Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp965047lqt; Fri, 19 Apr 2024 16:57:15 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUdLG6dkVNWhgGIWDFvasNxfLd4a6pVbLS9xGj+wRq+717Tv+rUQdFiGplmFY0q5tEUqBx6KCbl6h0KOOUHm/1cPIKxhIAlydpAx5xy5Q== X-Google-Smtp-Source: AGHT+IEVQqMNPzj9bMOrqsQCCtqyZPsLrSErLKbGXKMNNTeRGlRpKffTTH9xiD1KrWMbGXnh0GuZ X-Received: by 2002:a05:6358:9499:b0:18a:6799:92d with SMTP id i25-20020a056358949900b0018a6799092dmr2553884rwb.30.1713571034785; Fri, 19 Apr 2024 16:57:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713571034; cv=pass; d=google.com; s=arc-20160816; b=nwRYQSJj15u4NW8XsQ4Mz35OS75ijtbQUlrXJaF+SrtaPQZ+4cfrt/cLKwnBnsY9i1 mPOapBJ2JjoOORJTgXjIAztKZwNrbNiXHOUufUlZXbYoIIDkvUDAftlSKGWwBurzlE2v G7qga4Dg1fhUIfmk4ady82T7agROu1LczICuKuCk0k6EIW2OizdChAKDwu7+Ui9V5vCz i3ORTBC4ubZixMjaQDJbygfYumX8vZ+ZEfcEpqfnsvGNG83Mrzy5D01OOJ4YHdZBGhhP Gn+k/Ju3vUimeyPOfK08AWtvZDk0Sp0X38zqZP6/28hP+n1lVo04aaUkesT+jao37/fT okTw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=BLNaa1mk4sNg08myPy5RMxBhkcXeZh/6vIOkJI8rDE0=; fh=SUQ8KVSE73ZpirEuPMN9zjAiEqa5hjFmkKNAH0U8M4Y=; b=WoShrR+hbwubkfayRtbP5g3D6WUH3816b86D0WnsVT5hg7po2WBpR/YY7h8tutti5y E2xbn2iJKqpTLHTQcW4DwvQ4qH/I+V3B1ESKvZpGtACqSdWsRes/fW8L1mWeVMok54w6 yG3fZd8sDxJt+i8lN/mh+2wyjlIUCce/m7vHibjulUm7hw3xaRX0JKVkFiuoUiDP22jn q7jq4t+STRDz26GsM5vkikz/58ZEDLIHj2fZi7jgkEq71ELxYd6iPVPDSSWCuLyJuPk9 H+10gokp4ORksiuu2MQwl4FuhrruH3/AkI4x0QE26B7vARW6aL3AcIQPsNxmpJTSCcdv wrig==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=RXkBkKRH; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-152050-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-152050-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id q9-20020a05620a0c8900b0078d5ffbd6eesi4758927qki.755.2024.04.19.16.57.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 16:57:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-152050-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=RXkBkKRH; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-152050-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-152050-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 72DCF1C20938 for ; Fri, 19 Apr 2024 23:57:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 66FAB13D8B0; Fri, 19 Apr 2024 23:57:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RXkBkKRH" Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F969129E9A for ; Fri, 19 Apr 2024 23:57:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713571028; cv=none; b=dHcMsHbaZqflKES7zuB09ZILkPgWpuYUg5D4Fs1/xVvdUBqv42GsljNGMNwLEHcIRN2Hq85bL07RPtwWEDaXNOkLaxoYVh3uXUkrfXQJdDi1J9zbPbLB+kN9jhYYh5dlHXWnOk+P/oFRQjvzequaiaThIBE4ZgCJzgkK9rlziwo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713571028; c=relaxed/simple; bh=0i9fPL4EQ86xqogaOVaFxgyloZ9K0XhVTlDWP/nruPY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=coNsb2SD2hl9S2F/UvkQXSZe7jUV96kuGRbLwmA3jU7qTpM13+7IaQ18LFxbDYiq4k/+FHtq0qMizMOCKskS/B6WwgcfR9Hv0UK0iiHn2lVP7+Szg/mut/vZFAgvtp0U2Up4mkqmeNJtirUtI2oA4hmxcEa3Nq4IJe/y0SSVrCY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RXkBkKRH; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2abc5b4f3c7so2765374a91.0 for ; Fri, 19 Apr 2024 16:57:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713571026; x=1714175826; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=BLNaa1mk4sNg08myPy5RMxBhkcXeZh/6vIOkJI8rDE0=; b=RXkBkKRHPqyOAHLW2C+R8m1l+ZGa5AL9WfcNc5QnhbIo97RSLeOIXYxrLhXxMiaKDP ZDvIz1QrhZhYj+rNo5evdvuR7f4iXARYw+8Z4ANFs+VoO0SP1PizEYEjOHgaiDfiFPBK qc/avM8h2t8cHulwf/UWWL8JlWQtjXW2z+sivZ0JkoEPZD8YXTRziD3m74GFW08Ifcd8 V1Igsqrv/BptDARRYzfsSgNvxchVOs0ji/8nCISd9RFB+eVWenLnshy72TckExJMHhYZ GLrciMWUdeK0hUOTWBabA9yyafo4oKG+QdljM2mXVO5HamI+yjNTUgM3DCJbBhHWyHHW c+6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713571026; x=1714175826; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=BLNaa1mk4sNg08myPy5RMxBhkcXeZh/6vIOkJI8rDE0=; b=ualMZ2m5yTEMTfpz1Tc52WDJbY+D48Q/JDQXiHR8ChznEoQ7h6TuvF+TsbrUGSORUe r4CtIGOo3pu7FgcLW8VrvFOcINwMrAwhGfSUKkHUa/QKRuDPPuorJliuP3i7WtIrHMQt