On Tue, Sep 24, 2024 at 03:31:40PM -0700, Daniel Sneddon wrote:
> +static void __init md_clear_select_mitigation(void)
> +{
> /*
> - * X86_FEATURE_CLEAR_CPU_BUF is now enabled. Update MDS, TAA and MMIO
> - * Stale Data mitigation, if necessary.
> + * If no CPU bug needs VERW, all VERW mitigations are disabled, or all
> + * mitigations are disabled we bail.
> */
It's already clear what the code is doing, no comment necessary.
> - if (mds_mitigation == MDS_MITIGATION_OFF &&
> - boot_cpu_has_bug(X86_BUG_MDS)) {
> + if (!cpu_bug_needs_verw() || verw_mitigations_disabled() ||
> + cpu_mitigations_off()) {
> + mds_mitigation = MDS_MITIGATION_OFF;
> + taa_mitigation = TAA_MITIGATION_OFF;
> + mmio_mitigation = MMIO_MITIGATION_OFF;
> + rfds_mitigation = RFDS_MITIGATION_OFF;
> + goto out;
> + }
In the case of verw_mitigations_disabled() it's weird to write the
variables again if they're already OFF. That should be a separate
check.
> +
> + /* Check that at least one mitigation is using the verw mitigaiton.
> + * If the cpu doesn't have the correct ucode or if the BUG_* is mitigated
> + * by disabling a feature we won't want to use verw. Ignore MMIO
> + * for now since it depends on what the others choose.
> + */
Again I think this comment isn't needed as the code is pretty
straightforward. The only surprise is the MMIO dependency on
X86_FEATURE_CLEAR_CPU_BUF, but that's called out below.
> +
> + if (boot_cpu_has_bug(X86_BUG_MDS)) {
> mds_mitigation = MDS_MITIGATION_FULL;
> mds_select_mitigation();
> + } else {
> + mds_mitigation = MDS_MITIGATION_OFF;
> }
> - if (taa_mitigation == TAA_MITIGATION_OFF &&
> - boot_cpu_has_bug(X86_BUG_TAA)) {
> + if (boot_cpu_has_bug(X86_BUG_TAA)) {
> taa_mitigation = TAA_MITIGATION_VERW;
> taa_select_mitigation();
> + } else {
> + taa_mitigation = TAA_MITIGATION_OFF;
> }
> - /*
> - * MMIO_MITIGATION_OFF is not checked here so that mmio_stale_data_clear
> - * gets updated correctly as per X86_FEATURE_CLEAR_CPU_BUF state.
> - */
> + if (boot_cpu_has_bug(X86_BUG_RFDS)) {
> + rfds_mitigation = RFDS_MITIGATION_VERW;
> + rfds_select_mitigation();
> + } else {
> + rfds_mitigation = RFDS_MITIGATION_OFF;
> + }
This spaghetti can be simplifed by relying on *_select_mitigation() to
set the mitigation, for example:
static void __init mds_select_mitigation(void)
{
if (!boot_cpu_has_bug(X86_BUG_MDS))
mds_mitigation = MDS_MITIGATION_OFF;
else if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
mds_mitigation = MDS_MITIGATION_VERW;
else
mds_mitigation = MDS_MITIGATION_VMWERV;
}
Then you can just do:
mds_select_mitigation();
taa_select_mitigation();
rfds_select_mitigation();
> + if (mds_mitigation == MDS_MITIGATION_FULL ||
> + taa_mitigation == TAA_MITIGATION_VERW ||
> + rfds_mitigation == RFDS_MITIGATION_VERW)
For consistency can we rename MDS_MITIGATION_FULL to
MDS_MITIGATION_VERW?
> + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
> +
> + /* Now handle MMIO since it may not use X86_FEATURE_CLEAR_CPU_BUF */
I would clarify this a bit, something like:
/*
* The MMIO mitigation has a dependency on
* X86_FEATURE_CLEAR_CPU_BUF so this must be called after it
* gets set.
*/
> if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) {
> mmio_mitigation = MMIO_MITIGATION_VERW;
> mmio_select_mitigation();
> + } else {
> + mmio_mitigation = MMIO_MITIGATION_OFF;
> }
> - if (rfds_mitigation == RFDS_MITIGATION_OFF &&
> - boot_cpu_has_bug(X86_BUG_RFDS)) {
> - rfds_mitigation = RFDS_MITIGATION_VERW;
> - rfds_select_mitigation();
> - }
> +
> + /* handle nosmt */
Again I think this comment is superfluous.
> + if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
> + (mds_nosmt || cpu_mitigations_auto_nosmt()))
> + cpu_smt_disable(false);
> +
> + if (taa_nosmt || mmio_nosmt || cpu_mitigations_auto_nosmt())
> + cpu_smt_disable(false);
> +
--
Josh
