RE: [RFC PATCH 04/56] x86/bugs: Reset spectre_v1 mitigations

[Kaplan, David]

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Borislav Petkov <bp@xxxxxxxxx>
> Sent: Wednesday, October 29, 2025 6:57 AM
> To: Kaplan, David <David.Kaplan@xxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>; Peter Zijlstra <peterz@xxxxxxxxxxxxx>;
> Josh Poimboeuf <jpoimboe@xxxxxxxxxx>; Pawan Gupta
> <pawan.kumar.gupta@xxxxxxxxxxxxxxx>; Ingo Molnar <mingo@xxxxxxxxxx>; Dave
> Hansen <dave.hansen@xxxxxxxxxxxxxxx>; x86@xxxxxxxxxx; H . Peter Anvin
> <hpa@xxxxxxxxx>; Alexander Graf <graf@xxxxxxxxxx>; Boris Ostrovsky
> <boris.ostrovsky@xxxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: [RFC PATCH 04/56] x86/bugs: Reset spectre_v1 mitigations
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Oct 13, 2025 at 09:33:52AM -0500, David Kaplan wrote:
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 6a526ae1fe99..9d5c6a3e50e1 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -46,6 +46,8 @@
> >   *                              may want to change based on other choices
> >   *                              made.  This function is optional.
> >   *   <vuln>_apply_mitigation() -- Enable the selected mitigation.
> > + *   <vuln>_reset_mitigation() -- Undo's the apply_mitigation step, this is used
>
> "Undoes" no?

Yes, will fix

>
> > + *                             with runtime mitigation patching.
> >   *
> >   * The compile-time mitigation in all cases should be AUTO.  An explicit
> >   * command-line option can override AUTO.  If no such option is
> > @@ -1247,6 +1249,15 @@ static void __init spectre_v1_apply_mitigation(void)
> >       pr_info("%s\n", spectre_v1_strings[spectre_v1_mitigation]);
> >  }
> >
> > +#ifdef CONFIG_DYNAMIC_MITIGATIONS
> > +static void spectre_v1_reset_mitigation(void)
> > +{
> > +     setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_USER);
> > +     setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_KERNEL);
> > +     spectre_v1_mitigation = SPECTRE_V1_MITIGATION_AUTO;
> > +}
> > +#endif
>
> Right, let's see in the end what is easier: we have the cross-dependencies
> between mitigations so having separate "undo" functions might require them to
> run in reverse order to the "apply" functions. I can imagine a single "undo"
> function would be easier because you have everything in one place.
>
> We'll see.
>

We have cross-dependencies around the *selection* of mitigations, but not around the application of them.  There is no ordering requirement around the *_apply_mitigation() functions.  As such I would not expect (and have not observed) any ordering requirements around the reset functions.

--David Kaplan