Wo/fVafoOcXNR0WR1Dug4t12VfHL3c+VEkrNaNCbXVb+2cc+6i+FA7wBzk61qr5IYDBs lMV3nd2wWk1QiDb//5uxQ1AxiXRi17MKYFmDajTC76e98fVm0OlEq9dLwZMly3/SG+0G WcD1Q2HKwgtKC8axkxksYGg29dmk31wJLEjmmC4XXLa7dIcaORYJFeMwYit0GgyKkZT8 xUaw== X-Forwarded-Encrypted: i=1; AJvYcCUepYNH7UoA8lO+zfzUky1BTr2gh/nAKZ0t37bbYiDUTGDBT/UC/dBTA1gk+7G9WTwPWeFij1jUziStf+LrIS4/omwYvOvdUQKODZcz X-Gm-Message-State: AOJu0YwVFE8dGThNeVq2tDTgzMWoKF/6QoGjTmZgQStcYOY6kq9Uogl8 MNK6XapRty/dDUQBq2HiK/gV4S8KAr0b4cI0kOHex2BOB4GQG91rPCn9fuQzEGR64czizn1PFE9 7OA== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90b:1b46:b0:2a2:8f19:f484 with SMTP id nv6-20020a17090b1b4600b002a28f19f484mr11473pjb.3.1713571024724; Fri, 19 Apr 2024 16:57:04 -0700 (PDT) Date: Fri, 19 Apr 2024 16:57:03 -0700 In-Reply-To: <20240419173429.dj6nzgg3t23f52ol@treble> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240417001507.2264512-1-seanjc@google.com> <20240417001507.2264512-2-seanjc@google.com> <20240419160537.namt5yaxhhvwwa3r@treble> <20240419173429.dj6nzgg3t23f52ol@treble> Message-ID: Subject: Re: [PATCH 1/2] cpu: Re-enable CPU mitigations by default for !X86 architectures From: Sean Christopherson To: Josh Poimboeuf Cc: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Greg Kroah-Hartman , Peter Zijlstra , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Stephen Rothwell , Michael Ellerman , Geert Uytterhoeven Content-Type: text/plain; charset="us-ascii" On Fri, Apr 19, 2024, Josh Poimboeuf wrote: > On Fri, Apr 19, 2024 at 09:46:58AM -0700, Sean Christopherson wrote: > > > It seems confusing to have two config options which have very similar > > > names and similar purposes (with subtle differences depending on the > > > arch). > > > > > > How about we instead just get rid of the x86-specific > > > SPECULATION_MITIGATIONS and replace it with a menu which depends on > > > CPU_MITIGATIONS: > > > > Huh, didn't realize that was possible. > > > > I agree that having two things for the same thing is confusing, though Boris' > > idea to do s/SPECULATION_MITIGATIONS/X86_CPU_MITIGATIONS would help a fair bit > > on that front. > > > > My only hesitation is that x86's menu and the common config knob end up in > > completely different locations. > > I'm thinking this is a minor issue because CPU_MITIGATIONS is enabled by > default, so it should almost always be enabled unless the user disables > it, in which case they wouldn't be looking for the x86-specific > mitigations anyway. Yeah, this isn't a sticking point by any means. Oh, and another hiccup I almost forgot about (I just recalled Geert's report). Letting CPU_MITIGATIONS be disabled for every arch at compile time will obsolete a small amount of kernel code, e.g. arm64 explicitly says "disabled by command line option" in a few places. Those are easy enough to fixup though, but it's not clear that other architectures *want* to allow mitigations to be completely compiled out. x86 appears to be relatively unique in that it has a bajillion different things being mitigated. Rather than making CPU_MITIGATIONS configured for all architectures, what if use another Kconfig to tell common code that arch code has already defined CPU_MITIGATIONS? The big downside is that if another arch does end up letting the user disable CPU_MITIGATIONS, then we'll probably end up duplicating the help text. But again, it's not clear that any other arch wants to allow that, i.e. we can cross that bridge if we come to it. config ARCH_CONFIGURES_CPU_MITIGATIONS bool if !ARCH_CONFIGURES_CPU_MITIGATIONS config CPU_MITIGATIONS def_bool y endif > Regardless it seems very common for a menu "depends on" to be in a > different file. We could put CPU_MITIGATIONS in arch/Kconfig which is a > fairly logical place for the dependency. Yeah, arch/Kconfig is probably better than init/Kconfig. Given that it's late on Friday, I'll somewhat speculatively (ba-dump ching!) post a v2, and Cc Linus to explain the mess so that he can apply it directly if he thinks it's urgent enough to squeeze into -rc5, and if if my idea isn't completely off the rails.