From patchwork Thu Jan 18 17:32:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Leitao X-Patchwork-Id: 189310 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2bc4:b0:101:a8e8:374 with SMTP id hx4csp503152dyb; Thu, 18 Jan 2024 09:33:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IGBdtC/mQVVByE/FRJ+dklBlyvdZjUHpdkDaCIuXPr7OA+R/CKWNj5I9GjGdrv3Bw/2Pjeh X-Received: by 2002:a05:620a:2a06:b0:783:82b0:6148 with SMTP id o6-20020a05620a2a0600b0078382b06148mr821292qkp.151.1705599181176; Thu, 18 Jan 2024 09:33:01 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705599181; cv=pass; d=google.com; s=arc-20160816; b=PlayjGQwy/fRQnyUFj9JFi6ryX5zzkYTCtBllkovv2Moj6946s0UYaj+WwRl3MfYn3 QGKvuH1AGMpwbUj81Lz9pFvY+3t9K/cmEC3LYTBhe/6LNnFcpsWHuwSRn9NDi9hCvx8h 2mCnEdP5qBM6Tva1gW7hKHzCv5lBCn71vmS1jOQmEMF2hHWO1LoV0ndo4mpjLXbmIJhg YkORJhfx5+v4KVnruXVLlwWcWI6Kb5q61TTdhfa32iGyamH7gZp1Kzvf72yargXlI/sw dGoI8Zu9NkG1+wjXE3HdlmWhz27oFLAi+bD9k59OQ+gq6N54ZmpT5Qdipohq3+gwe7SS 7/gA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=XEYSqpyfrDZSkYFm3rTNQP9D1iITVTBODLatPLfXrH8=; fh=SrIDuFueflwiQaG9KBi3w/TYUKWy0IiywCWSziMeiUo=; b=pLzfy2Aioc6auzo3y42u9AbKrLHrWswILwbW0QWDOG84KSctLv6oKXXzynjGsEq5BU 6l4r4tBdCU7juufbQVlVVKMQFAP19z3z2AoA72LWMV8c9M71PMMaTd9LxzN9VxVyw8B6 0hV0DVq9cN4zNXYQTxvjYoQKPyv5gaGS2+oMnGxUICs3horErVM6Z1SuYupKe/mA4ofb +0rm881Bmazzl24PAo6KMdjjev45NsuChvQ2NBUtZNGGucti9px0dIsVoNZ6vodslOZZ 04ty2RZpW0CmdbljD2bf8A83reIMz0v+metfduKzGILaD0ZgooI8LbYLO0L721Iwa1dz P75w== ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-30421-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30421-ouuuleilei=gmail.com@vger.kernel.org" Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id v21-20020a05620a441500b00783731392c5si4096949qkp.199.2024.01.18.09.33.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 09:33:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-30421-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-30421-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30421-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id F32041C22304 for ; Thu, 18 Jan 2024 17:33:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 353592D61D; Thu, 18 Jan 2024 17:32:36 +0000 (UTC) Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1991D2D044 for ; Thu, 18 Jan 2024 17:32:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705599154; cv=none; b=iqt8hem/8kHBAJAWLep2kJMQsI4viTHD9KUpp2WNZg0k0Df9MyOfMwGf2QkxzCm+dsM4qjJ3jATmeKzFftCvp3S1VKBdFrNVqWr90nFh4a6zlZAQRAtgDfjaK33ae1CEmcy9CXuZuj+9ugqxvLnnotz8HldF+CHp6AC7o8PafOU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705599154; c=relaxed/simple; bh=cvbCPN1PNGNQlz20JF8uuYdvdoi6CQOEbNjgwbPBiao=; h=Received:X-Google-DKIM-Signature:X-Gm-Message-State: X-Google-Smtp-Source:X-Received:Received:From:To:Cc:Subject:Date: Message-Id:X-Mailer:In-Reply-To:References:MIME-Version: Content-Transfer-Encoding; b=gDkCR5CcfouRXp0oIdYvVunwUEV8JCZkTaftYMyy5CtxV5tsMmKPoAdoCjCTg57vB6w36evSlMgFOm3ByqqODZNMGZE7lnslOGr4YvMbbZFxv5uYFPcxmJ80vGipojabWPr973vbz8pnbSFy7YVYJ4Tk8OnSv9GQT5eQvjAqkdI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-a26fa294e56so1310306366b.0 for ; Thu, 18 Jan 2024 09:32:32 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705599151; x=1706203951; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XEYSqpyfrDZSkYFm3rTNQP9D1iITVTBODLatPLfXrH8=; b=CZl/JFZHA3kQBUurcomjW3LNHrE6lI5Hd45F+XWmgd1fCJPf8xPojXIZYXDlE+r5Qa