search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: fe42754) | patch
cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n
commitce0abef6a1d540acef85068e0e82bdf1fbeeb0e9
authorSean Christopherson <seanjc@google.com>
Sat, 20 Apr 2024 00:05:55 +0000 (19 17:05 -0700)
committerBorislav Petkov (AMD) <bp@alien8.de>
Thu, 25 Apr 2024 13:47:39 +0000 (25 15:47 +0200)
tree351692e7d9b06fe49aa7f6d1419cde3a7200d13dtree | snapshot (tar.gz zip)
parentfe42754b94a42d08cf9501790afc25c4f6a5f631commit | diff
cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n

Explicitly disallow enabling mitigations at runtime for kernels that were
built with CONFIG_CPU_MITIGATIONS=n, as some architectures may omit code
entirely if mitigations are disabled at compile time.

E.g. on x86, a large pile of Kconfigs are buried behind CPU_MITIGATIONS,
and trying to provide sane behavior for retroactively enabling mitigations
is extremely difficult, bordering on impossible.  E.g. page table isolation
and call depth tracking require build-time support, BHI mitigations will
still be off without additional kernel parameters, etc.

  [ bp: Touchups. ]

Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20240420000556.2645001-3-seanjc@google.com
Documentation/admin-guide/kernel-parameters.txt diff | blob | blame | history
arch/x86/Kconfig diff | blob | blame | history
include/linux/cpu.h diff | blob | blame | history
kernel/cpu.c diff | blob | blame | history
Linux kernel stable tree