Skip to content

Commit bccf9cb

Browse files
Waiman-LongWaiman-Long
committed
x86/bugs: Use early_param() for spectre_v2
JIRA: https://issues.redhat.com/browse/RHEL-119227 commit 9a9f814 Author: David Kaplan <david.kaplan@amd.com> Date: Mon, 15 Sep 2025 08:47:01 -0500 x86/bugs: Use early_param() for spectre_v2 Most of the mitigations in bugs.c use early_param() for command line parsing. Rework the spectre_v2 and nospectre_v2 command line options to be consistent with the others. Remove spec_v2_print_cond() as informing the user of the their cmdline choice isn't interesting. [ bp: Zap spectre_v2_check_cmd(). ] Signed-off-by: David Kaplan <david.kaplan@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Link: https://lore.kernel.org/r/20250819192200.2003074-3-david.kaplan@amd.com Signed-off-by: Waiman Long <longman@redhat.com>
1 parent 958422a commit bccf9cb

File tree

1 file changed

+82
-99
lines changed

1 file changed

+82
-99
lines changed

arch/x86/kernel/cpu/bugs.c

Lines changed: 82 additions & 99 deletions
Original file line numberDiff line numberDiff line change
@@ -1845,7 +1845,8 @@ enum spectre_v2_mitigation_cmd {
18451845
SPECTRE_V2_CMD_IBRS,
18461846
};
18471847

1848-
static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init = SPECTRE_V2_CMD_AUTO;
1848+
static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =
1849+
IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
18491850

18501851
enum spectre_v2_user_mitigation_cmd {
18511852
SPECTRE_V2_USER_CMD_NONE,
@@ -2039,112 +2040,51 @@ static const char * const spectre_v2_strings[] = {
20392040
[SPECTRE_V2_IBRS] = "Mitigation: IBRS",
20402041
};
20412042

2042-
static const struct {
2043-
const char *option;
2044-
enum spectre_v2_mitigation_cmd cmd;
2045-
bool secure;
2046-
} mitigation_options[] __initconst = {
2047-
{ "off", SPECTRE_V2_CMD_NONE, false },
2048-
{ "on", SPECTRE_V2_CMD_FORCE, true },
2049-
{ "retpoline", SPECTRE_V2_CMD_RETPOLINE, false },
2050-
{ "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_LFENCE, false },
2051-
{ "retpoline,lfence", SPECTRE_V2_CMD_RETPOLINE_LFENCE, false },
2052-
{ "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false },
2053-
{ "eibrs", SPECTRE_V2_CMD_EIBRS, false },
2054-
{ "eibrs,lfence", SPECTRE_V2_CMD_EIBRS_LFENCE, false },
2055-
{ "eibrs,retpoline", SPECTRE_V2_CMD_EIBRS_RETPOLINE, false },
2056-
{ "auto", SPECTRE_V2_CMD_AUTO, false },
2057-
{ "ibrs", SPECTRE_V2_CMD_IBRS, false },
2058-
};
2043+
static bool nospectre_v2 __ro_after_init;
20592044

2060-
static void __init spec_v2_print_cond(const char *reason, bool secure)
2045+
static int __init nospectre_v2_parse_cmdline(char *str)
20612046
{
2062-
if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure)
2063-
pr_info("%s selected on command line.\n", reason);
2047+
nospectre_v2 = true;
2048+
spectre_v2_cmd = SPECTRE_V2_CMD_NONE;
2049+
return 0;
20642050
}
2051+
early_param("nospectre_v2", nospectre_v2_parse_cmdline);
20652052

2066-
static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
2053+
static int __init spectre_v2_parse_cmdline(char *str)
20672054
{
2068-
enum spectre_v2_mitigation_cmd cmd;
2069-
char arg[20];
2070-
int ret, i;
2071-
2072-
cmd = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ? SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
2073-
if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
2074-
return SPECTRE_V2_CMD_NONE;
2075-
2076-
ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
2077-
if (ret < 0)
2078-
return cmd;
2079-
2080-
for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) {
2081-
if (!match_option(arg, ret, mitigation_options[i].option))
2082-
continue;
2083-
cmd = mitigation_options[i].cmd;
2084-
break;
2085-
}
2086-
2087-
if (i >= ARRAY_SIZE(mitigation_options)) {
2088-
pr_err("unknown option (%s). Switching to default mode\n", arg);
2089-
return cmd;
2090-
}
2091-
2092-
if ((cmd == SPECTRE_V2_CMD_RETPOLINE ||
2093-
cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
2094-
cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
2095-
cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
2096-
cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
2097-
!IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) {
2098-
pr_err("%s selected but not compiled in. Switching to AUTO select\n",
2099-
mitigation_options[i].option);
2100-
return SPECTRE_V2_CMD_AUTO;
2101-
}
2102-
2103-
if ((cmd == SPECTRE_V2_CMD_EIBRS ||
2104-
cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
2105-
cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
2106-
!boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {
2107-
pr_err("%s selected but CPU doesn't have Enhanced or Automatic IBRS. Switching to AUTO select\n",
2108-
mitigation_options[i].option);
2109-
return SPECTRE_V2_CMD_AUTO;
2110-
}
2111-
2112-
if ((cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
2113-
cmd == SPECTRE_V2_CMD_EIBRS_LFENCE) &&
2114-
!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {
2115-
pr_err("%s selected, but CPU doesn't have a serializing LFENCE. Switching to AUTO select\n",
2116-
mitigation_options[i].option);
2117-
return SPECTRE_V2_CMD_AUTO;
2118-
}
2119-
2120-
if (cmd == SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY)) {
2121-
pr_err("%s selected but not compiled in. Switching to AUTO select\n",
2122-
mitigation_options[i].option);
2123-
return SPECTRE_V2_CMD_AUTO;
2124-
}
2125-
2126-
if (cmd == SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) {
2127-
pr_err("%s selected but not Intel CPU. Switching to AUTO select\n",
2128-
mitigation_options[i].option);
2129-
return SPECTRE_V2_CMD_AUTO;
2130-
}
2055+
if (!str)
2056+
return -EINVAL;
21312057

