| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<LV3PR12MB9265DDB4E587963617DD8BA594C5A@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Wed, 5 Nov 2025 20:21:08 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Borislav Petkov <bp@...en8.de>, Josh Poimboeuf <jpoimboe@...nel.org>
CC: Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra
<peterz@...radead.org>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Ingo
Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
"x86@...nel.org" <x86@...nel.org>, "H . Peter Anvin" <hpa@...or.com>,
Alexander Graf <graf@...zon.com>, Boris Ostrovsky
<boris.ostrovsky@...cle.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH 05/56] x86/bugs: Reset spectre_v2 mitigations
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Borislav Petkov <bp@...en8.de>
> Sent: Wednesday, November 5, 2025 2:05 PM
> To: Josh Poimboeuf <jpoimboe@...nel.org>
> Cc: Kaplan, David <David.Kaplan@....com>; Thomas Gleixner
> <tglx@...utronix.de>; Peter Zijlstra <peterz@...radead.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>;
> Dave Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter
> Anvin <hpa@...or.com>; Alexander Graf <graf@...zon.com>; Boris
> Ostrovsky <boris.ostrovsky@...cle.com>; linux-kernel@...r.kernel.org
> Subject: Re: [RFC PATCH 05/56] x86/bugs: Reset spectre_v2 mitigations
>
> Caution: This message originated from an External Source. Use proper
> caution when opening attachments, clicking links, or responding.
>
>
> On Wed, Nov 05, 2025 at 09:06:36AM -0800, Josh Poimboeuf wrote:
> > Nope, these patches don't add any forward declarations because they
> > sanely put the caller below the callees.
>
> Not happy about the added ifdeffery tho. I guess we can move it inside the
> functions themselves or mark them __maybe_unused - whatever makes the
> compilers not complain.
>
> > We should put cpu_select_mitigations() at the bottom too, then all those
> > existing forward declarations can go away.
>
> That's a good idea. We should, if it doesn't get too hairy.
>
> > I don't see how the solution to "too many functions" is to start
> > squirreling away some arbitrary parts of (otherwise logically separated)
> > code in a hidden uber-function away from the rest?
>
> I aim for this file to "keep it as simple as possible and leave enough
> breadcrumbs as possible for later."
>
> But your argument about keeping all the mitigations and their functions
> together has some merit too.
>
> Maybe we should do
>
> arch/x86/kernel/cpu/bugs/mtg_<bla>.c
> arch/x86/kernel/cpu/bugs/mtg_<foo>.c
>
> :-P
>
> > If "functions bad" then why not make cpu_select_mitigations() one big
> > happy function with a ton of comments? Just think of all the function
> > savings ;-)
>
> If it makes it more readable, always. But I see your point.
>
Josh's thinking was aligned with my original thinking. And if the #ifdefs are the only problem, I think I can just make them __maybe_unused instead.
That said, using a single function also allows for some de-duplication of code. There are several mitigations that all use the same feature flags or other things (like x86_return_thunk) and those only need to be reset once. Having them all in a single function makes that easier to optimize if desired. Here's the single function version if you want to check that out and see if this is better or not:
void arch_cpu_reset_mitigations(void)
{
/* Re-enable SMT in case it was disabled before. */
if (cpu_smt_control == CPU_SMT_DISABLED)
bugs_smt_disable(true);
/* Spectre v1 */
setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_USER);
setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_KERNEL);
spectre_v1_mitigation = SPECTRE_V1_MITIGATION_AUTO;
/* Spectre v2 */
x86_spec_ctrl_base &= ~SPEC_CTRL_IBRS;
x86_spec_ctrl_base &= ~SPEC_CTRL_RRSBA_DIS_S;
rrsba_disabled = false;
setup_clear_cpu_cap(X86_FEATURE_KERNEL_IBRS);
setup_clear_cpu_cap(X86_FEATURE_RETPOLINE_LFENCE);
setup_clear_cpu_cap(X86_FEATURE_RETPOLINE);
setup_clear_cpu_cap(X86_FEATURE_RSB_CTXSW);
setup_clear_cpu_cap(X86_FEATURE_USE_IBPB_FW);
spectre_v2_enabled = SPECTRE_V2_NONE;
nospectre_v2 = false;
spectre_v2_cmd = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_V2) ?
SPECTRE_V2_CMD_AUTO : SPECTRE_V2_CMD_NONE;
/* Retbleed */
setup_clear_cpu_cap(X86_FEATURE_RETHUNK);
setup_clear_cpu_cap(X86_FEATURE_UNRET);
setup_clear_cpu_cap(X86_FEATURE_ENTRY_IBPB);
setup_clear_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
setup_clear_cpu_cap(X86_FEATURE_CALL_DEPTH);
x86_return_thunk = __x86_return_thunk;
retbleed_mitigation = IS_ENABLED(CONFIG_MITIGATION_RETBLEED) ?
RETBLEED_MITIGATION_AUTO : RETBLEED_MITIGATION_NONE;
/* Spectre v2 user */
static_branch_disable(&switch_vcpu_ibpb);
static_branch_disable(&switch_mm_always_ibpb);
static_branch_disable(&switch_mm_cond_ibpb);
spectre_v2_user_stibp = SPECTRE_V2_USER_NONE;
spectre_v2_user_ibpb = SPECTRE_V2_USER_NONE;
spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_AUTO;
/* SSB */
setup_clear_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE);
x86_spec_ctrl_base &= ~SPEC_CTRL_SSBD;
nossb = false;
ssb_mode = IS_ENABLED(CONFIG_MITIGATION_SSB) ?
SPEC_STORE_BYPASS_AUTO : SPEC_STORE_BYPASS_NONE;
/* L1TF */
setup_clear_cpu_cap(X86_FEATURE_L1TF_PTEINV);
l1tf_mitigation = IS_ENABLED(CONFIG_MITIGATION_L1TF) ?
L1TF_MITIGATION_AUTO : L1TF_MITIGATION_OFF;
/* MDS */
setup_clear_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
static_branch_disable(&cpu_buf_idle_clear);
mds_mitigation = IS_ENABLED(CONFIG_MITIGATION_MDS) ?
MDS_MITIGATION_AUTO : MDS_MITIGATION_OFF;
/* MMIO */
static_branch_disable(&cpu_buf_vm_clear);
mmio_mitigation = IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ?
MMIO_MITIGATION_AUTO : MMIO_MITIGATION_OFF;
/* SRBDS */
srbds_mitigation = IS_ENABLED(CONFIG_MITIGATION_SRBDS) ?
SRBDS_MITIGATION_AUTO : SRBDS_MITIGATION_OFF;
/* SRSO */
setup_clear_cpu_cap(X86_FEATURE_SRSO_ALIAS);
setup_clear_cpu_cap(X86_FEATURE_SRSO);
x86_pred_cmd = PRED_CMD_IBPB;
srso_mitigation = SRSO_MITIGATION_AUTO;
/* GDS */
gds_mitigation = IS_ENABLED(CONFIG_MITIGATION_GDS) ?
GDS_MITIGATION_AUTO : GDS_MITIGATION_OFF;
/* BHI */
setup_clear_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT);
setup_clear_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP);
setup_clear_cpu_cap(X86_FEATURE_CLEAR_BHB_HW);
x86_spec_ctrl_base &= ~SPEC_CTRL_BHI_DIS_S;
bhi_mitigation = IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ?
BHI_MITIGATION_AUTO : BHI_MITIGATION_OFF;
/* ITS */
setup_clear_cpu_cap(X86_FEATURE_INDIRECT_THUNK_ITS);
its_mitigation = IS_ENABLED(CONFIG_MITIGATION_ITS) ?
ITS_MITIGATION_AUTO : ITS_MITIGATION_OFF;
/* TSA */
setup_clear_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF_VM);
tsa_mitigation =
IS_ENABLED(CONFIG_MITIGATION_TSA) ? TSA_MITIGATION_AUTO : TSA_MITIGATION_NONE;
/* VMSCAPE */
setup_clear_cpu_cap(X86_FEATURE_IBPB_EXIT_TO_USER);
vmscape_mitigation = IS_ENABLED(CONFIG_MITIGATION_VMSCAPE) ?
VMSCAPE_MITIGATION_AUTO : VMSCAPE_MITIGATION_NONE;
}
--David Kaplan
Powered by blists - more mailing lists