Re: [PATCH v2 4/8] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

[Greg KH]

On Sat, Jan 06, 2018 at 04:25:19PM -0500, Konrad Rzeszutek Wilk wrote:
> On Sat, Jan 06, 2018 at 10:10:59AM -0800, Tim Chen wrote:
> > 
> > 
> > On 01/06/2018 12:54 AM, Greg KH wrote:
> > > On Fri, Jan 05, 2018 at 06:12:19PM -0800, Tim Chen wrote:
> > >> From: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> > >> From: Andrea Arcangeli <aarcange@xxxxxxxxxx>
> > >>
> > >> There are 2 ways to control IBRS
> > >>
> > >> 1. At boot time
> > >>     noibrs kernel boot parameter will disable IBRS usage
> > >>
> > >> Otherwise if the above parameters are not specified, the system
> > >> will enable ibrs and ibpb usage if the cpu supports it.
> > >>
> > >> 2. At run time
> > >>     echo 0 > /sys/kernel/debug/x86/ibrs_enabled will turn off IBRS
> > >>     echo 1 > /sys/kernel/debug/x86/ibrs_enabled will turn on IBRS in kernel
> > >>     echo 2 > /sys/kernel/debug/x86/ibrs_enabled will turn on IBRS in both userspace and kernel
> > >>
> 
> 
> This is going to create headaches in the future.
> 
> That is future CPUs there will be no need for this MSR nor retpoline as
> the CPUs will observe correctness when switching .. rings/vm-exits/etc
> and I would assume that 'ibrs_enabled' will return 0.
> 
> And that will make folks scared and run to support/Intel with
> complaints.
> 
> Furthmore with the 'retpoline' work you can disable IBRS and instead use
> 'retpoline's as mitigation - and again the 'ibrs_enabled' is now zero.
> Cue in horde of customers calling support.
> 
> Would it be better to have an global /sys/../spectre_resistent instead
> of these 'well, check if the repoline sysfs is enabled, or if that is
> not, then look at the cpuid flags'.
> 
> It would be good to have this future proof.

It's a debugfs api, it can be changed at any time, to be anything we
want, and all is fine :)

Let's get this all working first please, and then a "real" api can be
designed and implemented to please everyone.

thanks,

greg k-h