From a96631dce9ee6196d305d8dadb9a1dacce608d02 Mon Sep 17 00:00:00 2001
From: Andrew Boie <andrew.p.boie@intel.com>
Date: Sat, 2 Mar 2019 15:02:54 -0800
Subject: [PATCH] x86: organize vulnerability ontology

We introduce hidden Kconfigs for all speculative
side channel attacks that we plan to address in the
kernel and update the existing ones to indicate their
CVEs.

This list keeps growing, so introduce a new config
CONFIG_X86_NO_SPECULATIVE_VULNERABILITIES, for CPUs
which don't speculatively execute, or are otherwise
immune by design.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
---
 arch/x86/Kconfig | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 2ee4e37ed1a..bca2b9417c8 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -61,7 +61,6 @@ config X86_IAMCU
 	  assembly code will need to be updated to conform to the new calling
 	  convention.  If in doubt say N
 
-menu "Memory Management"
 config X86_MMU
 	bool "Enable Memory Management Unit"
 	select MEMORY_PROTECTION
@@ -74,20 +73,49 @@ config X86_NO_MELTDOWN
 	bool
 	help
 	  This hidden option should be set on a per-SOC basis to indicate that
-	  a particular SOC is not vulnerable to the Meltdown CPU vulnerability.
+	  a particular SOC is not vulnerable to the Meltdown CPU vulnerability,
+	  as described in CVE-2017-5754.
+
+config X86_NO_SPECTRE_V1
+	bool
+	help
+	  This hidden option should be set on a per-SOC basis to indicate that
+	  a particular SOC is not vulnerable to the Spectre V1, V1.1, and V1.2
+	  CPU vulnerabilities as described in CVE-2017-5753 and CVE-2018-3693.
 
 config X86_NO_SPECTRE_V2
 	bool
 	help
 	  This hidden option should be set on a per-SOC basis to indicate that
-	  a particular SOC is not vulnerable to the Spectre V2 CPU vulnerability.
+	  a particular SOC is not vulnerable to the Spectre V2 CPU
+	  vulnerability, as described in CVE-2017-5715.
 
 config X86_NO_SPECTRE_V4
 	bool
 	help
 	  This hidden option should be set on a per-SOC basis to indicate that
-	  a particular SOC is not vulnerable to the Spectre V4 CPU vulnerability.
-endmenu
+	  a particular SOC is not vulnerable to the Spectre V4 CPU
+	  vulnerability, as described in CVE-2018-3639.
+
+config X86_NO_LAZY_FP
+	bool
+	help
+	  This hidden option should be set on a per-SOC basis to indicate
+	  that a particular SOC is not vulnerable to the Lazy FP CPU
+	  vulnerability, as described in CVE-2018-3665.
+
+config X86_NO_SPECULATIVE_VULNERABILITIES
+	bool
+	select X86_NO_MELTDOWN
+	select X86_NO_SPECTRE_V1
+	select X86_NO_SPECTRE_V2
+	select X86_NO_SPECTRE_V4
+	select X86_NO_LAZY_FP
+	help
+	  This hidden option should be set on a per-SOC basis that a
+	  particular SOC does not perform any kind of speculative execution,
+	  or is a newer chip which is immune to the class of vulnerabilities
+	  which exploit speculative execution side channel attacks.
 
 config X86_ENABLE_TSS
 	bool