Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/05/2018 03:16 AM, David Woodhouse wrote: > On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote: >> >> + mutex_lock(_ctrl_mutex); >> + >> + if (enable == IBRS_DISABLED) { >> + /* disable IBRS usage */ >> + set_ibrs_disabled(); >> + if

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/05/2018 03:16 AM, David Woodhouse wrote: > On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote: >> >> + mutex_lock(_ctrl_mutex); >> + >> + if (enable == IBRS_DISABLED) { >> + /* disable IBRS usage */ >> + set_ibrs_disabled(); >> + if

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, 4 Jan 2018, Dave Hansen wrote: > On 01/04/2018 10:33 AM, Borislav Petkov wrote: > >> 2. At run time > >> echo 0 > /sys/kernel/debug/ibrs_enabled will turn off IBRS > >> echo 1 > /sys/kernel/debug/ibrs_enabled will turn on IBRS in kernel > >> echo 2 >

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, 4 Jan 2018, Dave Hansen wrote: > On 01/04/2018 10:33 AM, Borislav Petkov wrote: > >> 2. At run time > >> echo 0 > /sys/kernel/debug/ibrs_enabled will turn off IBRS > >> echo 1 > /sys/kernel/debug/ibrs_enabled will turn on IBRS in kernel > >> echo 2 >

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote: > > +   mutex_lock(_ctrl_mutex); > + > +   if (enable == IBRS_DISABLED) { > +   /* disable IBRS usage */ > +   set_ibrs_disabled(); > +   if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED) > +   

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote: > > +   mutex_lock(_ctrl_mutex); > + > +   if (enable == IBRS_DISABLED) { > +   /* disable IBRS usage */ > +   set_ibrs_disabled(); > +   if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED) > +   

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Fri, 5 Jan 2018, Borislav Petkov wrote: > On Fri, Jan 05, 2018 at 12:51:34AM +0100, Andrea Arcangeli wrote: > > In older kernels there's not even the boilerplate to check the static > > key in asm, > > This is the reason why I didn't use a static_key too. We are talking about upstream first

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Fri, 5 Jan 2018, Borislav Petkov wrote: > On Fri, Jan 05, 2018 at 12:51:34AM +0100, Andrea Arcangeli wrote: > > In older kernels there's not even the boilerplate to check the static > > key in asm, > > This is the reason why I didn't use a static_key too. We are talking about upstream first

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Fri, Jan 05, 2018 at 12:51:34AM +0100, Andrea Arcangeli wrote: > In older kernels there's not even the boilerplate to check the static > key in asm, This is the reason why I didn't use a static_key too. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Fri, Jan 05, 2018 at 12:51:34AM +0100, Andrea Arcangeli wrote: > In older kernels there's not even the boilerplate to check the static > key in asm, This is the reason why I didn't use a static_key too. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 03:26:52PM -0800, Tim Chen wrote: > On 01/04/2018 02:54 PM, Peter Zijlstra wrote: > > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > >> .macro ENABLE_IBRS > >> - ALTERNATIVE "jmp 10f", "", X86_FEATURE_SPEC_CTRL > >> + testl $SPEC_CTRL_IBRS_INUSE,

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 03:26:52PM -0800, Tim Chen wrote: > On 01/04/2018 02:54 PM, Peter Zijlstra wrote: > > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > >> .macro ENABLE_IBRS > >> - ALTERNATIVE "jmp 10f", "", X86_FEATURE_SPEC_CTRL > >> + testl $SPEC_CTRL_IBRS_INUSE,

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 02:54 PM, Peter Zijlstra wrote: > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: >> .macro ENABLE_IBRS >> -ALTERNATIVE "jmp 10f", "", X86_FEATURE_SPEC_CTRL >> +testl $SPEC_CTRL_IBRS_INUSE, spec_ctrl_ibrs >> +jz .Lskip_\@ >> + >> PUSH_MSR_REGS >>

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 02:54 PM, Peter Zijlstra wrote: > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: >> .macro ENABLE_IBRS >> -ALTERNATIVE "jmp 10f", "", X86_FEATURE_SPEC_CTRL >> +testl $SPEC_CTRL_IBRS_INUSE, spec_ctrl_ibrs >> +jz .Lskip_\@ >> + >> PUSH_MSR_REGS >>

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > .macro ENABLE_IBRS > - ALTERNATIVE "jmp 10f", "", X86_FEATURE_SPEC_CTRL > + testl $SPEC_CTRL_IBRS_INUSE, spec_ctrl_ibrs > + jz .Lskip_\@ > + > PUSH_MSR_REGS > WRMSR_ASM $MSR_IA32_SPEC_CTRL,

