Re: [tip: x86/urgent] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.

From: Borislav Petkov
Date: Thu Jun 11 2020 - 10:10:01 EST

Next message: Catalin Marinas: "Re: [PATCH] arm64: fpsimd: Added API to manage fpsimd state inside kernel"
Previous message: jim . cromie: "Re: WIP generic module->debug_flags and dynamic_debug"
In reply to: tip-bot2 for Anthony Steinhauser: "[tip: x86/urgent] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS."
Next in thread: Anthony Steinhauser: "Re: [tip: x86/urgent] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 09, 2020 at 08:53:49AM -0000, tip-bot2 for Anthony Steinhauser wrote:
> @@ -672,23 +665,36 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
> pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n",
> static_key_enabled(&switch_mm_always_ibpb) ?
> "always-on" : "conditional");
> +
> + spectre_v2_user_ibpb = mode;
> }
>
> - /* If enhanced IBRS is enabled no STIBP required */
> - if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
> + /*
> + * If enhanced IBRS is enabled or SMT impossible, STIBP is not
> + * required.
> + */
> + if (!smt_possible || spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
> return;
>
> /*
> - * If SMT is not possible or STIBP is not available clear the STIBP
> - * mode.
> + * At this point, an STIBP mode other than "off" has been set.
> + * If STIBP support is not being forced, check if STIBP always-on
> + * is preferred.
> + */
> + if (mode != SPECTRE_V2_USER_STRICT &&
> + boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON))
> + mode = SPECTRE_V2_USER_STRICT_PREFERRED;
> +
> + /*
> + * If STIBP is not available, clear the STIBP mode.
> */
> - if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP))
> + if (!boot_cpu_has(X86_FEATURE_STIBP))
> mode = SPECTRE_V2_USER_NONE;

Can we merge this test into the one above? Diff ontop:

---
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 8d57562b1d2c..05b3163e1b8c 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -673,7 +673,9 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
* If enhanced IBRS is enabled or SMT impossible, STIBP is not
* required.
*/
- if (!smt_possible || spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+ if (!boot_cpu_has(X86_FEATURE_STIBP) ||
+ !smt_possible ||
+ spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
return;

/*
@@ -685,12 +687,6 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON))
mode = SPECTRE_V2_USER_STRICT_PREFERRED;

- /*
- * If STIBP is not available, clear the STIBP mode.
- */
- if (!boot_cpu_has(X86_FEATURE_STIBP))
- mode = SPECTRE_V2_USER_NONE;
-
spectre_v2_user_stibp = mode;

set_mode:

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Catalin Marinas: "Re: [PATCH] arm64: fpsimd: Added API to manage fpsimd state inside kernel"
Previous message: jim . cromie: "Re: WIP generic module->debug_flags and dynamic_debug"
In reply to: tip-bot2 for Anthony Steinhauser: "[tip: x86/urgent] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS."
Next in thread: Anthony Steinhauser: "Re: [tip: x86/urgent] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]