Re: [PATCH v5 3/3] x86/bugs: Add 'spectre_bhi=vmexit' cmdline option
From: Nikolay Borisov
Date: Thu May 09 2024 - 04:22:15 EST
On 9.05.24 г. 8:24 ч., Josh Poimboeuf wrote:
On Wed, May 08, 2024 at 06:10:21PM +0300, Nikolay Borisov wrote:
@@ -1659,19 +1662,22 @@ static void __init bhi_select_mitigation(void)
return;
}
+ /* Mitigate in hardware if supported */
if (spec_ctrl_bhi_dis())
return;
if (!IS_ENABLED(CONFIG_X86_64))
return;
- /* Mitigate KVM by default */
- setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT);
- pr_info("Spectre BHI mitigation: SW BHB clearing on vm exit\n");
+ if (bhi_mitigation == BHI_MITIGATION_VMEXIT_ONLY) {
+ pr_info("Spectre BHI mitigation: SW BHB clearing on vm exit only\n");
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT);
+ return;
+ }
nit: How about setting CLEAR_BHB_LOOP_ON_VMEXIT unconditionally, then
afterwards checking if MITIGATION_VMEXIT_ONLY is set and if yes simply
return, that way you don't duplicate the setup of the VMEXIT code
I think the duplication actually makes it more readable. In both cases
it puts the setting of the features together along with the
corresponding pr_info().
Right, my suggestion also meant that setting + pr info will be together,
unconditional and if MITIGATION_VMEXIT_ONLY is set we return early,
without setting X86_FEATURE_CLEAR_BHB_LOOP. In any case it's a minor
remark, feel free to ignore.
Reviewed-by: Nikolay Borisov <nik.borisov@xxxxxxxx>