On 1/21/2018 1:14 PM, Andy Lutomirski wrote: > > >> On Jan 20, 2018, at 11:23 AM, KarimAllah Ahmed <[email protected]> wrote: >> >> From: Tim Chen <[email protected]> >> >> Create macros to control Indirect Branch Speculation. >> >> Name them so they reflect what they are actually doing. >> The macros are used to restrict and unrestrict the indirect branch >> speculation. >> They do not *disable* (or *enable*) indirect branch speculation. A trip back >> to >> user-space after *restricting* speculation would still affect the BTB. >> >> Quoting from a commit by Tim Chen: >> >> """ >> If IBRS is set, near returns and near indirect jumps/calls will not allow >> their predicted target address to be controlled by code that executed in a >> less privileged prediction mode *BEFORE* the IBRS mode was last written >> with >> a value of 1 or on another logical processor so long as all Return Stack >> Buffer (RSB) entries from the previous less privileged prediction mode are >> overwritten. >> >> Thus a near indirect jump/call/return may be affected by code in a less >> privileged prediction mode that executed *AFTER* IBRS mode was last >> written >> with a value of 1. >> """ >> >> [ tglx: Changed macro names and rewrote changelog ] >> [ karahmed: changed macro names *again* and rewrote changelog ] >> >> Signed-off-by: Tim Chen <[email protected]> >> Signed-off-by: Thomas Gleixner <[email protected]> >> Signed-off-by: KarimAllah Ahmed <[email protected]> >> Cc: Andrea Arcangeli <[email protected]> >> Cc: Andi Kleen <[email protected]> >> Cc: Peter Zijlstra <[email protected]> >> Cc: Greg KH <[email protected]> >> Cc: Dave Hansen <[email protected]> >> Cc: Andy Lutomirski <[email protected]> >> Cc: Paolo Bonzini <[email protected]> >> Cc: Dan Williams <[email protected]> >> Cc: Arjan Van De Ven <[email protected]> >> Cc: Linus Torvalds <[email protected]> >> Cc: David Woodhouse <[email protected]> >> Cc: Ashok Raj <[email protected]> >> Link: >> https://lkml.kernel.org/r/3aab341725ee6a9aafd3141387453b45d788d61a.1515542293.git.tim.c.c...@linux.intel.com >> Signed-off-by: David Woodhouse <[email protected]> >> --- >> arch/x86/entry/calling.h | 73 >> ++++++++++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 73 insertions(+) >> >> diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h >> index 3f48f69..5aafb51 100644 >> --- a/arch/x86/entry/calling.h >> +++ b/arch/x86/entry/calling.h >> @@ -6,6 +6,8 @@ >> #include <asm/percpu.h> >> #include <asm/asm-offsets.h> >> #include <asm/processor-flags.h> >> +#include <asm/msr-index.h> >> +#include <asm/cpufeatures.h> >> >> /* >> >> @@ -349,3 +351,74 @@ For 32-bit we have the following conventions - kernel >> is built with >> .Lafter_call_\@: >> #endif >> .endm >> + >> +/* >> + * IBRS related macros >> + */ >> +.macro PUSH_MSR_REGS >> + pushq %rax >> + pushq %rcx >> + pushq %rdx >> +.endm >> + >> +.macro POP_MSR_REGS >> + popq %rdx >> + popq %rcx >> + popq %rax >> +.endm >> + >> +.macro WRMSR_ASM msr_nr:req edx_val:req eax_val:req >> + movl \msr_nr, %ecx >> + movl \edx_val, %edx >> + movl \eax_val, %eax >> + wrmsr >> +.endm >> + >> +.macro RESTRICT_IB_SPEC >> + ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS >> + PUSH_MSR_REGS >> + WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $SPEC_CTRL_IBRS >> + POP_MSR_REGS >> +.Lskip_\@: >> +.endm >> + >> +.macro UNRESTRICT_IB_SPEC >> + ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS >> + PUSH_MSR_REGS >> + WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $0 > > I think you should be writing 2, not 0, since I'm reasonably confident that > we want STIBP on. Can you explain why you're writing 0?
Do we want to talk about STIBP in general? Should it be (yet another) boot option to enable or disable? If there is STIBP support without IBRS support, it could be a set and forget at boot time. Thanks, Tom > > Also, holy cow, there are so many macros here. > > And a meta question: why are there so many submitters of the same series? >
