Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp3427800rdh; Thu, 28 Sep 2023 11:13:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFzNzWa4niYglJy9Luy3nRThL+A0zNN9a+Uv8wXeoekOFMZePQkyDtB2eyEg4nCw7BrFCWf X-Received: by 2002:a05:6e02:20c5:b0:351:bce:67b7 with SMTP id 5-20020a056e0220c500b003510bce67b7mr2517767ilq.26.1695924826167; Thu, 28 Sep 2023 11:13:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695924826; cv=none; d=google.com; s=arc-20160816; b=w4m+wwgig2CzYo1HfeYa0pHLO6EfCpsHQKPnKdCxIozT4d/0Juz4AqrXosqbmyCphL P6FtnsWA2KSYfpXsK4VLn7dk3cLDp5LPkx/ceDmZAyzBrPohO84p+CcjUmJJTUdRIofV gtnaZL9lKXSFbeNdQS42bEMtBViocCGWln6w70ypnTD1Q9TJJGYTt/ycKkfSEjIDNe3d b3U065uSSqslQuGo/Cu1tzpkBrYbFppElIqqFmLsXr0aqhCnkUbfsY1biKmvj7PgyeEo P0PrgFyrGvutbLktA7UuVges+LWviqi/mHj7p0u5v/fLYG7UZMecMge3USZTst51AGu+ DJiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=NyQdtZmQE0t4MUBx4Ts6GApKLhtQthcYvmcc0bfDZaA=; fh=IVWLBP+YqGuimFJKkBw8pfsDEA2Xde6wHanMmG+J4hI=; b=h027Mogf/I5btG2/nd71+EFVzZcO1IE2xfS0jr30WNJwijeo1pLl8TQ8VLZYoqMKbd NWWVn7LB6OVzPanSRLL8Z3gCejq8nhmlg//9PKIMvP+i3BkQCIG5t9BFA0NWKpdJ8zCR pjy5Mr9tq+I/M8BaQnloslwtXlBAtCj7WXsGh9SNxN3zl5eRDFVMDBoZ2mh/mj91S4rZ ibS8raJxDb8eaAr0fffn+YFG+9q2nfozhJLQk0nmhixZFOCQfM7Y/exLK+FRC4noEZG/ 8C2DmHLlzYBFZd3eiWjBjwApF55BMsud3ihKUtD0l6cZZ39YiUZmDQlT46MEGK8x8ntF iSag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=WUNnNFbL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id f10-20020a65550a000000b0057744d09d2fsi18889253pgr.18.2023.09.28.11.13.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Sep 2023 11:13:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=WUNnNFbL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id DEDDA83E1AD7; Thu, 28 Sep 2023 09:34:36 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230139AbjI1QeZ (ORCPT + 99 others); Thu, 28 Sep 2023 12:34:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229639AbjI1QeY (ORCPT ); Thu, 28 Sep 2023 12:34:24 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 717C298 for ; Thu, 28 Sep 2023 09:34:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1695918862; x=1727454862; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=/En6src2yBjfLB73UxoebHkWKBYmlPqPdsl7xQH5iRc=; b=WUNnNFbLI3bmo6q7d59C7QnSUP8RwGcp3SkorTkfXJBeSt7w61OFJCKR sGIAZRzh/S11r4BrA/B/GlLsMQcOe3oYDV2YZCMxZDNKWvduPKknzVVDs 1tH+25ttJO5Z7+oyZqy2j5yHZMqj0WoyMjMWbeUZkA96uvqRE0fpYrLF8 8PX8SktNABR3u+yOQRSJi2NlCXxnlMhuVryTHQW/8oxucNCn8H5oJSuPn 0oj4x0ValezQi0qmtNSoAqOhhl3i/NAYTG2owikTVzxZBRtTttF8bMeYI NbN9eJSAv+89comWvZLi7Qqah7u58gLNjbeuvLy5bjeb2a9pYyRrYNnbw Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10847"; a="468394055" X-IronPort-AV: E=Sophos;i="6.03,184,1694761200"; d="scan'208";a="468394055" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Sep 2023 09:34:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10847"; a="1080629124" X-IronPort-AV: E=Sophos;i="6.03,184,1694761200"; d="scan'208";a="1080629124" Received: from speraval-mobl.amr.corp.intel.com (HELO desk) ([10.209.33.83]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Sep 2023 09:34:01 -0700 Date: Thu, 28 Sep 2023 09:33:46 -0700 From: Pawan Gupta To: Dave Hansen Cc: Breno Leitao , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , leit@meta.com, "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" Subject: Re: [PATCH v3] x86/bugs: Add a separate config for each mitigation Message-ID: <20230928163346.3xuawz7zrvdlyizo@desk> References: <20230628142129.2468174-1-leitao@debian.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 28 Sep 2023 09:34:37 -0700 (PDT) On Thu, Sep 28, 2023 at 06:40:18AM -0700, Dave Hansen wrote: > On 9/28/23 05:45, Breno Leitao wrote: > > 1) Create one Kconfig entry per mitigation, so, the user can pick and > > choose what to enable and disable. (Version 3 of this patch. May need a > > re-spin due to the new mitigations being added.) > > This means, what, roughly 18 today? > > #define X86_BUG_CPU_MELTDOWN X86_BUG(14) > ... > #define X86_BUG_GDS X86_BUG(30) > > Plus two bonus ones: > > #define X86_BUG_SRSO X86_BUG(1*32 + 0) > #define X86_BUG_DIV0 X86_BUG(1*32 + 1) > > ... and we've slowed down the rate at which we're adding these, but > we're still seeing a couple a year. > > Perhaps Pawan and the others actually _doing_ the patches for these can > speak up, but I don't think adding a Kconfig option will be too much > additional work for each new X86_BUG. It is trivial, but seems unnecessary IMO. > I still think it's highly unlikely that someone will come through and > pick and choose among a few dozen vulnerabilities. Second that. If we do want to provide more control, personally I would like: - Global control for all mitigations - Enable only cheap mitigations This could enable mitigations as long as it doesn't hurt the performance too badly. The challenge being whether a mitigation is cheap or costly is subjective and highly depends on workloads. Without a standard way of categorizing a mitigation it will be hard to reach a consensus. OTOH, there are mitigations that are relatively cheaper e.g. Enhanced IBRS. Other way to categorize could be: - Global control for all mitigations - Guest only mitigations (host userspace is trusted) This control can disable all mitigation for userspace, but will continue to mitigate host against a rouge guests. This could be quite a lot of work.