R6zW/ub6OXoi1EN8PcvU8Dz8xcSmLf+LUbMk4hmp+XG2GbJndMNZuz4inI5vOxltpm1a b4pFQucKi0RhqOgKX3xtNG3PTeNLeZt7TNTb+RWYYzwVkRdAc+I9ncc0kLFc8uMEp/oS /WltxAYsniOODJ7k+4tRRoQenG4dvV6rnWWIG0wY6m5nG/ZR4QrmaDOCuoOPowe5m4wX viPjwgdohxdVHUAj3H3ZrMgsSEaseMMdAPIKVJ8V7sebljyrVJKyrFWaRNKfABtwS7hC L2Sw== X-Gm-Message-State: AOJu0YxfLMAQnXwBXoZuk/CTtIXXpQKi7QKAgbYQmBD44GWNE0utcdcF RjnsdYq+EgsaW/3l/RJwjqNVT4XXAVpR8mYIoOW28R5KuwDlWi+p X-Received: by 2002:a17:906:195b:b0:a2c:fd6c:4753 with SMTP id b27-20020a170906195b00b00a2cfd6c4753mr715643eje.53.1705599151126; Thu, 18 Jan 2024 09:32:31 -0800 (PST) Received: from localhost (fwdproxy-cln-020.fbsv.net. [2a03:2880:31ff:14::face:b00c]) by smtp.gmail.com with ESMTPSA id rv25-20020a17090710d900b00a26c8c70069sm9329801ejb.48.2024.01.18.09.32.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 09:32:30 -0800 (PST) From: Breno Leitao To: mingo@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta Cc: linux-kernel@vger.kernel.org Subject: [PATCH 1/3] x86/bugs: Create a way to disable GDS mitigation Date: Thu, 18 Jan 2024 09:32:11 -0800 Message-Id: <20240118173213.2008115-2-leitao@debian.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240118173213.2008115-1-leitao@debian.org> References: <20240118173213.2008115-1-leitao@debian.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788450366658369104 X-GMAIL-MSGID: 1788450366658369104 Currently there is no way to disable GDS mitigation at build time. The current config option (GDS_MITIGATION_FORCE) just enables a more drastic mitigation. Create a new kernel config that allows GDS to be completely disabled, similarly to the "gather_data_sampling=off" or "mitigations=off" kernel command-line. Move the GDS_MITIGATION_FORCE under this new mitigation. Suggested-by: Josh Poimboeuf Signed-off-by: Breno Leitao Acked-by: Josh Poimboeuf --- arch/x86/Kconfig | 16 +++++++++++----- arch/x86/kernel/cpu/bugs.c | 7 ++++--- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 0a9fea390ef3..d5e3f1a8cacd 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2587,15 +2587,21 @@ config MITIGATION_SLS against straight line speculation. The kernel image might be slightly larger. +config MITIGATION_GDS + bool "Mitigate Gather Data Sampling" + depends on CPU_SUP_INTEL + default y + help + Enable mitigation for Gather Data Sampling (GDS). GDS is a hardware + vulnerability which allows unprivileged speculative access to data + which was previously stored in vector registers. The attacker uses gather + instructions to infer the stale vector register data. + config MITIGATION_GDS_FORCE bool "Force GDS Mitigation" - depends on CPU_SUP_INTEL + depends on MITIGATION_GDS default n help - Gather Data Sampling (GDS) is a hardware vulnerability which allows - unprivileged speculative access to data which was previously stored in - vector registers. - This option is equivalent to setting gather_data_sampling=force on the command line. The microcode mitigation is used if present, otherwise AVX is disabled as a mitigation. On affected systems that are missing diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index f2775417bda2..0172bb0f61fe 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -671,10 +671,11 @@ enum gds_mitigations { GDS_MITIGATION_HYPERVISOR, }; -#if IS_ENABLED(CONFIG_MITIGATION_GDS_FORCE) -static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FORCE; +#if IS_ENABLED(CONFIG_MITIGATION_GDS) +static