Re: [PATCH v6 10/13] x86/bugs: Rename RETHUNK to MITIGATION_RETHUNK

From: Breno Leitao
Date: Wed Nov 22 2023 - 10:54:21 EST

Next message: Vignesh Raghavendra: "[PATCH v2 3/4] dt-bindings: dma: ti: k3-pktdma: Describe cfg register regions"
Previous message: Paul Durrant: "Re: [PATCH v8 07/15] KVM: pfncache: include page offset in uhva and use it consistently"
In reply to: Andrew Cooper: "Re: [PATCH v6 10/13] x86/bugs: Rename RETHUNK to MITIGATION_RETHUNK"
Next in thread: Breno Leitao: "[PATCH v6 11/13] x86/bugs: Create a way to disable GDS mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Andrew,

On Tue, Nov 21, 2023 at 09:39:47PM +0000, Andrew Cooper wrote:
> On 21/11/2023 4:07 pm, Breno Leitao wrote:
> > CPU mitigations config entries are inconsistent, and names are hard to
> > related. There are concrete benefits for both users and developers of
> > having all the mitigation config options living in the same config
> > namespace.
> >
> > The mitigation options should have consistency and start with
> > MITIGATION.
> >
> > Rename the Kconfig entry from RETHUNK to MITIGATION_RETHUNK.
> >
> > Suggested-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
> > Signed-off-by: Breno Leitao <leitao@xxxxxxxxxx>
>
> (I'm CC'd on only this single patch so I can't see what's going on, but)
>
> Really? Rethunk[sic] isn't a mitigation. It's just a compiler
> transformation for return instructions upon which various mitigations
> depend.

The MITIGATION namespace is not only for mitigation, but, for "features"
that are available with the only purpose of mitigating speculative
hardware vulnerability. The original suggested namespace was "MITIGATE",
and then it would make no sense for RETHUNK, since, we are not
mitigating RETHUNK per se. Please check the discussion here:

https://lore.kernel.org/all/20231011044252.42bplzjsam3qsasz@treble/

That said, the way the x86 Kconfig is organized today, CONFIG_RETHUNK is
very focused in solving a mitigations problem, thus, the MITIGATION_
namespace has been added to it.

For instance, CONFIG_RETHUNK is inside the SPECULATION_MITIGATIONS,
thus, it is only enabled if SPECULATION_MITIGATIONS is set.

menuconfig SPECULATION_MITIGATIONS
bool "Mitigations for speculative execution vulnerabilities"

config RETHUNK
bool "Enable return-thunks"
depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK
help
Compile the kernel with the return-thunks compiler option to guard
against kernel-to-user data leaks by avoiding return speculation.
Requires a compiler with -mfunction-return=thunk-extern
support for full protection. The kernel may run slower.

endif

Thanks for the feedback.

Next message: Vignesh Raghavendra: "[PATCH v2 3/4] dt-bindings: dma: ti: k3-pktdma: Describe cfg register regions"
Previous message: Paul Durrant: "Re: [PATCH v8 07/15] KVM: pfncache: include page offset in uhva and use it consistently"
In reply to: Andrew Cooper: "Re: [PATCH v6 10/13] x86/bugs: Rename RETHUNK to MITIGATION_RETHUNK"
Next in thread: Breno Leitao: "[PATCH v6 11/13] x86/bugs: Create a way to disable GDS mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]