public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Ingo Molnar <mingo@kernel.org>
To: Breno Leitao <leitao@debian.org>
Cc: tglx@linutronix.de, bp@alien8.de, Ingo Molnar <mingo@redhat.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Josh Poimboeuf <jpoimboe@kernel.org>,
	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
	leit@meta.com,
	"open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" 
	<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v4] x86/bugs: Add a separate config for each mitigation
Date: Wed, 11 Oct 2023 23:59:47 +0200	[thread overview]
Message-ID: <ZSca08rnmZfkONEH@gmail.com> (raw)
In-Reply-To: <20231010103028.4192223-1-leitao@debian.org>


* Breno Leitao <leitao@debian.org> wrote:

> +config MITIGATE_MDS
> +	bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug"

> +config MITIGATE_TAA
> +	bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug"

> +config MITIGATE_MMIO_STALE_DATA
> +	bool "Mitigate MMIO Stale Data hardware bug"

> +config MITIGATE_L1TF
> +	bool "Mitigate L1 Terminal Fault (L1TF) hardware bug"

> +config MITIGATE_RETBLEED
> +	bool "Mitigate RETBleed hardware bug"

> +config MITIGATE_SPECTRE_V1
> +	bool "Mitigate SPECTRE V1 hardware bug"

> +config MITIGATE_SPECTRE_V2
> +	bool "Mitigate SPECTRE V2 hardware bug"

> +config MITIGATE_SRBDS
> +	bool "Mitigate Special Register Buffer Data Sampling (SRBDS) hardware bug"

> +config MITIGATE_SSB
> +	bool "Mitigate Speculative Store Bypass (SSB) hardware bug"

> +#if IS_ENABLED(CONFIG_MITIGATE_RETBLEED)
>  static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init =
>  	RETBLEED_CMD_AUTO;
> +#else
> +static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init =
> +	RETBLEED_CMD_OFF;
> +#endif

1)

Yeah, so this #ifdeffery is unnecessarily ugly - we can actually assign 
integer values in the Kconfig language and use that for initialization.

Is there a reason why we wouldn't want to do something like:

	static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init = CONFIG_BOOT_DEFAULT_X86_MITIGATE_RETBLEED;

... or so?

2)

The new Kconfig namespace should probably be X86_MITIGATE_*, so that we 
don't crowd the generic kernel's Kconfig namespace.

3)

And yes, now that the rush of CPU vulnerabilities seems to be ebbing, we 
should probably consider unifying the existing hodgepodge of mitigation 
Kconfig options as well, to not build up even more technical debt.

The churn factor seems moderate:

  kepler:~/tip> git grep CONFIG_RETPOLINE | wc -l
  52

  kepler:~/tip> git grep RETHUNK | wc -l
  42

  kepler:~/tip> git grep CALL_DEPTH_TRACKING | wc -l
  24

... and since most of this code is maintained in the same tree, the usual 
arguments against churn (interfering with other Git trees) does not apply 
nearly as much.

4)

Fourth, I think we should inform users (in the boot log) when a kernel 
.config changes a mitigation default value compared from what the upstream 
kernel thinks is a suitable default.

Sometimes it can be a simple configuration mistake, or a user might have 
different opinion about the importance of a particular mitigation. Nothing 
heavy-handed, just a simple pr_info() table of changes?

Thanks,

	Ingo

  parent reply	other threads:[~2023-10-11 21:59 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-10 10:30 [PATCH v4] x86/bugs: Add a separate config for each mitigation Breno Leitao
2023-10-11  4:42 ` Josh Poimboeuf
2023-10-11 12:20   ` Breno Leitao
2023-10-11 16:49     ` Josh Poimboeuf
2023-10-11 19:03   ` Borislav Petkov
2023-10-11 22:03     ` Josh Poimboeuf
2023-10-12  7:29       ` Borislav Petkov
2023-10-12 16:48         ` Josh Poimboeuf
2023-10-15 15:06           ` Borislav Petkov
2023-10-16 10:07         ` Ingo Molnar
2023-10-16 12:46           ` Borislav Petkov
2023-10-17 15:08             ` Breno Leitao
2023-10-11 21:59 ` Ingo Molnar [this message]
2023-10-12 13:02   ` Breno Leitao
2023-10-12 17:05     ` Josh Poimboeuf
2023-10-12 18:51       ` Ingo Molnar
2023-10-12 20:43         ` Josh Poimboeuf
2023-10-13 10:50           ` Ingo Molnar
2023-10-15 14:11             ` Josh Poimboeuf
2023-10-16  9:45               ` Ingo Molnar
2023-10-17 17:15                 ` Josh Poimboeuf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZSca08rnmZfkONEH@gmail.com \
    --to=mingo@kernel.org \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jpoimboe@kernel.org \
    --cc=leit@meta.com \
    --cc=leitao@debian.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pawan.kumar.gupta@linux.intel.com \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox