Re: [RFC PATCH 05/56] x86/bugs: Reset spectre_v2 mitigations

Next message: Zilin Guan: "[PATCH] binfmt_misc: restore write access before closing files opened by open_exec()"
Previous message: Khairul Anuar Romli: "[PATCH v5 2/2] arm64: dts: intel: Add Agilex5 SVC node with memory region"
In reply to: Borislav Petkov: "Re: [RFC PATCH 05/56] x86/bugs: Reset spectre_v2 mitigations"
Next in thread: Borislav Petkov: "Re: [RFC PATCH 05/56] x86/bugs: Reset spectre_v2 mitigations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Josh Poimboeuf

Date: Tue Nov 04 2025 - 21:29:23 EST

On Mon, Nov 03, 2025 at 09:28:11PM +0100, Borislav Petkov wrote:
> On Mon, Nov 03, 2025 at 08:10:39PM +0000, Kaplan, David wrote:
> > Do you really want it all in one big function? Or just to relocate all the
> > *_reset_mitigation() functions to a single place so they can all go under
> > one ifdef?
> >
> > I can do it in one big function, but it'd probably look something like:
> >
> > /* Reset spectre_v1 */
> > setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_USER);
> > setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_KERNEL);
> > spectre_v1_mitigation = SPECTRE_V1_MITIGATION_AUTO;
> > /* Reset mds */
> > setup_clear_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
> > static_branch_disable(&cpu_buf_idle_clear);
> > mds_mitigation = IS_ENABLED(CONFIG_MITIGATION_MDS) ?
> > MDS_MITIGATION_AUTO : MDS_MITIGATION_OFF;
> > /* Reset spectre_v2 */
> > Etc.
>
> Yap, that's what I thought too.
>
> Since there's no point to have separate functions, the comment separation is
> perfectly sufficient, I'd say.

Separate functions allows each reset function to stay close to its
select/update/apply counterparts. That makes it easier to tell that
it's undoing all the right things. Plus it preserves the existing
logical code layout/separation between mitigations.

--
Josh