enum gds_mitigations gds_mitigation __ro_after_init = + IS_ENABLED(CONFIG_MITIGATION_GDS_FORCE) ? GDS_MITIGATION_FORCE : GDS_MITIGATION_FULL; #else -static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL; +static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_OFF; #endif static const char * const gds_strings[] = { From patchwork Thu Jan 18 17:32:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Leitao X-Patchwork-Id: 189312 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2bc4:b0:101:a8e8:374 with SMTP id hx4csp503454dyb; Thu, 18 Jan 2024 09:33:29 -0800 (PST) X-Google-Smtp-Source: AGHT+IGjsQNQfP++nIMwgc5XPt44IWf/2nUov7b7ZRNKIkXmg+tKqq3STQMSjD5FIOeILB+8mEkn X-Received: by 2002:a05:6a21:78a4:b0:19a:18a2:a516 with SMTP id bf36-20020a056a2178a400b0019a18a2a516mr1394625pzc.36.1705599209348; Thu, 18 Jan 2024 09:33:29 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705599209; cv=pass; d=google.com; s=arc-20160816; b=MCnGl3oWxcvdV7MgjSppvFtYHvahfNMHxYLnflgNNU8s4HXWNAFc1QwJu6gAA+H1Es mQ/uinUolWA+xQGcmFY3OzLL90aXa8k2oL8Zfw9B+zajWkHnXQ//mRLmL4PnweS22cSq ggIt5VRErawjZAM+qcqnTaIg5deeDXlrka9tfLsPwlaPjWstJafSfLWimkySRx43JmxT VrkmuPhtc52QJXxsuKlD2XadGDT94GsQ3SxWqEhiEPiLKm58wVc7zfrvrzqhum4qaiaW 1oBQXgSASifWVWKwMgCA3ir5zI0ARzYRJeucJ/NszDUQlI+TmP44nYfa3JVFTIcCYczu 54hA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=KKTQoX3FaBq0uWdtHSgNj1nQgdzIT0YJwho/RTFWk44=; fh=SrIDuFueflwiQaG9KBi3w/TYUKWy0IiywCWSziMeiUo=; b=FXMrR1d6tCPN74Lc9ecRo04sRVJ2hPsJWD/DkaG/crCOcL5UBSeA83ABngTs9K/Ppo Z0SkyinlpeKwoTvaV80OJf5nzj/virYSG5MqO0M476qKmuwdF/QvLirvrEkqQCKtHYhR 0WyoSRHpLTfIVlhD5I5rdsQtfJKsrqffHQV1lJjr+QzecJXlb9BQWiJAmOP48c7UHuhg bU5ac/Fd4V5+dunWkV45i2/sab5ASL2qrubdhl9dMQUy8Bvg+ZnFSCZOPbd7mElsOOmW kgerK6dl1Un4BtViTU2vpJp0QyogAQrhykc1NzEJ1ir5RNbqiXIFdOB8qAlAEHayPexY HNVw== ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-30422-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30422-ouuuleilei=gmail.com@vger.kernel.org" Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id s135-20020a63778d000000b005ce0cf4a97esi1703505pgc.75.2024.01.18.09.33.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 09:33:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-30422-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-30422-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30422-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 15831282974 for ; Thu, 18 Jan 2024 17:33:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0801F2D7A7; Thu, 18 Jan 2024 17:32:40 +0000 (UTC) Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15F6F2D608 for ; Thu, 18 Jan 2024 17:32:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705599156; cv=none; b=mrdJSGGdG8RABPvBmCBMdz+gXShsQxyM7HNMMeHiQxpEGIkVogmDzy4MyMhimpKXPI1mvbahzJZVIJgPCSOC8stUQ19tNdXPqNpDt6Zc8ekH2J3zN5wAPzlcxLCLe4FqyZbbl1cdXCYt48CSydKaVTS7o5+ecji+Ds8wuLphBpQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705599156; c=relaxed/simple; bh=j8pxwNTI+hFK2Sx6MdLd4/IKBMbSsQORf1fSUoXrwyQ=; h=Received:X-Google-DKIM-Signature:X-Gm-Message-State: X-Google-Smtp-Source:X-Received:Received:From:To:Cc:Subject:Date: Message-Id:X-Mailer:In-Reply-To:References:MIME-Version: Content-Transfer-Encoding; b=ZrQMUcJGr2m1va5irX62iPyhbXIA0kPkwveoVS2jRZcLfELvDeKtWFOu0T9c7PkdOYiufY6MnMRuwsN0fU+ESqAu+6HjWsCm0SBmbWmmPtphd0deFnvnea+Xsfn/BeDYaw0AqAVgy6lTjQrQkW0buln5eVEU1urdmVaPLjv1A6w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-559b6786561so3478008a12.2 for ; Thu, 18 Jan 2024 09:32:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705599153; x=1706203953; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KKTQoX3FaBq0uWdtHSgNj1nQgdzIT0YJwho/RTFWk44=; b=CaQiUqvaxnOGLjCAPTxRIrOYnjxwG1zB0ZJFBM9xo74NMv6m0amifg98sqH4Gzk335 wDtGvzwNJ1YCjzsPrARKPi2NKXYpkIwDDzAgQU9ENhcHPqLVAIgDoItwT4VWD2MyicaS tVoNOdJwxYtmV4GWNyWz3kM1shN3xgHdT9xjiTui4u+Gu3hXSFIutJMgTUmvivJ6kC/T 4Edx8t4G4iQ+jYAo0HmOhgww3TEDx3hSMClbI/yc/l0Dxfqd2HMSD5hj7KSz2EnhLtps OlGGMO732xrHVBCP1HhPHw3JTA42GwX14Dns0cRDYutmmftCPO0g85xZIU3vJYcwAwzz KGug== X-Gm-Message-State: AOJu0Ywpu1vPXebcPTIupbTzIBtp2lp452zboQqnkDFTK/teXq+moEHk iCckQvBF18i2wKfhxKUyEJbeU+tQsP0Yiks8llq5+e9k0y4CDd73 X-Received: by 2002:a17:906:5996:b0:a2e:d778:a2e3 with SMTP id m22-20020a170906599600b00a2ed778a2e3mr542293ejs.24.1705599152969; Thu, 18 Jan 2024 09:32:32 -0800 (PST) Received: from localhost (fwdproxy-cln-018.fbsv.net. [2a03:2880:31ff:12::face:b00c]) by smtp.gmail.com with ESMTPSA id hw15-20020a170907a0cf00b00a2ed5d9ea19sm2250810ejc.190.2024.01.18.09.32.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 09:32:32 -0800 (PST) From: Breno Leitao To: mingo@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta Cc: linux-kernel@vger.kernel.org Subject: [PATCH 2/3] x86/bugs: Add a separate config for missing mitigation Date: Thu, 18 Jan 2024 09:32:12 -0800 Message-Id: <20240118173213.2008115-3-leitao@debian.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240118173213.2008115-1-leitao@debian.org> References: <20240118173213.2008115-1-leitao@debian.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788450396629687939 X-GMAIL-MSGID: 1788450396629687939 Currently, the CONFIG_SPECULATION_MITIGATIONS is halfway populated, where some mitigations have entries in Kconfig, and they could be modified, while others mitigations do not have Kconfig entries, and could not be controlled at build time. Create an entry for each CPU mitigation under CONFIG_SPECULATION_MITIGATIONS. This allow users to enable or disable them at compilation time. Signed-off-by: Breno Leitao Acked-by: Josh Poimboeuf --- arch/x86/Kconfig | 101 +++++++++++++++++++++++++++++++++++++ arch/x86/kernel/cpu/bugs.c | 39 ++++++++------ 2 files changed, 125 insertions(+), 15 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index d5e3f1a8cacd..e16cfaf3dd14 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2612,6 +2612,107 @@ config MITIGATION_GDS_FORCE If in doubt, say N. +config MITIGATION_MDS + bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug" + depends on CPU_SUP_INTEL + default y + help + Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is + a hardware vulnerability which allows unprivileged speculative access + to data which is available in various CPU internal buffers. + See also + +config MITIGATION_TAA + bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug" + depends on CPU_SUP_INTEL + default y + help + Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware + vulnerability that allows unprivileged speculative access to data + which is available in various CPU internal buffers by using + asynchronous aborts within an Intel TSX transactional region. + See also + +config MITIGATION_MMIO_STALE_DATA + bool "Mitigate MMIO Stale Data hardware bug" + depends on CPU_SUP_INTEL + default y + help + Enable mitigation for MMIO Stale Data hardware bugs. Processor MMIO + Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) + vulnerabilities that can expose data. The vulnerabilities require the + attacker to have access to MMIO. + See also + + +config MITIGATION_L1TF + bool "Mitigate L1 Terminal Fault (L1TF) hardware bug" + depends on CPU_SUP_INTEL + default y + help + Mitigate L1 Terminal Fault (L1TF) hardware bug. L1 Terminal Fault is a + hardware vulnerability which allows unprivileged speculative access to data + available in the Level 1 Data Cache. + See + +config MITIGATION_SPECTRE_V2 + bool "Mitigate SPECTRE V2 hardware bug" + default y + help + Enable mitigation for Spectre V2 (Branch Target Injection). Spectre + V2 is a class of side channel attacks that takes advantage of + indirect branch predictors inside the processor. In Spectre variant 2 + attacks, the attacker can steer speculative indirect branches in the + victim to gadget code by poisoning the branch target buffer of a CPU + used for predicting indirect branch addresses. + See also + +config MITIGATION_SRBDS + bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug" + depends on CPU_SUP_INTEL + default y + help + Enable mitigation for Special Register Buffer Data Sampling (SRBDS). + SRBDS is a hardware vulnerability that allows Microarchitectural Data + Sampling (MDS) techniques to infer values returned from special + register accesses. An unprivileged user can extract values returned + from RDRAND and RDSEED executed on another core or sibling thread + using MDS techniques. + See also + + +config MITIGATION_SSB + bool "Mitigate Speculative Store Bypass (SSB) hardware bug" + default y + help + Enable mitigation for Speculative Store Bypass (SSB). SSB is a + hardware security vulnerability and its exploitation takes advantage + of speculative execution in a similar way to the Meltdown and Spectre + security vulnerabilities. + endif config ARCH_HAS_ADD_PAGES diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0172bb0f61fe..11ccbadd8800 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -232,7 +232,8 @@ static void x86_amd_ssb_disable(void) #define pr_fmt(fmt) "MDS: " fmt /* Default mitigation for MDS-affected CPUs */ -static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL; +static enum mds_mitigations mds_mitigation __ro_after_init = + IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_FULL : MDS_MITIGATION_OFF; static bool mds_nosmt __ro_after_init = false; static const char * const mds_strings[] = { @@ -292,7 +293,8 @@ enum taa_mitigations { }; /* Default mitigation for TAA-affected CPUs */ -static enum taa_mitigations taa_mitigation __ro_after_init = TAA_MITIGATION_VERW; +static enum taa_mitigations taa_mitigation __ro_after_init = + IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_VERW : TAA_MITIGATION_OFF; static bool taa_nosmt __ro_after_init; static const char * const taa_strings[] = { @@ -393,7 +395,8 @@ enum mmio_mitigations { }; /* Default mitigation for Processor MMIO Stale Data vulnerabilities */ -static enum mmio_mitigations mmio_mitigation __ro_after_init = MMIO_MITIGATION_VERW; +static enum mmio_mitigations mmio_mitigation __ro_after_init = + IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_VERW : MMIO_MITIGATION_OFF; static bool mmio_nosmt __ro_after_init = false; static const char * const mmio_strings[] = { @@ -542,7 +545,8 @@ enum srbds_mitigations { SRBDS_MITIGATION_HYPERVISOR, }; -static enum srbds_mitigations