1. Patchew
  2. linux
  3. [RFC PATCH 00/34] x86/bugs: Attack vector controls
  4. View patch

[RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation

David Kaplan posted 34 patches 2 months, 2 weeks ago
There is a newer version of this series
[RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation
Posted by David Kaplan 2 months, 2 weeks ago 
Restructure bhi mitigation to use select/apply functions to create
consistent vulnerability handling.

Define new AUTO mitigation for bhi.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
 arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index eaef5a1cb4a3..da6ca2fc939d 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -82,6 +82,8 @@ static void __init l1d_flush_select_mitigation(void);
 static void __init srso_select_mitigation(void);
 static void __init gds_select_mitigation(void);
 static void __init gds_apply_mitigation(void);
+static void __init bhi_select_mitigation(void);
+static void __init bhi_apply_mitigation(void);
 
 /* The base value of the SPEC_CTRL MSR without task-specific bits set */
 u64 x86_spec_ctrl_base;
@@ -201,6 +203,7 @@ void __init cpu_select_mitigations(void)
 	 */
 	srso_select_mitigation();
 	gds_select_mitigation();
+	bhi_select_mitigation();
 
 	/*
 	 * After mitigations are selected, some may need to update their
@@ -222,6 +225,7 @@ void __init cpu_select_mitigations(void)
 	rfds_apply_mitigation();
 	srbds_apply_mitigation();
 	gds_apply_mitigation();
+	bhi_apply_mitigation();
 }
 
 /*
@@ -1719,12 +1723,13 @@ static bool __init spec_ctrl_bhi_dis(void)
 
 enum bhi_mitigations {
 	BHI_MITIGATION_OFF,
+	BHI_MITIGATION_AUTO,
 	BHI_MITIGATION_ON,
 	BHI_MITIGATION_VMEXIT_ONLY,
 };
 
 static enum bhi_mitigations bhi_mitigation __ro_after_init =
-	IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ? BHI_MITIGATION_ON : BHI_MITIGATION_OFF;
+	IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ? BHI_MITIGATION_AUTO : BHI_MITIGATION_OFF;
 
 static int __init spectre_bhi_parse_cmdline(char *str)
 {
@@ -1745,6 +1750,18 @@ static int __init spectre_bhi_parse_cmdline(char *str)
 early_param("spectre_bhi", spectre_bhi_parse_cmdline);
 
 static void __init bhi_select_mitigation(void)
+{
+	if (!boot_cpu_has(X86_BUG_BHI) || cpu_mitigations_off())
+		return;
+
+	if (bhi_mitigation == BHI_MITIGATION_OFF)
+		return;
+
+	if (bhi_mitigation == BHI_MITIGATION_AUTO)
+		bhi_mitigation = BHI_MITIGATION_ON;
+}
+
+static void __init bhi_apply_mitigation(void)
 {
 	if (bhi_mitigation == BHI_MITIGATION_OFF)
 		return;
@@ -1876,9 +1893,6 @@ static void __init spectre_v2_select_mitigation(void)
 	    mode == SPECTRE_V2_RETPOLINE)
 		spec_ctrl_disable_kernel_rrsba();
 
-	if (boot_cpu_has(X86_BUG_BHI))
-		bhi_select_mitigation();
-
 	spectre_v2_enabled = mode;
 	pr_info("%s\n", spectre_v2_strings[mode]);
 
-- 
2.34.1
Re: [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation
Posted by Nikolay Borisov 1 month, 3 weeks ago 

On 12.09.24 г. 22:08 ч., David Kaplan wrote:
> Restructure bhi mitigation to use select/apply functions to create
> consistent vulnerability handling.
> 
> Define new AUTO mitigation for bhi.
> 
> Signed-off-by: David Kaplan <david.kaplan@amd.com>
> ---
>   arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++----
>   1 file changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index eaef5a1cb4a3..da6ca2fc939d 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -82,6 +82,8 @@ static void __init l1d_flush_select_mitigation(void);
>   static void __init srso_select_mitigation(void);
>   static void __init gds_select_mitigation(void);
>   static void __init gds_apply_mitigation(void);
> +static void __init bhi_select_mitigation(void);
> +static void __init bhi_apply_mitigation(void);
>   
>   /* The base value of the SPEC_CTRL MSR without task-specific bits set */
>   u64 x86_spec_ctrl_base;
> @@ -201,6 +203,7 @@ void __init cpu_select_mitigations(void)
>   	 */
>   	srso_select_mitigation();
>   	gds_select_mitigation();
> +	bhi_select_mitigation();
>   
>   	/*
>   	 * After mitigations are selected, some may need to update their
> @@ -222,6 +225,7 @@ void __init cpu_select_mitigations(void)
>   	rfds_apply_mitigation();
>   	srbds_apply_mitigation();
>   	gds_apply_mitigation();
> +	bhi_apply_mitigation();
>   }
>   
>   /*
> @@ -1719,12 +1723,13 @@ static bool __init spec_ctrl_bhi_dis(void)
>   
>   enum bhi_mitigations {
>   	BHI_MITIGATION_OFF,
> +	BHI_MITIGATION_AUTO,
>   	BHI_MITIGATION_ON,
>   	BHI_MITIGATION_VMEXIT_ONLY,
>   };


Since this series refactors all mitigations how about taking ON to mean 
AUTO which would result in overall less states for the various 
mitigations. If we take BHI as an example I don't see what value does 
_AUTO bring here.

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.