Re: [PATCH v4] x86/bugs: Add a separate config for each mitigation
From: Josh Poimboeuf
Date: Wed Oct 11 2023 - 00:43:13 EST
On Tue, Oct 10, 2023 at 03:30:27AM -0700, Breno Leitao wrote:
> +config MITIGATE_MDS
> + bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug"
> + depends on CPU_SUP_INTEL
> + default y
> + help
> + Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is
> + a hardware vulnerability which allows unprivileged speculative access
> + to data which is available in various CPU internal buffer. Deeper
> + technical information is available in the MDS specific x86 architecture
> + section: Documentation/arch/x86/mds.rst.
MITIGATE_GDS seems to be missing?
For consistency I'm thinking it would be better to call them
MITIGATION_* rather than MITIGATE_* since they're under the
SPECULATION_MITIGATIONS menuentry, and the bugs code almost exclusively
uses the noun "mitigation" rather than the verb "mitigate".
While we're at it should we go ahead and rename the existing options?
e.g.:
MITIGATION_PAGE_TABLE_ISOLATION
MITIGATION_RETPOLINE
MITIGATION_UNRET_ENTRY
MITIGATION_CALL_DEPTH_TRACKING
MITIGATION_IBPB_ENTRY
MITIGATION_IBRS_ENTRY
MITIGATION_SRSO
MITIGATION_SLS
--
Josh