srbds_mitigation __ro_after_init = SRBDS_MITIGATION_FULL; +static enum srbds_mitigations srbds_mitigation __ro_after_init = + IS_ENABLED(CONFIG_MITIGATION_SRBDS) ? SRBDS_MITIGATION_FULL : SRBDS_MITIGATION_OFF; static const char * const srbds_strings[] = { [SRBDS_MITIGATION_OFF] = "Vulnerable", @@ -812,7 +816,8 @@ enum spectre_v1_mitigation { }; static enum spectre_v1_mitigation spectre_v1_mitigation __ro_after_init = - SPECTRE_V1_MITIGATION_AUTO; + IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V1) ? + SPECTRE_V1_MITIGATION_AUTO : SPECTRE_V1_MITIGATION_NONE; static const char * const spectre_v1_strings[] = { [SPECTRE_V1_MITIGATION_NONE] = "Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers", @@ -927,7 +932,7 @@ static const char * const retbleed_strings[] = { static enum retbleed_mitigation retbleed_mitigation __ro_after_init = RETBLEED_MITIGATION_NONE; static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init = - RETBLEED_CMD_AUTO; + IS_ENABLED(CONFIG_MITIGATION_RETBLEED) ? RETBLEED_CMD_AUTO : RETBLEED_CMD_OFF; static int __ro_after_init retbleed_nosmt = false; @@ -1388,17 +1393,18 @@ static void __init spec_v2_print_cond(const char *reason, bool secure) static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) { - enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; + enum spectre_v2_mitigation_cmd cmd; char arg[20]; int ret, i; + cmd = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE; if (cmdline_find_option_bool(boot_command_line, "nospectre_v2") || cpu_mitigations_off()) return SPECTRE_V2_CMD_NONE; ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); if (ret < 0) - return SPECTRE_V2_CMD_AUTO; + return cmd; for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { if (!match_option(arg, ret, mitigation_options[i].option)) @@ -1408,8 +1414,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) } if (i >= ARRAY_SIZE(mitigation_options)) { - pr_err("unknown option (%s). Switching to AUTO select\n", arg); - return SPECTRE_V2_CMD_AUTO; + pr_err("unknown option (%s). Switching to default mode\n", arg); + return cmd; } if ((cmd == SPECTRE_V2_CMD_RETPOLINE || @@ -1882,10 +1888,12 @@ static const struct { static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) { - enum ssb_mitigation_cmd cmd = SPEC_STORE_BYPASS_CMD_AUTO; + enum ssb_mitigation_cmd cmd; char arg[20]; int ret, i; + cmd = IS_ENABLED(CONFIG_MITIGATION_SSB) ? + SPEC_STORE_BYPASS_CMD_AUTO : SPEC_STORE_BYPASS_CMD_NONE; if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable") || cpu_mitigations_off()) { return SPEC_STORE_BYPASS_CMD_NONE; @@ -1893,7 +1901,7 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable", arg, sizeof(arg)); if (ret < 0) - return SPEC_STORE_BYPASS_CMD_AUTO; + return cmd; for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { if (!match_option(arg, ret, ssb_mitigation_options[i].option)) @@ -1904,8 +1912,8 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) } if (i >= ARRAY_SIZE(ssb_mitigation_options)) { - pr_err("unknown option (%s). Switching to AUTO select\n", arg); - return SPEC_STORE_BYPASS_CMD_AUTO; + pr_err("unknown option (%s). Switching to default mode\n", arg); + return cmd; } } @@ -2232,7 +2240,8 @@ EXPORT_SYMBOL_GPL(itlb_multihit_kvm_mitigation); #define pr_fmt(fmt) "L1TF: " fmt /* Default mitigation for L1TF-affected CPUs */ -enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH; +enum l1tf_mitigations