On 10/2/24 07:20, Nikolay Borisov wrote:
>> + if (boot_cpu_has_bug(X86_BUG_MDS)) {
>> mds_mitigation = MDS_MITIGATION_FULL;
>> mds_select_mitigation();
>> + } else {
>> + mds_mitigation = MDS_MITIGATION_OFF;
>> }
>
> BUt with this logic if CONFIG_MITIGATION_MDS is deselected meaning
> mds_mitigations will have the value MDS_MITIGATION_OFF, yet now you will
> set it to _FULL thereby overriding the compile-time value of the user.
> So shouldn't this condition be augmented to alsoo consider
> CONFIG_MITIGATION_MDS compile time value?
CONFIG_MITIGATION_MDS is used to set the value of the mds_mitigation variable.
Same goes for all the other mitigations touched here. Those variables are
checked in verw_mitigations_disabled() which is called just before this code. If
all of them are configured off, we return without enabling any of the mitigations.
