Re: [PATCH 1/2] cpu: Re-enable CPU mitigations by default for !X86 architectures

From: Sean Christopherson
Date: Fri Apr 19 2024 - 19:57:13 EST


On Fri, Apr 19, 2024, Josh Poimboeuf wrote:
> On Fri, Apr 19, 2024 at 09:46:58AM -0700, Sean Christopherson wrote:
> > > It seems confusing to have two config options which have very similar
> > > names and similar purposes (with subtle differences depending on the
> > > arch).
> > >
> > > How about we instead just get rid of the x86-specific
> > > SPECULATION_MITIGATIONS and replace it with a menu which depends on
> > > CPU_MITIGATIONS:
> >
> > Huh, didn't realize that was possible.
> >
> > I agree that having two things for the same thing is confusing, though Boris'
> > idea to do s/SPECULATION_MITIGATIONS/X86_CPU_MITIGATIONS would help a fair bit
> > on that front.
> >
> > My only hesitation is that x86's menu and the common config knob end up in
> > completely different locations.
>
> I'm thinking this is a minor issue because CPU_MITIGATIONS is enabled by
> default, so it should almost always be enabled unless the user disables
> it, in which case they wouldn't be looking for the x86-specific
> mitigations anyway.

Yeah, this isn't a sticking point by any means.

Oh, and another hiccup I almost forgot about (I just recalled Geert's report).
Letting CPU_MITIGATIONS be disabled for every arch at compile time will obsolete
a small amount of kernel code, e.g. arm64 explicitly says "disabled by command
line option" in a few places.

Those are easy enough to fixup though, but it's not clear that other architectures
*want* to allow mitigations to be completely compiled out. x86 appears to be
relatively unique in that it has a bajillion different things being mitigated.

Rather than making CPU_MITIGATIONS configured for all architectures, what if
use another Kconfig to tell common code that arch code has already defined
CPU_MITIGATIONS? The big downside is that if another arch does end up letting
the user disable CPU_MITIGATIONS, then we'll probably end up duplicating the
help text. But again, it's not clear that any other arch wants to allow that,
i.e. we can cross that bridge if we come to it.

config ARCH_CONFIGURES_CPU_MITIGATIONS
bool

if !ARCH_CONFIGURES_CPU_MITIGATIONS
config CPU_MITIGATIONS
def_bool y
endif


> Regardless it seems very common for a menu "depends on" to be in a
> different file. We could put CPU_MITIGATIONS in arch/Kconfig which is a
> fairly logical place for the dependency.

Yeah, arch/Kconfig is probably better than init/Kconfig.

Given that it's late on Friday, I'll somewhat speculatively (ba-dump ching!) post
a v2, and Cc Linus to explain the mess so that he can apply it directly if he
thinks it's urgent enough to squeeze into -rc5, and if if my idea isn't completely
off the rails.