[RFC][PATCH 10/17] x86: Remove CPU_IBPB_ENTRY
From: Peter Zijlstra
Date: Wed Aug 09 2023 - 03:27:31 EST
It was a pointless .config knob, it didn't even cause entry_ibpb to be
omitted from the build.
Our Kconfig space is definitely too big to carry pointless ones.
Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
---
arch/x86/Kconfig | 7 -------
arch/x86/include/asm/nospec-branch.h | 9 +++------
arch/x86/kernel/cpu/bugs.c | 18 +++++-------------
3 files changed, 8 insertions(+), 26 deletions(-)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2577,13 +2577,6 @@ config CALL_THUNKS_DEBUG
Only enable this when you are debugging call thunks as this
creates a noticeable runtime overhead. If unsure say N.
-config CPU_IBPB_ENTRY
- bool "Enable IBPB on kernel entry"
- depends on CPU_SUP_AMD && X86_64
- default y
- help
- Compile the kernel with support for the retbleed=ibpb mitigation.
-
config CPU_IBRS_ENTRY
bool "Enable IBRS on kernel entry"
depends on CPU_SUP_INTEL && X86_64
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -288,8 +288,7 @@
* where we have a stack but before any RET instruction.
*/
.macro UNTRAIN_RET
-#if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CPU_IBPB_ENTRY) || \
- defined(CONFIG_CALL_DEPTH_TRACKING)
+#if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CALL_DEPTH_TRACKING)
VALIDATE_UNRET_END
ALTERNATIVE_3 "", \
CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \
@@ -299,8 +298,7 @@
.endm
.macro UNTRAIN_RET_VM
-#if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CPU_IBPB_ENTRY) || \
- defined(CONFIG_CALL_DEPTH_TRACKING)
+#if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CALL_DEPTH_TRACKING)
VALIDATE_UNRET_END
ALTERNATIVE_3 "", \
CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \
@@ -310,8 +308,7 @@
.endm
.macro UNTRAIN_RET_FROM_CALL
-#if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CPU_IBPB_ENTRY) || \
- defined(CONFIG_CALL_DEPTH_TRACKING)
+#if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CALL_DEPTH_TRACKING)
VALIDATE_UNRET_END
ALTERNATIVE_3 "", \
CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -890,16 +890,13 @@ static void __init retbleed_select_mitig
if (!boot_cpu_has(X86_FEATURE_IBPB)) {
pr_err("WARNING: CPU does not support IBPB.\n");
goto do_cmd_auto;
- } else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
+ } else {
if (boot_cpu_has_bug(X86_BUG_SRSO) && !has_microcode)
pr_err("IBPB-extending microcode not applied; SRSO NOT mitigated\n");
if (retbleed_cmd == RETBLEED_CMD_IBPB)
retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
if (retbleed_cmd == RETBLEED_CMD_IBPB_VMEXIT)
retbleed_mitigation = RETBLEED_MITIGATION_IBPB_VMEXIT;
- } else {
- pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
- goto do_cmd_auto;
}
break;
@@ -932,7 +929,7 @@ static void __init retbleed_select_mitig
retbleed_mitigation = RETBLEED_MITIGATION_UNRET_SRSO;
}
}
- else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY) && boot_cpu_has(X86_FEATURE_IBPB))
+ else if (boot_cpu_has(X86_FEATURE_IBPB))
retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
}
@@ -2397,14 +2394,9 @@ static void __init srso_select_mitigatio
break;
case SRSO_CMD_IBPB:
- if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
- if (has_microcode) {
- setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
- srso_mitigation = SRSO_MITIGATION_IBPB;
- }
- } else {
- pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
- goto pred_cmd;
+ if (has_microcode) {
+ setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
+ srso_mitigation = SRSO_MITIGATION_IBPB;
}
break;