_SSBD thread flag. in x86_virt_spec_ctrl()
211 hostval = ssbd_tif_to_spec_ctrl(ti->flags); in x86_virt_spec_ctrl()
240 /* Default mitigation for MDS-affected CPUs */
283 return -EINVAL; in mds_cmdline()
308 /* Default mitigation for TAA-affected CPUs */
397 return -EINVAL; in tsx_async_abort_parse_cmdline()
493 return -EINVAL; in srbds_parse_cmdline()
559 * Consider SMAP to be non-functional as a mitigation on these in smap_works_speculatively()
578 * path of a conditional swapgs with a user-controlled GS in spectre_v1_select_mitigation()
603 * Enable lfences in the kernel entry (non-swapgs) in spectre_v1_select_mitigation()
647 return spectre_v2_bad_module ? " - vulnerable module loaded" : ""; in spectre_v2_module_string()
683 [SPECTRE_V2_USER_STRICT_PREFERRED] = "User space: Mitigation: STIBP always-on protection",
712 int ret, i; in spectre_v2_parse_user_cmdline() local
728 for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { in spectre_v2_parse_user_cmdline()
729 if (match_option(arg, ret, v2_user_options[i].option)) { in spectre_v2_parse_user_cmdline()
730 spec_v2_user_print_cond(v2_user_options[i].option, in spectre_v2_parse_user_cmdline()
731 v2_user_options[i].secure); in spectre_v2_parse_user_cmdline()
732 return v2_user_options[i].cmd; in spectre_v2_parse_user_cmdline()
798 "always-on" : "conditional"); in spectre_v2_user_select_mitigation()
812 * If STIBP support is not being forced, check if STIBP always-on in spectre_v2_user_select_mitigation()
855 int ret, i; in spectre_v2_parse_cmdline() local
865 for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { in spectre_v2_parse_cmdline()
866 if (!match_option(arg, ret, mitigation_options[i].option)) in spectre_v2_parse_cmdline()
868 cmd = mitigation_options[i].cmd; in spectre_v2_parse_cmdline()
872 if (i >= ARRAY_SIZE(mitigation_options)) { in spectre_v2_parse_cmdline()
881 …pr_err("%s selected but not compiled in. Switching to AUTO select\n", mitigation_options[i].option… in spectre_v2_parse_cmdline()
892 spec_v2_print_cond(mitigation_options[i].option, in spectre_v2_parse_cmdline()
893 mitigation_options[i].secure); in spectre_v2_parse_cmdline()
968 * - RSB underflow (and switch to BTB) on Skylake+ in spectre_v2_select_mitigation()
969 * - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs in spectre_v2_select_mitigation()
982 * the CPU supports Enhanced IBRS, kernel might un-intentionally not in spectre_v2_select_mitigation()
1011 mask & SPEC_CTRL_STIBP ? "always-on" : "off"); in update_stibp_strict()
1037 * repartitioning leak would be a window dressing exercise. in update_mds_branch_idle()
1048 …T "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/…
1049 …T "TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/…
1129 int ret, i; in ssb_parse_cmdline() local
1140 for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { in ssb_parse_cmdline()
1141 if (!match_option(arg, ret, ssb_mitigation_options[i].option)) in ssb_parse_cmdline()
1144 cmd = ssb_mitigation_options[i].cmd; in ssb_parse_cmdline()
1148 if (i >= ARRAY_SIZE(ssb_mitigation_options)) { in ssb_parse_cmdline()
1205 * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. in __ssb_select_mitigation()
1206 * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass in __ssb_select_mitigation()
1207 * - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation in __ssb_select_mitigation()
1244 * Immediately update the speculation control MSRs for the current in task_update_spec_tif()
1245 * task, but for a non-current task delay setting the CPU in task_update_spec_tif()
1249 * always the current task. in task_update_spec_tif()
1251 if (tsk == current) in task_update_spec_tif()
1259 return -EPERM; in l1d_flush_prctl_set()
1263 set_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH); in l1d_flush_prctl_set()
1266 clear_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH); in l1d_flush_prctl_set()
1269 return -ERANGE; in l1d_flush_prctl_set()
1277 return -ENXIO; in ssb_prctl_set()
1283 return -EPERM; in ssb_prctl_set()
1301 return -EPERM; in ssb_prctl_set()
1307 return -ERANGE; in ssb_prctl_set()
1336 * updated, unless it was force-disabled by a previous prctl in ib_prctl_set()
1345 return -EPERM; in ib_prctl_set()
1358 return -EPERM; in ib_prctl_set()
1369 return -ERANGE; in ib_prctl_set()
1385 return -ENODEV; in arch_prctl_spec_ctrl_set()
1405 if (test_ti_thread_flag(&task->thread_info, TIF_SPEC_L1D_FLUSH)) in l1d_flush_prctl_get()
1464 return -ENODEV; in arch_prctl_spec_ctrl_get()
1483 /* Default mitigation for L1TF-affected CPUs */
1507 if (c->x86 != 6) in override_cache_bits()
1510 switch (c->x86_model) { in override_cache_bits()
1524 if (c->x86_cache_bits < 44) in override_cache_bits()
1525 c->x86_cache_bits = 44; in override_cache_bits()
1565 e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { in l1tf_select_mitigation()
1570 …pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html might help y… in l1tf_select_mitigation()
1583 return -EINVAL; in l1tf_cmdline()
1703 return ", STIBP: always-on"; in stibp_state()
1716 return ", IBPB: always-on"; in ibpb_state()