l1tf_mitigation __ro_after_init = + IS_ENABLED(CONFIG_MITIGATION_L1TF) ? L1TF_MITIGATION_FLUSH : L1TF_MITIGATION_OFF; #if IS_ENABLED(CONFIG_KVM_INTEL) EXPORT_SYMBOL_GPL(l1tf_mitigation); #endif From patchwork Thu Jan 18 17:32:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Leitao X-Patchwork-Id: 189311 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2bc4:b0:101:a8e8:374 with SMTP id hx4csp503434dyb; Thu, 18 Jan 2024 09:33:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IHXtHtqmiOQmol6DY+2Aip3mxR8j0GDJpDVTFLg/JfsLCJMPHcNUtYHcfcY8WC3ziU1a1/d X-Received: by 2002:a17:90a:6046:b0:286:7f0d:6254 with SMTP id h6-20020a17090a604600b002867f0d6254mr939954pjm.63.1705599206799; Thu, 18 Jan 2024 09:33:26 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705599206; cv=pass; d=google.com; s=arc-20160816; b=WtDANmELVP2xIO61ZXOnvM3WaR2Vrow5k3zPDWvY6dRAQ+5WN7ODNFuCxaJvEc+2kb rok5vzV6sSO097wjuIDd4mygueTpGR0b0wjsm1o15K16CXKK1gQXyu+ceCWiU/aZX+mS 7/L7P1kpmpmMgGYsRRNE0MBMPzrt//Ymn+XFzjx5bPeFbPvfY5c61f4EZiKG0tlurctC cv4t9aGs8xgQ+yeMWgdPgDJYUK9H3qkYcAu5b/5ftRO9z/WfGp/IEnisUT0TAIdbn9PX u7CsvBmqS6yynMk1aQ+V8mhBmHHcShhHAmBxqw4vOzCujOtMI4SJpUWpxlBFonkWOoZY 0qsA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=7jbV2CYl4OTbu9y0UXRb9wohz91lwTslTApdIlsv4JU=; fh=5NoNK/uFtsot+VzC1Y67z8L+CDW9suswS3M96oHX5xU=; b=riDHtidaVn+jFjcmM7g9IZpr7jNactWAl1L4EL9g0yKty7TuaOuBDAXfRUlSiv4Zf/ vgzbWTrc9fOK/oeR1E+/4AVGlSfPvn7p494CTJV/Q5+wNAm9gLTwfTlLxnOlkxRE5HTZ BX3tFp2G58WJzlbDPIjKPqVydEZS4AHnSKQYjtAYbn+82TFo5UnzGf7pI/06yrr6zwDm 5pEzs/FUeBbv4UL3IQl3xGlYyIY9h0iroFhDxMkJcfjn0q79AeaO47jyjalu/NwTlexs 27mSfnURq7egBKGntkB1QAMsd9F6KrBu/nIx9zShvTve2DsUgzamfHjGJ6AwYP05vl5U PW8Q== ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-30423-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30423-ouuuleilei=gmail.com@vger.kernel.org" Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id w9-20020a17090aea0900b0029006dc5d23si1796601pjy.58.2024.01.18.09.33.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 09:33:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-30423-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-30423-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30423-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8DAB3282529 for ; Thu, 18 Jan 2024 17:33:26 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D0F942D7A2; Thu, 18 Jan 2024 17:32:39 +0000 (UTC) Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9859C2D624 for ; Thu, 18 Jan 2024 17:32:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705599158; cv=none; b=qk/nCHNRs9k/qHsh6YuqbEO2I5Ry0kLq0gduJoW6b5x7mDIpN9uqbpRSUUQ6iCNIwyDT/a0WRJjRLrTpL1iS4CRDoLXq9ufkZFV5UkJ2fKeYWZ1cYuXf3SV2sXqapq0GEMotozwJY2OxVXg99Ld2xlx1Bj9ybkV0vTHT1cgYvkg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705599158; c=relaxed/simple; bh=4doGAHQnnqzVCFzwSTC4oYZ1ZI0QDPVBOXZ7uuD/Ejw=; h=Received:X-Google-DKIM-Signature:X-Gm-Message-State: X-Google-Smtp-Source:X-Received:Received:From:To:Cc:Subject:Date: Message-Id:X-Mailer:In-Reply-To:References:MIME-Version: Content-Transfer-Encoding; b=rQ2i7kzUja+QIy+FwABESBv833wNrtO0RY5tKTQbzXdYl1gF2RDkDW3iLjsoHuJuJynuS0XmimVcsLJLFqbzaIuq2Uk6YJbXSM9hE+MbgxRjFJF+W/t3nDnEebtQeUaXDleX5UAPZ8MzMmmcLIuNK1DDVSmBwXaZ45T2dq8dizE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.208.