x86: organize vulnerability ontology

We introduce hidden Kconfigs for all speculative
side channel attacks that we plan to address in the
kernel and update the existing ones to indicate their
CVEs.

This list keeps growing, so introduce a new config
CONFIG_X86_NO_SPECULATIVE_VULNERABILITIES, for CPUs
which don't speculatively execute, or are otherwise
immune by design.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit is contained in:
Andrew Boie 2019-03-02 15:02:54 -08:00 committed by Andrew Boie
commit a96631dce9

View file

@ -61,7 +61,6 @@ config X86_IAMCU
assembly code will need to be updated to conform to the new calling
convention. If in doubt say N
menu "Memory Management"
config X86_MMU
bool "Enable Memory Management Unit"
select MEMORY_PROTECTION
@ -74,20 +73,49 @@ config X86_NO_MELTDOWN
bool
help
This hidden option should be set on a per-SOC basis to indicate that
a particular SOC is not vulnerable to the Meltdown CPU vulnerability.
a particular SOC is not vulnerable to the Meltdown CPU vulnerability,
as described in CVE-2017-5754.
config X86_NO_SPECTRE_V1
bool
help
This hidden option should be set on a per-SOC basis to indicate that
a particular SOC is not vulnerable to the Spectre V1, V1.1, and V1.2
CPU vulnerabilities as described in CVE-2017-5753 and CVE-2018-3693.
config X86_NO_SPECTRE_V2
bool
help
This hidden option should be set on a per-SOC basis to indicate that
a particular SOC is not vulnerable to the Spectre V2 CPU vulnerability.
a particular SOC is not vulnerable to the Spectre V2 CPU
vulnerability, as described in CVE-2017-5715.
config X86_NO_SPECTRE_V4
bool
help
This hidden option should be set on a per-SOC basis to indicate that
a particular SOC is not vulnerable to the Spectre V4 CPU vulnerability.
endmenu
a particular SOC is not vulnerable to the Spectre V4 CPU
vulnerability, as described in CVE-2018-3639.
config X86_NO_LAZY_FP
bool
help
This hidden option should be set on a per-SOC basis to indicate
that a particular SOC is not vulnerable to the Lazy FP CPU
vulnerability, as described in CVE-2018-3665.
config X86_NO_SPECULATIVE_VULNERABILITIES
bool
select X86_NO_MELTDOWN
select X86_NO_SPECTRE_V1
select X86_NO_SPECTRE_V2
select X86_NO_SPECTRE_V4
select X86_NO_LAZY_FP
help
This hidden option should be set on a per-SOC basis that a
particular SOC does not perform any kind of speculative execution,
or is a newer chip which is immune to the class of vulnerabilities
which exploit speculative execution side channel attacks.
config X86_ENABLE_TSS
bool