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > .macro ENABLE_IBRS > - ALTERNATIVE "jmp 10f", "", X86_FEATURE_SPEC_CTRL > + testl $SPEC_CTRL_IBRS_INUSE, spec_ctrl_ibrs > + jz .Lskip_\@ > + > PUSH_MSR_REGS > WRMSR_ASM $MSR_IA32_SPEC_CTRL,

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 12:16 PM, Greg KH wrote: > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: >> There are 2 ways to control IBRS >> >> 1. At boot time >> noibrs kernel boot parameter will disable IBRS usage >> >> Otherwise if the above parameters are not specified, the system >> will

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 12:16 PM, Greg KH wrote: > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: >> There are 2 ways to control IBRS >> >> 1. At boot time >> noibrs kernel boot parameter will disable IBRS usage >> >> Otherwise if the above parameters are not specified, the system >> will

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > There are 2 ways to control IBRS > > 1. At boot time > noibrs kernel boot parameter will disable IBRS usage > > Otherwise if the above parameters are not specified, the system > will enable ibrs and ibpb usage if the cpu supports

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > There are 2 ways to control IBRS > > 1. At boot time > noibrs kernel boot parameter will disable IBRS usage > > Otherwise if the above parameters are not specified, the system > will enable ibrs and ibpb usage if the cpu supports

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 10:59:35AM -0800, Dave Hansen wrote: > On 01/04/2018 10:52 AM, Borislav Petkov wrote: > >> Paranoid people want "IBRS always" aka "ibrs 2". > > > > So why not "IBRS always" or off? No need for the "IBRS only in the > > kernel" setting. > > IBRS=1 slows execution down. If

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 10:59:35AM -0800, Dave Hansen wrote: > On 01/04/2018 10:52 AM, Borislav Petkov wrote: > >> Paranoid people want "IBRS always" aka "ibrs 2". > > > > So why not "IBRS always" or off? No need for the "IBRS only in the > > kernel" setting. > > IBRS=1 slows execution down. If

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 10:34 AM, Andrea Arcangeli wrote: > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: >> There are 2 ways to control IBRS >> >> 1. At boot time >> noibrs kernel boot parameter will disable IBRS usage >> >> Otherwise if the above parameters are not specified, the system >>

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 10:34 AM, Andrea Arcangeli wrote: > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: >> There are 2 ways to control IBRS >> >> 1. At boot time >> noibrs kernel boot parameter will disable IBRS usage >> >> Otherwise if the above parameters are not specified, the system >>

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 10:52 AM, Borislav Petkov wrote: >> Paranoid people want "IBRS always" aka "ibrs 2". > > So why not "IBRS always" or off? No need for the "IBRS only in the > kernel" setting. IBRS=1 slows execution down. If it's on all the time, you pay a performance cost in userspace. The

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 10:52 AM, Borislav Petkov wrote: >> Paranoid people want "IBRS always" aka "ibrs 2". > > So why not "IBRS always" or off? No need for the "IBRS only in the > kernel" setting. IBRS=1 slows execution down. If it's on all the time, you pay a performance cost in userspace. The

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 07:52:19PM +0100, Borislav Petkov wrote: > So why not "IBRS always" or off? No need for the "IBRS only in the > kernel" setting. Because it's slower (or much slower depending on how much stuff the microcode has to disable in the CPU to provide IBSR) and you only need that

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 07:52:19PM +0100, Borislav Petkov wrote: > So why not "IBRS always" or off? No need for the "IBRS only in the > kernel" setting. Because it's slower (or much slower depending on how much stuff the microcode has to disable in the CPU to provide IBSR) and you only need that

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

+ Tom. On Thu, Jan 04, 2018 at 10:54:38AM -0800, Dave Hansen wrote: > On 01/04/2018 10:38 AM, Andrea Arcangeli wrote: > >> And then, if at all, this needs to be connected to the retpolines fun, > >> methinks, so that it can be decided at boot what to use. > Yes, we need to reconcile this with the

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

+ Tom. On Thu, Jan 04, 2018 at 10:54:38AM -0800, Dave Hansen wrote: > On 01/04/2018 10:38 AM, Andrea Arcangeli wrote: > >> And then, if at all, this needs to be connected to the retpolines fun, > >> methinks, so that it can be decided at boot what to use. > Yes, we need to reconcile this with the

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 07:38:26PM +0100, Andrea Arcangeli wrote: > Consolidating in arch/x86/kernel/spec_ctrl.c would allow removing that > export. > > Here I've got: > > static DEFINE_MUTEX(spec_ctrl_mutex); Yap. > Turning this off at any time is very easy, making reptoline runtime >