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-55a025bca6eso1226116a12.1 for ; Thu, 18 Jan 2024 09:32:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705599155; x=1706203955; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7jbV2CYl4OTbu9y0UXRb9wohz91lwTslTApdIlsv4JU=; b=lPsW57NxLYK/K0lgom3TzR/a5Oo9BTd/b+WiX/4TeQbxnOAwpeNPExgoih1Q7zhhL5 QmSMUlBXkUZKcBrftCvh9sHx6Vv6fXuJ+fnyZ6xfB02z++v7SyIeLYw28AvZXdJEhBoY if+DFdXxJG/gWi96fkOl16YWEKNzMFo55P34UPOsfi0pdI9Lru3KtXvN2TkAx5qhgnMZ P3jo33yh/DPyfXTxBMFCu1S9CWoImd6x86v5YnxaQFYoDeHLHmi1ekl1D5rJhBbQMd3s oMy527sOSbdcfs+TNwFMSc7C+tuaIWMERxY//s8C/RtYnHJW4vD+dF7fFv46fKm8UY0l mVPA== X-Gm-Message-State: AOJu0Ywb8YDEMIeT/tjxPt+wUJOBhqB70I/1g3piITCypFm5WnHF2+AY RPKFeQOoK+s+z3TVTHdvS9TlFaFROHSH9Wgqu34iJK/MPjPjgHKj X-Received: by 2002:a17:907:8744:b0:a2f:3f0f:9645 with SMTP id qo4-20020a170907874400b00a2f3f0f9645mr323060ejc.64.1705599154554; Thu, 18 Jan 2024 09:32:34 -0800 (PST) Received: from localhost (fwdproxy-cln-000.fbsv.net. [2a03:2880:31ff::face:b00c]) by smtp.gmail.com with ESMTPSA id f4-20020a170906c08400b00a2b10e20292sm9330225ejz.215.2024.01.18.09.32.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 09:32:34 -0800 (PST) From: Breno Leitao To: mingo@kernel.org, Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: linux-kernel@vger.kernel.org Subject: [PATCH 3/3] x86/bugs: spectre_v2_user default mode depends on main default Date: Thu, 18 Jan 2024 09:32:13 -0800 Message-Id: <20240118173213.2008115-4-leitao@debian.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240118173213.2008115-1-leitao@debian.org> References: <20240118173213.2008115-1-leitao@debian.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788450393946883687 X-GMAIL-MSGID: 1788450393946883687 Change the default value of spectre v2 in user mode to respect the CONFIG_MITIGATION_SPECTRE_V2 config option. Currently, user mode spectre v2 is set to auto (SPECTRE_V2_USER_CMD_AUTO) by default, even if CONFIG_MITIGATION_SPECTRE_V2 is disabled. Set the Spectre_v2 value to auto (SPECTRE_V2_USER_CMD_AUTO) if the Spectre v2 config (CONFIG_MITIGATION_SPECTRE_V2) is enabled, otherwise set the value to none (SPECTRE_V2_USER_CMD_NONE). Important to say the command line argument "spectre_v2_user" overwrites the default value in both cases. Signed-off-by: Breno Leitao Acked-by: Josh Poimboeuf --- arch/x86/kernel/cpu/bugs.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 11ccbadd8800..4f1da92784c6 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1221,8 +1221,11 @@ static __ro_after_init enum spectre_v2_mitigation_cmd spectre_v2_cmd; static enum spectre_v2_user_cmd __init spectre_v2_parse_user_cmdline(void) { + int ret, i, mode; char arg[20]; - int ret, i; + + mode = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? + SPECTRE_V2_USER_CMD_AUTO : SPECTRE_V2_USER_CMD_NONE; switch (spectre_v2_cmd) { case SPECTRE_V2_CMD_NONE: @@ -1236,7 +1239,7 @@ spectre_v2_parse_user_cmdline(void) ret = cmdline_find_option(boot_command_line, "spectre_v2_user", arg, sizeof(arg)); if (ret < 0) - return SPECTRE_V2_USER_CMD_AUTO; + return mode; for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { if (match_option(arg, ret, v2_user_options[i].option)) { @@ -1246,8 +1249,8 @@ spectre_v2_parse_user_cmdline(void) } } - pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg); - return SPECTRE_V2_USER_CMD_AUTO; + pr_err("Unknown user space protection option (%s). Switching to default\n", arg); + return mode; } static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)