Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes

Mon, 19 Nov 2018 12:47:49 -0800 

On Fri, 16 Nov 2018, Tim Chen wrote:
> +static const struct {
> +     const char *option;
> +     enum spectre_v2_app2app_mitigation_cmd cmd;
> +     bool secure;
> +} app2app_options[] = {
> +     { "off",        SPECTRE_V2_APP2APP_CMD_NONE,   false },
> +     { "lite",       SPECTRE_V2_APP2APP_CMD_LITE,   false },
> +     { "strict",     SPECTRE_V2_APP2APP_CMD_STRICT, false },
> +     { "auto",       SPECTRE_V2_APP2APP_CMD_AUTO,   false },
> +     /*
> +      * The "on" option is kept as last entry. It is implied by
> +      * spectre_v2=on boot parameter and it is not checked
> +      * in spectre_v2_app2app boot parameter.
> +      */
> +     { "on",         SPECTRE_V2_APP2APP_CMD_FORCE,  true  },

FORCE is the same as STRICT. What's the point?

> @@ -376,6 +464,8 @@ static void __init spectre_v2_select_mitigation(void)
>  {
>       enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
>       enum spectre_v2_mitigation mode = SPECTRE_V2_NONE;
> +     enum spectre_v2_app2app_mitigation_cmd app2app_cmd;
> +     enum spectre_v2_app2app_mitigation app2app_mode;
>  
>       /*
>        * If the CPU is not affected and the command line mode is NONE or AUTO
> @@ -452,12 +542,6 @@ static void __init spectre_v2_select_mitigation(void)
>       setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
>       pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context 
> switch\n");
>  
> -     /* Initialize Indirect Branch Prediction Barrier if supported */
> -     if (boot_cpu_has(X86_FEATURE_IBPB)) {
> -             setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
> -             pr_info("Spectre v2 mitigation: Enabling Indirect Branch 
> Prediction Barrier\n");
> -     }
> -
>       /*
>        * Retpoline means the kernel is safe because it has no indirect
>        * branches. Enhanced IBRS protects firmware too, so, enable restricted
> @@ -474,6 +558,43 @@ static void __init spectre_v2_select_mitigation(void)
>               pr_info("Enabling Restricted Speculation for firmware calls\n");
>       }
>  
> +     app2app_mode = SPECTRE_V2_APP2APP_NONE;
> +     if (!boot_cpu_has(X86_FEATURE_IBPB) ||
> +         !boot_cpu_has(X86_FEATURE_STIBP))
> +             goto set_app2app_mode;

So before that change IBPB was usable without STIBP, now not longer. What's
the rationale?

This patch changes a gazillion things at once and is completely
unreviewable.

Thanks,

        tglx

Reply via email to