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 07:38:26PM +0100, Andrea Arcangeli wrote: > Consolidating in arch/x86/kernel/spec_ctrl.c would allow removing that > export. > > Here I've got: > > static DEFINE_MUTEX(spec_ctrl_mutex); Yap. > Turning this off at any time is very easy, making reptoline runtime >

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 10:38 AM, Andrea Arcangeli wrote: >> And then, if at all, this needs to be connected to the retpolines fun, >> methinks, so that it can be decided at boot what to use. Yes, we need to reconcile this with the retpoline. I've tried to capture what we do where in here: >

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 10:38 AM, Andrea Arcangeli wrote: >> And then, if at all, this needs to be connected to the retpolines fun, >> methinks, so that it can be decided at boot what to use. Yes, we need to reconcile this with the retpoline. I've tried to capture what we do where in here: >

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, 4 Jan 2018 09:56:47 -0800 Tim Chen wrote: > There are 2 ways to control IBRS > > 1. At boot time > noibrs kernel boot parameter will disable IBRS usage > > Otherwise if the above parameters are not specified, the system > will enable ibrs and ibpb usage

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, 4 Jan 2018 09:56:47 -0800 Tim Chen wrote: > There are 2 ways to control IBRS > > 1. At boot time > noibrs kernel boot parameter will disable IBRS usage > > Otherwise if the above parameters are not specified, the system > will enable ibrs and ibpb usage if the cpu supports it. >

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 10:36:30AM -0800, Dave Hansen wrote: > Distros have the tri-state already deployed. So that's not really a reason. > Paranoid people want "IBRS always" aka "ibrs 2". So why not "IBRS always" or off? No need for the "IBRS only in the kernel" setting. -- Regards/Gruss,

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 10:36:30AM -0800, Dave Hansen wrote: > Distros have the tri-state already deployed. So that's not really a reason. > Paranoid people want "IBRS always" aka "ibrs 2". So why not "IBRS always" or off? No need for the "IBRS only in the kernel" setting. -- Regards/Gruss,

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 07:33:45PM +0100, Borislav Petkov wrote: > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > > There are 2 ways to control IBRS > > > > 1. At boot time > > noibrs kernel boot parameter will disable IBRS usage > > > > Otherwise if the above parameters are not

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 07:33:45PM +0100, Borislav Petkov wrote: > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > > There are 2 ways to control IBRS > > > > 1. At boot time > > noibrs kernel boot parameter will disable IBRS usage > > > > Otherwise if the above parameters are not

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 10:33 AM, Borislav Petkov wrote: >> 2. At run time >> echo 0 > /sys/kernel/debug/ibrs_enabled will turn off IBRS >> echo 1 > /sys/kernel/debug/ibrs_enabled will turn on IBRS in kernel >> echo 2 > /sys/kernel/debug/ibrs_enabled will turn on IBRS in both >> userspace and

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On 01/04/2018 10:33 AM, Borislav Petkov wrote: >> 2. At run time >> echo 0 > /sys/kernel/debug/ibrs_enabled will turn off IBRS >> echo 1 > /sys/kernel/debug/ibrs_enabled will turn on IBRS in kernel >> echo 2 > /sys/kernel/debug/ibrs_enabled will turn on IBRS in both >> userspace and

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > There are 2 ways to control IBRS > > 1. At boot time > noibrs kernel boot parameter will disable IBRS usage > > Otherwise if the above parameters are not specified, the system > will enable ibrs and ibpb usage if the cpu supports

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > There are 2 ways to control IBRS > > 1. At boot time > noibrs kernel boot parameter will disable IBRS usage > > Otherwise if the above parameters are not specified, the system > will enable ibrs and ibpb usage if the cpu supports

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > There are 2 ways to control IBRS > > 1. At boot time > noibrs kernel boot parameter will disable IBRS usage > > Otherwise if the above parameters are not specified, the system > will enable ibrs and ibpb usage if the cpu supports

Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote: > There are 2 ways to control IBRS > > 1. At boot time > noibrs kernel boot parameter will disable IBRS usage > > Otherwise if the above parameters are not specified, the system > will enable ibrs and ibpb usage if the cpu supports

[PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

There are 2 ways to control IBRS 1. At boot time noibrs kernel boot parameter will disable IBRS usage Otherwise if the above parameters are not specified, the system will enable ibrs and ibpb usage if the cpu supports it. 2. At run time echo 0 > /sys/kernel/debug/ibrs_enabled will turn

[PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

There are 2 ways to control IBRS 1. At boot time noibrs kernel boot parameter will disable IBRS usage Otherwise if the above parameters are not specified, the system will enable ibrs and ibpb usage if the cpu supports it. 2. At run time echo 0 > /sys/kernel/debug/ibrs_enabled will turn