Re: [PATCH 6/6] x86/bugs: Clean-up verw mitigations

From: Nikolay Borisov
Date: Wed Oct 02 2024 - 10:56:40 EST




On 2.10.24 г. 17:46 ч., Daniel Sneddon wrote:
On 10/2/24 07:20, Nikolay Borisov wrote:
+ if (boot_cpu_has_bug(X86_BUG_MDS)) {
mds_mitigation = MDS_MITIGATION_FULL;
mds_select_mitigation();
+ } else {
+ mds_mitigation = MDS_MITIGATION_OFF;
}

BUt with this logic if CONFIG_MITIGATION_MDS is deselected meaning
mds_mitigations will have the value MDS_MITIGATION_OFF, yet now you will
set it to _FULL thereby overriding the compile-time value of the user.
So shouldn't this condition be augmented to alsoo consider
CONFIG_MITIGATION_MDS compile time value?

CONFIG_MITIGATION_MDS is used to set the value of the mds_mitigation variable.
Same goes for all the other mitigations touched here. Those variables are
checked in verw_mitigations_disabled() which is called just before this code. If
all of them are configured off, we return without enabling any of the mitigations.

Ah, indeed.

Reviewed-by: Nikolay Borisov <nik.borisov@xxxxxxxx>