Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp3253209rdh; Thu, 28 Sep 2023 07:00:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHp7YB8MKG51LzVb5YUl15bqUibe1PlGAkC7hUmQx0CJqX315sh/VAUQaWb0nxxWvj4A4Vb X-Received: by 2002:a05:6358:4187:b0:143:4fd:6001 with SMTP id w7-20020a056358418700b0014304fd6001mr1297438rwc.21.1695909629567; Thu, 28 Sep 2023 07:00:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695909629; cv=none; d=google.com; s=arc-20160816; b=bNr8zc8PE1TyDarz2uWhl2YXf/KXPF8+b6QHG6YBoZugtIE/Vn2jP1JxutpQYy/fvx Qr1hhmd076nmRTTmvmmpMhiCbQ9wled2n5cjhq5K3vGTa7Ymlnh0iNTeuz4EnBNUUjRB AC+VNw3k94HHgYjjYCykG6wDtOS0AWOMBgyrgS43cQeMASyrgQcJrDElcKD3YdNE7bHi XKvrV4BFVsHYgIxaqAOg9LyhLG2GbCLjix56N74R2wcyiY7uYgijioxdC5397xd0igMm UUwKdYRXbKCTzyG980EaDlFa7MAhEaAnUjLnbkLdbyv+k+uDD4uNgihO2gwhcv5p7WKt 5vmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=dqzYMI+5dukgNJTTKsc8LJCDP3hbv8tZckRPxqjHqco=; fh=vF79CIv0EyPCl4FQFRX8CNg1dYZ5oNtKzJvCCGIcXo4=; b=BILSD+tR5J6spk5WU1ZwHrfat2r/yld/THT+Et891ZkOyqa3d4Gxbtv7HU5s3w8ist 0EYuoPWaz6r15xiwapP0/3Dsc4MswVHMKN2lSwMpIDX/AywYuKxz98reboPr1IGxF8HF Scai21/RG4mWDkJdo6qmF5R2LBESwmNt/ES/3zo/xWE6s8MJrh2mpOf0IwNlUpwtajgV NGzvMg77Z6DfgOyVCkNLNp72kDqXAQLNCx4Q0FFx0HcswrNdQuHBQf2A9r8jWjRcYN1q PNCBGcmNNbkCeb1BcD95+cJYeVi9GJz3CnXmJiNlUEl9Nshh/i5jAslBG4tmYe0G2C8m TyTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id d2-20020a633602000000b00569cd6ead3asi18522763pga.643.2023.09.28.07.00.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Sep 2023 07:00:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id D5148832CBD5; Thu, 28 Sep 2023 06:58:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232457AbjI1N6B (ORCPT + 99 others); Thu, 28 Sep 2023 09:58:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232135AbjI1N6A (ORCPT ); Thu, 28 Sep 2023 09:58:00 -0400 Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 781BF19D for ; Thu, 28 Sep 2023 06:57:58 -0700 (PDT) Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-533c5d10dc7so12611872a12.3 for ; Thu, 28 Sep 2023 06:57:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695909477; x=1696514277; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=dqzYMI+5dukgNJTTKsc8LJCDP3hbv8tZckRPxqjHqco=; b=GpKqzV5m7XqEREKROum+IrFTJf1W1mQFGkSPXGXjsAIMv5cGNC8fyVBNjA1mWr4mSR em918z2aSmrmjRBM3gX+HSeC4XWzAkQhdm/PD7BeP43ZMphp7MxkcBdcHe19U90F2M25 b9jkVhd+1fhhXvf/TcJWIFfHL93qOW/IBFsy1W0wlOsJC3rj1CZtSf3RwNHD2n+ws14X YOlJicVSXHaI1aW3pF3dSYDuZNzC3zGRdfd+MrRyh9F1BAGNtYfDOG2YFvkJolqkk06s Esi6hf2Q/YRD6jXBlW7xAFJbLDcGsYW0VfdEtpXvgVtOBV+jp2AQnXF7Fdy9klbc7W1W ZbFg== X-Gm-Message-State: AOJu0YwHVbRoS2eJKKdQM/cHrmT+a8qUndnlbJjv22zVCUJCAfvn+qAO b0Ah9FgPwreEQPmWKns++7I= X-Received: by 2002:aa7:d451:0:b0:530:bd6b:7a94 with SMTP id q17-20020aa7d451000000b00530bd6b7a94mr1482581edr.24.1695909476656; Thu, 28 Sep 2023 06:57:56 -0700 (PDT) Received: from gmail.com (fwdproxy-cln-019.fbsv.net. [2a03:2880:31ff:13::face:b00c]) by smtp.gmail.com with ESMTPSA id q19-20020a056402041300b005330e1e7da0sm9603208edv.92.2023.09.28.06.57.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Sep 2023 06:57:56 -0700 (PDT) Date: Thu, 28 Sep 2023 06:57:54 -0700 From: Breno Leitao To: Dave Hansen Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , leit@meta.com, "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" Subject: Re: [PATCH v3] x86/bugs: Add a separate config for each mitigation Message-ID: References: <20230628142129.2468174-1-leitao@debian.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 28 Sep 2023 06:58:09 -0700 (PDT) On Thu, Sep 28, 2023 at 06:40:18AM -0700, Dave Hansen wrote: > On 9/28/23 05:45, Breno Leitao wrote: > > 1) Create one Kconfig entry per mitigation, so, the user can pick and > > choose what to enable and disable. (Version 3 of this patch. May need a > > re-spin due to the new mitigations being added.) > > This means, what, roughly 18 today? > > #define X86_BUG_CPU_MELTDOWN X86_BUG(14) > ... > #define X86_BUG_GDS X86_BUG(30) > > Plus two bonus ones: > > #define X86_BUG_SRSO X86_BUG(1*32 + 0) > #define X86_BUG_DIV0 X86_BUG(1*32 + 1) > > ... and we've slowed down the rate at which we're adding these, but > we're still seeing a couple a year. > > Perhaps Pawan and the others actually _doing_ the patches for these can > speak up, but I don't think adding a Kconfig option will be too much > additional work for each new X86_BUG. > > I still think it's highly unlikely that someone will come through and > pick and choose among a few dozen vulnerabilities. That is what my experience tells me as well. You either have a insecure and fast kernel, or a hardened one. In some big companies, you can have both, and choose which one you want to boot depending on the workload.