2132-
if (cmd == SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATURE_IBRS)) {
2133-
pr_err("%s selected but CPU doesn't have IBRS. Switching to AUTO select\n",
2134-
mitigation_options[i].option);
2135-
return SPECTRE_V2_CMD_AUTO;
2136-
}
2058+
if (nospectre_v2)
2059+
return 0;
21372060

2138-
if (cmd == SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_FEATURE_XENPV)) {
2139-
pr_err("%s selected but running as XenPV guest. Switching to AUTO select\n",
2140-
mitigation_options[i].option);
2141-
return SPECTRE_V2_CMD_AUTO;
2142-
}
2061+
if (!strcmp(str, "off"))
2062+
spectre_v2_cmd = SPECTRE_V2_CMD_NONE;
2063+
else if (!strcmp(str, "on"))
2064+
spectre_v2_cmd = SPECTRE_V2_CMD_FORCE;
2065+
else if (!strcmp(str, "retpoline"))
2066+
spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE;
2067+
else if (!strcmp(str, "retpoline,amd") ||
2068+
!strcmp(str, "retpoline,lfence"))
2069+
spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE_LFENCE;
2070+
else if (!strcmp(str, "retpoline,generic"))
2071+
spectre_v2_cmd = SPECTRE_V2_CMD_RETPOLINE_GENERIC;
2072+
else if (!strcmp(str, "eibrs"))
2073+
spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS;
2074+
else if (!strcmp(str, "eibrs,lfence"))
2075+
spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS_LFENCE;
2076+
else if (!strcmp(str, "eibrs,retpoline"))
2077+
spectre_v2_cmd = SPECTRE_V2_CMD_EIBRS_RETPOLINE;
2078+
else if (!strcmp(str, "auto"))
2079+
spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
2080+
else if (!strcmp(str, "ibrs"))
2081+
spectre_v2_cmd = SPECTRE_V2_CMD_IBRS;
2082+
else
2083+
pr_err("Ignoring unknown spectre_v2 option (%s).", str);
21432084

2144-
spec_v2_print_cond(mitigation_options[i].option,
2145-
mitigation_options[i].secure);
2146-
return cmd;
2085+
return 0;
21472086
}
2087+
early_param("spectre_v2", spectre_v2_parse_cmdline);
21482088

21492089
static enum spectre_v2_mitigation __init spectre_v2_select_retpoline(void)
21502090
{
@@ -2332,7 +2272,50 @@ static void __init bhi_apply_mitigation(void)
23322272

23332273
static void __init spectre_v2_select_mitigation(void)
23342274
{
2335-
spectre_v2_cmd = spectre_v2_parse_cmdline();
2275+
if ((spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE ||
2276+
spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
2277+
spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
2278+
spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
2279+
spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
2280+
!IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) {
2281+
pr_err("RETPOLINE selected but not compiled in. Switching to AUTO select\n");
2282+
spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
2283+
}
2284+
2285+
if ((spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS ||
2286+
spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
2287+
spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
2288+
!boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {
2289+
pr_err("EIBRS selected but CPU doesn't have Enhanced or Automatic IBRS. Switching to AUTO select\n");
2290+
spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
2291+
}
2292+
2293+
if ((spectre_v2_cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE ||
2294+
spectre_v2_cmd == SPECTRE_V2_CMD_EIBRS_LFENCE) &&
2295+
!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {
2296+
pr_err("LFENCE selected, but CPU doesn't have a serializing LFENCE. Switching to AUTO select\n");
2297+
spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
2298+
}
2299+
2300+
if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY)) {
2301+
pr_err("IBRS selected but not compiled in. Switching to AUTO select\n");
2302+
spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
2303+
}
2304+
2305+
if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) {
2306+
pr_err("IBRS selected but not Intel CPU. Switching to AUTO select\n");
2307+
spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
2308+
}
2309+
2310+
if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && !boot_cpu_has(X86_FEATURE_IBRS)) {
2311+
pr_err("IBRS selected but CPU doesn't have IBRS. Switching to AUTO select\n");
2312+
spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
2313+
}
2314+
2315+
if (spectre_v2_cmd == SPECTRE_V2_CMD_IBRS && cpu_feature_enabled(X86_FEATURE_XENPV)) {
2316+
pr_err("IBRS selected but running as XenPV guest. Switching to AUTO select\n");
2317+
spectre_v2_cmd = SPECTRE_V2_CMD_AUTO;
2318+
}
23362319

23372320
if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) &&
23382321
(spectre_v2_cmd == SPECTRE_V2_CMD_NONE || spectre_v2_cmd == SPECTRE_V2_CMD_AUTO))

0 commit comments

Comments
 (0)