[redhat] New configs in arch/x86 (!2976) · Merge requests · cki-project / kernel-ark

CKI Gitlab requested to merge configs/os-build/2024-03-12/arch/x86 into os-build Mar 12, 2024

Hi,

As part of the ongoing rebase effort, the following configuration options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply with a better option.

Symbol: MITIGATION_CALL_DEPTH_TRACKING [=y] Type : bool Defined at arch/x86/Kconfig:2543 Prompt: Mitigate RSB underflow with call depth tracking Depends on: SPECULATION_MITIGATIONS [=y] && CPU_SUP_INTEL [=y] && HAVE_CALL_THUNKS [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Mitigate RSB underflow with call depth tracking (MITIGATION_CALL_DEPTH_TRACKING [=y]) Selects: HAVE_DYNAMIC_FTRACE_NO_PATCHABLE [=y] && CALL_THUNKS [=y]

Commit: 5fa31af3 (x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING => CONFIG_MITIGATION_CALL_DEPTH_TRACKING)

Symbol: MITIGATION_GDS_FORCE [=n] Type : bool Defined at arch/x86/Kconfig:2607 Prompt: Force GDS Mitigation Depends on: SPECULATION_MITIGATIONS [=y] && CPU_SUP_INTEL [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Force GDS Mitigation (MITIGATION_GDS_FORCE [=n])

Commit: be83e809 (x86/bugs: Rename CONFIG_GDS_FORCE_MITIGATION => CONFIG_MITIGATION_GDS_FORCE)

Symbol: MITIGATION_IBPB_ENTRY [=y] Type : bool Defined at arch/x86/Kconfig:2574 Prompt: Enable IBPB on kernel entry Depends on: SPECULATION_MITIGATIONS [=y] && CPU_SUP_AMD [=y] && X86_64 [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Enable IBPB on kernel entry (MITIGATION_IBPB_ENTRY [=y])

Commit: e0b8fcfa (x86/bugs: Rename CONFIG_CPU_IBPB_ENTRY => CONFIG_MITIGATION_IBPB_ENTRY)

Symbol: MITIGATION_IBRS_ENTRY [=y] Type : bool Defined at arch/x86/Kconfig:2581 Prompt: Enable IBRS on kernel entry Depends on: SPECULATION_MITIGATIONS [=y] && CPU_SUP_INTEL [=y] && X86_64 [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Enable IBRS on kernel entry (MITIGATION_IBRS_ENTRY [=y])

Commit: 1da8d217 (x86/bugs: Rename CONFIG_CPU_IBRS_ENTRY => CONFIG_MITIGATION_IBRS_ENTRY)

Symbol: MITIGATION_PAGE_TABLE_ISOLATION [=y] Type : bool Defined at arch/x86/Kconfig:2504 Prompt: Remove the kernel mapping in user mode Depends on: SPECULATION_MITIGATIONS [=y] && (X86_64 [=y] || X86_PAE [=n]) Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Remove the kernel mapping in user mode (MITIGATION_PAGE_TABLE_ISOLATION [=y])

Commit: ea4654e0 (x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION)

Symbol: MITIGATION_RETHUNK [=y] Type : bool Defined at arch/x86/Kconfig:2525 Prompt: Enable return-thunks Depends on: SPECULATION_MITIGATIONS [=y] && MITIGATION_RETPOLINE [=y] && CC_HAS_RETURN_THUNK [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Avoid speculative indirect branches in kernel (MITIGATION_RETPOLINE [=y]) -> Enable return-thunks (MITIGATION_RETHUNK [=y]) Selects: OBJTOOL [=y]

Commit: 0911b8c5 (x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK)

Symbol: MITIGATION_RETPOLINE [=y] Type : bool Defined at arch/x86/Kconfig:2515 Prompt: Avoid speculative indirect branches in kernel Depends on: SPECULATION_MITIGATIONS [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Avoid speculative indirect branches in kernel (MITIGATION_RETPOLINE [=y]) Selects: OBJTOOL [=y]

Commit: aefb2f2e (x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINE)

Symbol: MITIGATION_SLS [=n] Type : bool Defined at arch/x86/Kconfig:2597 Prompt: Mitigate Straight-Line-Speculation Depends on: SPECULATION_MITIGATIONS [=y] && CC_HAS_SLS [=y] && X86_64 [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Mitigate Straight-Line-Speculation (MITIGATION_SLS [=n]) Selects: OBJTOOL [=y]

Commit: 7b75782f (x86/bugs: Rename CONFIG_SLS => CONFIG_MITIGATION_SLS)

Symbol: MITIGATION_SRSO [=y] Type : bool Defined at arch/x86/Kconfig:2590 Prompt: Mitigate speculative RAS overflow on AMD Depends on: SPECULATION_MITIGATIONS [=y] && CPU_SUP_AMD [=y] && X86_64 [=y] && MITIGATION_RETHUNK [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Mitigate speculative RAS overflow on AMD (MITIGATION_SRSO [=y])

Commit: a033eec9 (x86/bugs: Rename CONFIG_CPU_SRSO => CONFIG_MITIGATION_SRSO)

Symbol: MITIGATION_UNRET_ENTRY [=y] Type : bool Defined at arch/x86/Kconfig:2536 Prompt: Enable UNRET on kernel entry Depends on: SPECULATION_MITIGATIONS [=y] && CPU_SUP_AMD [=y] && MITIGATION_RETHUNK [=y] && X86_64 [=y] Location: -> Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS [=y]) -> Avoid speculative indirect branches in kernel (MITIGATION_RETPOLINE [=y]) -> Enable return-thunks (MITIGATION_RETHUNK [=y]) -> Enable UNRET on kernel entry (MITIGATION_UNRET_ENTRY [=y])

Commit: ac61d439 (x86/bugs: Rename CONFIG_CPU_UNRET_ENTRY => CONFIG_MITIGATION_UNRET_ENTRY)

Symbol: X86_FRED [=n] Type : bool Defined at arch/x86/Kconfig:500 Prompt: Flexible Return and Event Delivery Depends on: X86_64 [=y] Location: -> Processor type and features -> Flexible Return and Event Delivery (X86_FRED [=n])

Commit: 2cce9591 (x86/fred: Add Kconfig option for FRED (CONFIG_X86_FRED))

Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org

[redhat] New configs in arch/x86

Merge request reports