RE: [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation
From: Kaplan, David
Date: Tue Oct 08 2024 - 10:31:38 EST
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Nikolay Borisov <nik.borisov@xxxxxxxx>
> Sent: Tuesday, October 8, 2024 3:33 AM
> To: Kaplan, David <David.Kaplan@xxxxxxx>; Thomas Gleixner
> <tglx@xxxxxxxxxxxxx>; Borislav Petkov <bp@xxxxxxxxx>; Peter Zijlstra
> <peterz@xxxxxxxxxxxxx>; Josh Poimboeuf <jpoimboe@xxxxxxxxxx>; Pawan Gupta
> <pawan.kumar.gupta@xxxxxxxxxxxxxxx>; Ingo Molnar <mingo@xxxxxxxxxx>; Dave
> Hansen <dave.hansen@xxxxxxxxxxxxxxx>; x86@xxxxxxxxxx; H . Peter Anvin
> <hpa@xxxxxxxxx>
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On 12.09.24 г. 22:08 ч., David Kaplan wrote:
> > Restructure retbleed mitigation to use select/update/apply functions
> > to create consistent vulnerability handling. The
> > retbleed_update_mitigation() simplifies the dependency between spectre_v2 and
> retbleed.
> >
> > The command line options now directly select a preferred mitigation
> > which simplifies the logic.
> >
> > Signed-off-by: David Kaplan <david.kaplan@xxxxxxx>
> > ---
> > arch/x86/kernel/cpu/bugs.c | 168 ++++++++++++++++---------------------
> > 1 file changed, 73 insertions(+), 95 deletions(-)
> >
>
> <snip>
>
> > static void __init retbleed_select_mitigation(void)
> > {
> > - bool mitigate_smt = false;
> > -
> > if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off())
> > return;
> >
> > - switch (retbleed_cmd) {
> > - case RETBLEED_CMD_OFF:
> > - return;
> > -
> > - case RETBLEED_CMD_UNRET:
> > - if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
> > - retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
> > - } else {
> > + switch (retbleed_mitigation) {
> > + case RETBLEED_MITIGATION_UNRET:
> > + if (!IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
> > + retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
> > pr_err("WARNING: kernel not compiled with
> MITIGATION_UNRET_ENTRY.\n");
> > - goto do_cmd_auto;
> > }
> > break;
> > -
> > - case RETBLEED_CMD_IBPB:
> > - if (!boot_cpu_has(X86_FEATURE_IBPB)) {
> > - pr_err("WARNING: CPU does not support IBPB.\n");
> > - goto do_cmd_auto;
> > - } else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
> > - retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
> > - } else {
> > - pr_err("WARNING: kernel not compiled with
> MITIGATION_IBPB_ENTRY.\n");
> > - goto do_cmd_auto;
> > + case RETBLEED_MITIGATION_IBPB:
> > + if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
>
> This check is redundant, if this leg of the switch is executed it's because
> retbleed_mitigation is already RETBLEED_MITIGATIOB_IBPB.
Yes, thanks for catching that. Will fix.
--David Kaplan