RE: [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation

From: Kaplan, David
Date: Tue Oct 08 2024 - 10:30:32 EST

Next message: Devaansh-Kumar: "[PATCH] sched_ext: Documentation: Update instructions for running example schedulers"
Previous message: Menglong Dong: "[PATCH net-next v6 12/12] net: vxlan: use kfree_skb_reason() in encap_bypass_if_local()"
In reply to: Nikolay Borisov: "Re: [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Nikolay Borisov <nik.borisov@xxxxxxxx>
> Sent: Tuesday, October 8, 2024 7:42 AM
> To: Kaplan, David <David.Kaplan@xxxxxxx>; Thomas Gleixner
> <tglx@xxxxxxxxxxxxx>; Borislav Petkov <bp@xxxxxxxxx>; Peter Zijlstra
> <peterz@xxxxxxxxxxxxx>; Josh Poimboeuf <jpoimboe@xxxxxxxxxx>; Pawan Gupta
> <pawan.kumar.gupta@xxxxxxxxxxxxxxx>; Ingo Molnar <mingo@xxxxxxxxxx>; Dave
> Hansen <dave.hansen@xxxxxxxxxxxxxxx>; x86@xxxxxxxxxx; H . Peter Anvin
> <hpa@xxxxxxxxx>
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On 12.09.24 г. 22:08 ч., David Kaplan wrote:
> > Restructure bhi mitigation to use select/apply functions to create
> > consistent vulnerability handling.
> >
> > Define new AUTO mitigation for bhi.
> >
> > Signed-off-by: David Kaplan <david.kaplan@xxxxxxx>
> > ---
> > arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++----
> > 1 file changed, 18 insertions(+), 4 deletions(-)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index eaef5a1cb4a3..da6ca2fc939d 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -82,6 +82,8 @@ static void __init l1d_flush_select_mitigation(void);
> > static void __init srso_select_mitigation(void);
> > static void __init gds_select_mitigation(void);
> > static void __init gds_apply_mitigation(void);
> > +static void __init bhi_select_mitigation(void); static void __init
> > +bhi_apply_mitigation(void);
> >
> > /* The base value of the SPEC_CTRL MSR without task-specific bits set */
> > u64 x86_spec_ctrl_base;
> > @@ -201,6 +203,7 @@ void __init cpu_select_mitigations(void)
> > */
> > srso_select_mitigation();
> > gds_select_mitigation();
> > + bhi_select_mitigation();
> >
> > /*
> > * After mitigations are selected, some may need to update their
> > @@ -222,6 +225,7 @@ void __init cpu_select_mitigations(void)
> > rfds_apply_mitigation();
> > srbds_apply_mitigation();
> > gds_apply_mitigation();
> > + bhi_apply_mitigation();
> > }
> >
> > /*
> > @@ -1719,12 +1723,13 @@ static bool __init spec_ctrl_bhi_dis(void)
> >
> > enum bhi_mitigations {
> > BHI_MITIGATION_OFF,
> > + BHI_MITIGATION_AUTO,
> > BHI_MITIGATION_ON,
> > BHI_MITIGATION_VMEXIT_ONLY,
> > };
>
>
> Since this series refactors all mitigations how about taking ON to mean AUTO
> which would result in overall less states for the various mitigations. If we take BHI
> as an example I don't see what value does _AUTO bring here.

In this (and the other bugs), AUTO means that no bug-specific command line option was provided. In this way we can differentiate between no option provided (in which case attack vector controls will decide if mitigation is needed) or "bhi=on" which will force the bhi mitigation on even if the attack vector controls would otherwise leave it disabled.

--David Kaplan

Next message: Devaansh-Kumar: "[PATCH] sched_ext: Documentation: Update instructions for running example schedulers"
Previous message: Menglong Dong: "[PATCH net-next v6 12/12] net: vxlan: use kfree_skb_reason() in encap_bypass_if_local()"
In reply to: Nikolay Borisov: "Re: [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]