openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/arch
History
Konrad Rzeszutek Wilk 24f7fc83b9 x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation 
Contemporary high performance processors use a common industry-wide
optimization known as "Speculative Store Bypass" in which loads from
addresses to which a recent store has occurred may (speculatively) see an
older value. Intel refers to this feature as "Memory Disambiguation" which
is part of their "Smart Memory Access" capability.

Memory Disambiguation can expose a cache side-channel attack against such
speculatively read values. An attacker can create exploit code that allows
them to read memory outside of a sandbox environment (for example,
malicious JavaScript in a web page), or to perform more complex attacks
against code running within the same privilege level, e.g. via the stack.

As a first step to mitigate against such attacks, provide two boot command
line control knobs:

 nospec_store_bypass_disable
 spec_store_bypass_disable=[off,auto,on]

By default affected x86 processors will power on with Speculative
Store Bypass enabled. Hence the provided kernel parameters are written
from the point of view of whether to enable a mitigation or not.
The parameters are as follows:

 - auto - Kernel detects whether your CPU model contains an implementation
	  of Speculative Store Bypass and picks the most appropriate
	  mitigation.

 - on   - disable Speculative Store Bypass
 - off  - enable Speculative Store Bypass

[ tglx: Reordered the checks so that the whole evaluation is not done
  	when the CPU does not support RDS ]

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
 		2018-05-03 13:55:48 +02:00
..
alpha mm: introduce MAP_FIXED_NOREPLACE 2018-04-11 10:28:38 -07:00
arc kbuild: mark $(targets) as .SECONDARY and remove .PRECIOUS markers 2018-04-07 19:04:02 +09:00
arm KVM fixes for v4.17-rc3 2018-04-27 16:13:31 -07:00
arm64 KVM fixes for v4.17-rc3 2018-04-27 16:13:31 -07:00
c6x c6x: pass endianness info to sparse 2018-04-10 09:58:58 -04:00
h8300 h8300: remove extraneous __BIG_ENDIAN definition 2018-03-22 17:07:01 -07:00
hexagon
ia64 pci-v4.17-changes 2018-04-06 18:31:06 -07:00
m68k Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu 2018-04-09 09:15:46 -07:00
microblaze Microblaze patches for 4.17-rc1 2018-04-12 10:18:02 -07:00
mips MIPS fixes for 4.17-rc2 2018-04-20 08:25:31 -07:00
nds32 page cache: use xa_lock 2018-04-11 10:28:39 -07:00
nios2 nios2 update for v4.17-rc1 2018-04-11 16:02:18 -07:00
openrisc OpenRISC updates for v4.17 2018-04-15 12:27:58 -07:00
parisc parisc: Fix missing binfmt_elf32.o build error 2018-04-14 11:17:59 +02:00
powerpc powerpc/kvm/booke: Fix altivec related build break 2018-04-27 16:36:03 +10:00
riscv RISC-V: build vdso-dummy.o with -no-pie 2018-04-24 10:54:46 -07:00
s390 s390: correct module section names for expoline code revert 2018-04-23 07:57:17 +02:00
sh Merge branch 'akpm' (patches from Andrew) 2018-04-14 08:50:50 -07:00
sparc Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
um Merge git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2018-04-11 16:36:47 -07:00
unicore32 unicore32: turn flush_dcache_mmap_lock into a no-op 2018-04-11 10:28:39 -07:00
x86 x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation 2018-05-03 13:55:48 +02:00
xtensa mm: introduce MAP_FIXED_NOREPLACE 2018-04-11 10:28:38 -07:00
.gitignore
Kconfig kbuild: remove incremental linking option 2018-03-26 02:01:19 +09:00