Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3945118ybt; Sun, 5 Jul 2020 11:24:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwEMz5uf3jpnpYpRbneAPlvEqlfj2X04siEcEUJ0SYNeI6qvzMQ5cUUOkPLE4G5+LwtckIt X-Received: by 2002:a17:906:970a:: with SMTP id k10mr41927093ejx.236.1593973499013; Sun, 05 Jul 2020 11:24:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593973498; cv=none; d=google.com; s=arc-20160816; b=t979QjIk3icVqvVCIasfJ4texBowZFZcKwGPB1NLngHZKiFsIWblvEsWfqHDukGxh9 0hkLRsf3B71vBHmdiqQ4xjrCldYs2mv2GpAACAyHBc4XOiVF93RzPkZG65n09hjFPt88 NWW/fvvaR8sZYjPMEB5C7qk8op8k9ld5nFERqUjC+R8pKWQ/hMqzPIibIn8UGCQHIar/ zpj1/I7UQeQgkjtOBdUinZDYyJByQsAXtbefIrq8XxLjwXpzVrgpixV5xQCDnT/wn7S1 p0P1/73aq02KwWWDscCn8dVgw37oJ7PJFJi8OtzA4mjPoqo3BtfC808D6l4yUOs/tP1y k1fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=HMEHe+br8dXcHI+hB4O6nEY5v7Sg6St98G6CWcHOLAY=; b=g9EV1rzdvtZ+/pRRmL3WWIMjTJW0K+yoDBDF3eg2Z2mIerJB+9mtNNWttqeqHvHoJl zZb7lV/ep0ws3EChJOi24+uWdg1X0P9wMd8d1ebm7uNhRlCDrKMR0PzuuZ7gguOr57oI jZcke1kK8/80N1gZGP/zfizvwqJNKYWMyUGSWhQlam/cq7hHc07Jbeo/SlxhKpnxHrMu dm1UX2on1vwTozSrt5UEnGKBz+MChBvSqhA/WBvkoSuvabfo+x+5VkygkiGfzNwWYoVL PXRjMC25dWKUZuVDdY14dkjG+EhISoxRMuEaoycVOF53qOHcPPOPe/KUgoocZHbnn/xz ngQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="p5/pIAXf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u9si11238588ejo.663.2020.07.05.11.24.35; Sun, 05 Jul 2020 11:24:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="p5/pIAXf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728025AbgGESXU (ORCPT + 99 others); Sun, 5 Jul 2020 14:23:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727892AbgGESXT (ORCPT ); Sun, 5 Jul 2020 14:23:19 -0400 Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8884C061794 for ; Sun, 5 Jul 2020 11:23:18 -0700 (PDT) Received: by mail-io1-xd43.google.com with SMTP id q8so37118989iow.7 for ; Sun, 05 Jul 2020 11:23:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HMEHe+br8dXcHI+hB4O6nEY5v7Sg6St98G6CWcHOLAY=; b=p5/pIAXf3CKYBu7XQ+eET85u6p43lVcZZCEJzOCn6xIig95QPwz/9I/2x+weOJLgxn Cie31azzWN79bqQqUdusC9nA9+hbL9kvsl1MJwazGnkcJn1kiG3l6fQ1dV2Ib6ejFaTp WjCjV1l5Ehh2ZrunNBhIrGkQMyglDkpgtqJ2U/MIXQ8luL+uaTBJn1aWJKcwAkBhMVAX P2IY3nJQcZI7yfOYlFzUvVdgsBKEMcyevYLUwC1XYkeeD6Sw4vzLu0lMNHRQSsnMpPsK 1dNu8PjzqnGWr0G9s2y6gBF3/WNe3mf2YHQmY+3ZgezLAq1YbzpBMbbRVlAbJ+hGGI6R U4qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HMEHe+br8dXcHI+hB4O6nEY5v7Sg6St98G6CWcHOLAY=; b=XkKXmVUj2FzfuI8taGXVpkK8Axm8v4vzhfr4Ae83CeVDKNgDvidkrvKGxJ47lUVYin clhxGLjcMzqG4/bFZ6K6n5AARtjB3jcr+UtjyjWtHfv/N1wskzxwcPNosr5O3ghSzUt3 BnsZM8F2lczHjufYqh8QY0JZPDWE/eueoB9+RUIDrq/DU1OuMRFZfNfZhCizYgbTIn+g mnh5ZvRTl2WgjsFttHT4Tm+Vkjlk0DSCQ2pJWrYnKxdWhE45qs1D/NGpKsq2FFrQCUGt /qop9xrBwTu5r4DwkwwwYWwa/6RFPfkwOQ473KynxBKTRdjo9lXa8zxQyHl920FEMQF9 