| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Oct 2018 12:58:16 -0400
From: Waiman Long <longman9394@...il.com>
To: Tim Chen <tim.c.chen@...ux.intel.com>,
Jiri Kosina <jikos@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Tom Lendacky <thomas.lendacky@....com>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>,
Casey Schaufler <casey.schaufler@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>,
Arjan van de Ven <arjan@...ux.intel.com>,
Jon Masters <jcm@...hat.com>, linux-kernel@...r.kernel.org,
x86@...nel.org
Subject: Re: [Patch v3 03/13] x86/speculation: Add static key for Enhanced
IBRS
On 10/17/2018 01:59 PM, Tim Chen wrote:
> Add static key to indicate whether we are using Enhanced IBRS to mitigate
> Spectre v2. This will be used in later patches to disengage STIBP code
> for Spectre v2 mitigation as STIBP is not needed when Enhanced IBRS is
> in use.
>
> Signed-off-by: Tim Chen <tim.c.chen@...ux.intel.com>
> ---
> arch/x86/include/asm/nospec-branch.h | 3 +++
> arch/x86/kernel/cpu/bugs.c | 4 ++++
> 2 files changed, 7 insertions(+)
>
> diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
> index fd2a8c1..d57e84e 100644
> --- a/arch/x86/include/asm/nospec-branch.h
> +++ b/arch/x86/include/asm/nospec-branch.h
> @@ -3,6 +3,7 @@
> #ifndef _ASM_X86_NOSPEC_BRANCH_H_
> #define _ASM_X86_NOSPEC_BRANCH_H_
>
> +#include <linux/static_key.h>
> #include <asm/alternative.h>
> #include <asm/alternative-asm.h>
> #include <asm/cpufeatures.h>
> @@ -228,6 +229,8 @@ enum ssb_mitigation {
> extern char __indirect_thunk_start[];
> extern char __indirect_thunk_end[];
>
> +DECLARE_STATIC_KEY_FALSE(spectre_v2_enhanced_ibrs);
> +
> /*
> * On VMEXIT we must ensure that no RSB predictions learned in the guest
> * can be followed in the host, by overwriting the RSB completely. Both
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index b2f6b8b..2fc7b4e 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -142,6 +142,9 @@ static const char *spectre_v2_strings[] = {
> [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS",
> };
>
> +DEFINE_STATIC_KEY_FALSE(spectre_v2_enhanced_ibrs);
> +EXPORT_SYMBOL(spectre_v2_enhanced_ibrs);
> +
> #undef pr_fmt
> #define pr_fmt(fmt) "Spectre V2 : " fmt
>
> @@ -386,6 +389,7 @@ static void __init spectre_v2_select_mitigation(void)
> /* Force it so VMEXIT will restore correctly */
> x86_spec_ctrl_base |= SPEC_CTRL_IBRS;
> wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
> + static_branch_enable(&spectre_v2_enhanced_ibrs);
> goto specv2_set_mode;
> }
> if (IS_ENABLED(CONFIG_RETPOLINE))
Why you need a static key for enhanced IBRS? It is supposed to be set at
boot time and never get changed after that. It will be easier to use a
feature bit for that instead. We usually use static key when the value
can be changed at run time.
Cheers,
Longman
Powered by blists - more mailing lists