On 10/7/24 12:37, Josh Poimboeuf wrote:
> On Tue, Sep 24, 2024 at 03:31:40PM -0700, Daniel Sneddon wrote:
>> +static void __init md_clear_select_mitigation(void)
>> +{
>> /*
>> - * X86_FEATURE_CLEAR_CPU_BUF is now enabled. Update MDS, TAA and MMIO
>> - * Stale Data mitigation, if necessary.
>> + * If no CPU bug needs VERW, all VERW mitigations are disabled, or all
>> + * mitigations are disabled we bail.
>> */
>
> It's already clear what the code is doing, no comment necessary.
>
Will remove.
>> - if (mds_mitigation == MDS_MITIGATION_OFF &&
>> - boot_cpu_has_bug(X86_BUG_MDS)) {
>> + if (!cpu_bug_needs_verw() || verw_mitigations_disabled() ||
>> + cpu_mitigations_off()) {
>> + mds_mitigation = MDS_MITIGATION_OFF;
>> + taa_mitigation = TAA_MITIGATION_OFF;
>> + mmio_mitigation = MMIO_MITIGATION_OFF;
>> + rfds_mitigation = RFDS_MITIGATION_OFF;
>> + goto out;
>> + }
>
> In the case of verw_mitigations_disabled() it's weird to write the
> variables again if they're already OFF. That should be a separate
> check.
>
Sure. I will separate them out.
>> +
>> + /* Check that at least one mitigation is using the verw mitigaiton.
>> + * If the cpu doesn't have the correct ucode or if the BUG_* is mitigated
>> + * by disabling a feature we won't want to use verw. Ignore MMIO
>> + * for now since it depends on what the others choose.
>> + */
>
> Again I think this comment isn't needed as the code is pretty
> straightforward. The only surprise is the MMIO dependency on
> X86_FEATURE_CLEAR_CPU_BUF, but that's called out below.
>
Will remove.
>> +
>> + if (boot_cpu_has_bug(X86_BUG_MDS)) {
>> mds_mitigation = MDS_MITIGATION_FULL;
>> mds_select_mitigation();
>> + } else {
>> + mds_mitigation = MDS_MITIGATION_OFF;
>> }
>> - if (taa_mitigation == TAA_MITIGATION_OFF &&
>> - boot_cpu_has_bug(X86_BUG_TAA)) {
>> + if (boot_cpu_has_bug(X86_BUG_TAA)) {
>> taa_mitigation = TAA_MITIGATION_VERW;
>> taa_select_mitigation();
>> + } else {
>> + taa_mitigation = TAA_MITIGATION_OFF;
>> }
>> - /*
>> - * MMIO_MITIGATION_OFF is not checked here so that mmio_stale_data_clear
>> - * gets updated correctly as per X86_FEATURE_CLEAR_CPU_BUF state.
>> - */
>> + if (boot_cpu_has_bug(X86_BUG_RFDS)) {
>> + rfds_mitigation = RFDS_MITIGATION_VERW;
>> + rfds_select_mitigation();
>> + } else {
>> + rfds_mitigation = RFDS_MITIGATION_OFF;
>> + }
>
> This spaghetti can be simplifed by relying on *_select_mitigation() to
> set the mitigation, for example:
>
> static void __init mds_select_mitigation(void)
> {
> if (!boot_cpu_has_bug(X86_BUG_MDS))
> mds_mitigation = MDS_MITIGATION_OFF;
> else if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
> mds_mitigation = MDS_MITIGATION_VERW;
> else
> mds_mitigation = MDS_MITIGATION_VMWERV;
> }
>
> Then you can just do:
>
> mds_select_mitigation();
> taa_select_mitigation();
> rfds_select_mitigation();
>
>
You're right. That is much cleaner. Will fix.
>> + if (mds_mitigation == MDS_MITIGATION_FULL ||
>> + taa_mitigation == TAA_MITIGATION_VERW ||
>> + rfds_mitigation == RFDS_MITIGATION_VERW)
>
> For consistency can we rename MDS_MITIGATION_FULL to
> MDS_MITIGATION_VERW?
>
Will do!
>> + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
>> +
>> + /* Now handle MMIO since it may not use X86_FEATURE_CLEAR_CPU_BUF */
>
> I would clarify this a bit, something like:
>
> /*
> * The MMIO mitigation has a dependency on
> * X86_FEATURE_CLEAR_CPU_BUF so this must be called after it
> * gets set.
> */
>
Will update.
>> if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) {
>> mmio_mitigation = MMIO_MITIGATION_VERW;
>> mmio_select_mitigation();
>> + } else {
>> + mmio_mitigation = MMIO_MITIGATION_OFF;
>> }
>> - if (rfds_mitigation == RFDS_MITIGATION_OFF &&
>> - boot_cpu_has_bug(X86_BUG_RFDS)) {
>> - rfds_mitigation = RFDS_MITIGATION_VERW;
>> - rfds_select_mitigation();
>> - }
>> +
>> + /* handle nosmt */
>
> Again I think this comment is superfluous.
>
Will remove.
>> + if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
>> + (mds_nosmt || cpu_mitigations_auto_nosmt()))
>> + cpu_smt_disable(false);
>> +
>> + if (taa_nosmt || mmio_nosmt || cpu_mitigations_auto_nosmt())
>> + cpu_smt_disable(false);
>> +
>
Thanks for the review!
