[PATCH] cpu/speculation: Warn on unsupported mitigations= parameter

[PATCH] cpu/speculation: Warn on unsupported mitigations= parameter

[Geert Uytterhoeven]

Currently, if the user specifies an unsupported mitigation strategy on
the kernel command line, it will be ignored silently.  The code will
fall back to the default strategy, possibly leaving the system more
vulnerable than expected.

This may happen due to e.g. a simple typo, or, for a stable kernel
release, because not all mitigation strategies have been backported.

Inform the user by printing a message.

Fixes: 98af8452945c5565 ("cpu/speculation: Add 'mitigations=' cmdline option")
Cc: stable@vger.kernel.org
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
---
 kernel/cpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/cpu.c b/kernel/cpu.c
index f2ef10460698e9ec..8458fda00e6ddb88 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2339,6 +2339,9 @@ static int __init mitigations_parse_cmdline(char *arg)
 		cpu_mitigations = CPU_MITIGATIONS_AUTO;
 	else if (!strcmp(arg, "auto,nosmt"))
 		cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
+	else
+		pr_crit("Unsupported mitigations=%s, system may still be vulnerable\n",
+			arg);
 
 	return 0;
 }
-- 
2.17.1

Re: [PATCH] cpu/speculation: Warn on unsupported mitigations= parameter

[Jiri Kosina]

On Thu, 16 May 2019, Geert Uytterhoeven wrote:

> Currently, if the user specifies an unsupported mitigation strategy on
> the kernel command line, it will be ignored silently.  The code will
> fall back to the default strategy, possibly leaving the system more
> vulnerable than expected.

Honestly, I am not convinced. We are not doing this for vast majority of 
other cmdline options either, if for any at all.

Thanks,

-- 
Jiri Kosina
SUSE Labs

Re: [PATCH] cpu/speculation: Warn on unsupported mitigations= parameter

[Ingo Molnar]

* Jiri Kosina <jikos@kernel.org> wrote:

> On Thu, 16 May 2019, Geert Uytterhoeven wrote:
> 
> > Currently, if the user specifies an unsupported mitigation strategy on
> > the kernel command line, it will be ignored silently.  The code will
> > fall back to the default strategy, possibly leaving the system more
> > vulnerable than expected.
> 
> Honestly, I am not convinced. We are not doing this for vast majority of 
> other cmdline options either, if for any at all.

That's really a weakness - I've been bitten by this previously: I typoed 
or mis-remembered a command line option and didn't have it while I 
thought I had it.

Our boot-commandline library is pretty user-unfriendly.

Thanks,

	Ingo

Re: [PATCH] cpu/speculation: Warn on unsupported mitigations= parameter

[Josh Poimboeuf]

On Thu, May 16, 2019 at 09:09:35AM +0200, Geert Uytterhoeven wrote:
> Currently, if the user specifies an unsupported mitigation strategy on
> the kernel command line, it will be ignored silently.  The code will
> fall back to the default strategy, possibly leaving the system more
> vulnerable than expected.
> 
> This may happen due to e.g. a simple typo, or, for a stable kernel
> release, because not all mitigation strategies have been backported.
> 
> Inform the user by printing a message.
> 
> Fixes: 98af8452945c5565 ("cpu/speculation: Add 'mitigations=' cmdline option")
> Cc: stable@vger.kernel.org
> Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
> ---
>  kernel/cpu.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/kernel/cpu.c b/kernel/cpu.c
> index f2ef10460698e9ec..8458fda00e6ddb88 100644
> --- a/kernel/cpu.c
> +++ b/kernel/cpu.c
> @@ -2339,6 +2339,9 @@ static int __init mitigations_parse_cmdline(char *arg)
>  		cpu_mitigations = CPU_MITIGATIONS_AUTO;
>  	else if (!strcmp(arg, "auto,nosmt"))
>  		cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
> +	else
> +		pr_crit("Unsupported mitigations=%s, system may still be vulnerable\n",
> +			arg);
>  
>  	return 0;
>  }
> -- 
> 2.17.1
> 

Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>

-- 
Josh

[tip:smp/urgent] cpu/speculation: Warn on unsupported mitigations= parameter

[tip-bot for Geert Uytterhoeven]

Commit-ID:  1bf72720281770162c87990697eae1ba2f1d917a
Gitweb:     https://git.kernel.org/tip/1bf72720281770162c87990697eae1ba2f1d917a
Author:     Geert Uytterhoeven <geert@linux-m68k.org>
AuthorDate: Thu, 16 May 2019 09:09:35 +0200
Committer:  Thomas Gleixner <tglx@linutronix.de>
CommitDate: Wed, 26 Jun 2019 16:56:21 +0200

cpu/speculation: Warn on unsupported mitigations= parameter

Currently, if the user specifies an unsupported mitigation strategy on the
kernel command line, it will be ignored silently.  The code will fall back
to the default strategy, possibly leaving the system more vulnerable than
expected.

This may happen due to e.g. a simple typo, or, for a stable kernel release,
because not all mitigation strategies have been backported.

Inform the user by printing a message.

Fixes: 98af8452945c5565 ("cpu/speculation: Add 'mitigations=' cmdline option")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20190516070935.22546-1-geert@linux-m68k.org

---
 kernel/cpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/cpu.c b/kernel/cpu.c
index 077fde6fb953..551db494f153 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2339,6 +2339,9 @@ static int __init mitigations_parse_cmdline(char *arg)
 		cpu_mitigations = CPU_MITIGATIONS_AUTO;
 	else if (!strcmp(arg, "auto,nosmt"))
 		cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
+	else
+		pr_crit("Unsupported mitigations=%s, system may still be vulnerable\n",
+			arg);
 
 	return 0;
 }