Re: [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation

From: Nikolay Borisov
Date: Tue Oct 08 2024 - 05:03:41 EST

Next message: Krzysztof Kozlowski: "[PATCH v3 0/6] thermal: scope/cleanup.h improvements"
Previous message: Niklas Schnelle: "Re: [PATCH v6 4/5] tty: serial: handle HAS_IOPORT dependencies"
Next in thread: Kaplan, David: "RE: [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12.09.24 г. 22:08 ч., David Kaplan wrote:

Restructure retbleed mitigation to use select/update/apply functions to
create consistent vulnerability handling. The retbleed_update_mitigation()
simplifies the dependency between spectre_v2 and retbleed.

The command line options now directly select a preferred mitigation
which simplifies the logic.

Signed-off-by: David Kaplan <david.kaplan@xxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 168 ++++++++++++++++---------------------
1 file changed, 73 insertions(+), 95 deletions(-)

<snip>

static void __init retbleed_select_mitigation(void)
{
- bool mitigate_smt = false;
-
if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off())
return;
- switch (retbleed_cmd) {
- case RETBLEED_CMD_OFF:
- return;
-
- case RETBLEED_CMD_UNRET:
- if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
- retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
- } else {
+ switch (retbleed_mitigation) {
+ case RETBLEED_MITIGATION_UNRET:
+ if (!IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
+ retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
pr_err("WARNING: kernel not compiled with MITIGATION_UNRET_ENTRY.\n");
- goto do_cmd_auto;
}
break;
-
- case RETBLEED_CMD_IBPB:
- if (!boot_cpu_has(X86_FEATURE_IBPB)) {
- pr_err("WARNING: CPU does not support IBPB.\n");
- goto do_cmd_auto;
- } else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
- retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
- } else {
- pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
- goto do_cmd_auto;
+ case RETBLEED_MITIGATION_IBPB:
+ if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {

This check is redundant, if this leg of the switch is executed it's because retbleed_mitigation is already RETBLEED_MITIGATIOB_IBPB.

+ if (!boot_cpu_has(X86_FEATURE_IBPB)) {
+ pr_err("WARNING: CPU does not support IBPB.\n");
+ retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
+ } else if (!IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
+ pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
+ retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
+ }
}
break;
-

<snip>

Next message: Krzysztof Kozlowski: "[PATCH v3 0/6] thermal: scope/cleanup.h improvements"
Previous message: Niklas Schnelle: "Re: [PATCH v6 4/5] tty: serial: handle HAS_IOPORT dependencies"
Next in thread: Kaplan, David: "RE: [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]