gEOw== X-Gm-Message-State: AOAM533nuqWVKUoIbQFoc9qXzvM0UzZ7ZUi+KsfUBC9ix7zqZwDOZ5V9 E2IrxQZZSsAB2LlahkW6hKmSMao8qxA+JFQSzv7Tlw== X-Received: by 2002:a5e:cb42:: with SMTP id h2mr21634185iok.43.1593973397858; Sun, 05 Jul 2020 11:23:17 -0700 (PDT) MIME-Version: 1.0 References: <20200702221237.2517080-1-abhishekbh@google.com> <20200703114037.GD2999146@linux.ibm.com> <20200705152304.GE2999146@linux.ibm.com> <5d2ccf3d-b473-cf30-b863-e29bb33b7284@redhat.com> In-Reply-To: <5d2ccf3d-b473-cf30-b863-e29bb33b7284@redhat.com> From: Abhishek Bhardwaj Date: Sun, 5 Jul 2020 11:22:42 -0700 Message-ID: Subject: Re: [PATCH v3] x86/speculation/l1tf: Add KConfig for setting the L1D cache flush mode To: Waiman Long Cc: Mike Rapoport , Doug Anderson , Anthony Steinhauser , LKML , Borislav Petkov , "H. Peter Anvin" , Ingo Molnar , Jim Mattson , Joerg Roedel , Josh Poimboeuf , Mark Gross , Paolo Bonzini , Pawan Gupta , Peter Zijlstra , Sean Christopherson , Thomas Gleixner , Tony Luck , Vitaly Kuznetsov , Wanpeng Li , kvm@vger.kernel.org, x86 Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 5, 2020 at 8:57 AM Waiman Long wrote: > > On 7/5/20 11:23 AM, Mike Rapoport wrote: > >> Nothing prevents people from continuing to use the command line > >> options if they want, right? This just allows a different default. > >> So if a distro is security focused and decided that it wanted a slower > >> / more secure default then it could ship that way but individual users > >> could still override, right? > > Well, nothing prevents you from continuing to use the command line as > > well;-) > > > > I can see why whould you want an ability to select compile time default > > for an option, but I'm really not thrilled by the added ifdefery. > > > > It turns out that CONFIG_KVM_VMENTRY_L1D_FLUSH values match the enum > vmx_l1d_flush_state values. So one way to reduce the ifdefery is to do, > for example, > > +#ifdef CONFIG_KVM_VMENTRY_L1D_FLUSH > +#define VMENTER_L1D_FLUSH_DEFAULT CONFIG_KVM_VMENTRY_L1D_FLUSH > +#else > +#define VMENTER_L1D_FLUSH_DEFAULT VMENTER_L1D_FLUSH_AUTO > #endif > -enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; > +enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_DEFAULT; > > Of course, we may need to add a comment on enum vmx_l1d_flush_state > definition to highlight the dependency of CONFIG_KVM_VMENTRY_L1D_FLUSH > on it to avoid future mismatch. I explicitly wanted to avoid doing that for this very reason. In my opinion this is brittle and bound to be missed sooner or later. I'd rather have the value assignment be explicit rather than some clever hack. Notice, this wouldn't work if the enum values were not contiguous. We just got lucky. Do people feel strongly against this ifdef ladder ? > > Cheers, > Longman > -- Abhishek