lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 21 Jan 2018 11:26:22 +0100
From:   Ingo Molnar <mingo@...nel.org>
To:     David Woodhouse <dwmw@...zon.co.uk>
Cc:     arjan@...ux.intel.com, tglx@...utronix.de, karahmed@...zon.de,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        tim.c.chen@...ux.intel.com, bp@...en8.de, peterz@...radead.org,
        pbonzini@...hat.com, ak@...ux.intel.com,
        torvalds@...ux-foundation.org, gregkh@...ux-foundation.org
Subject: Re: [PATCH v2 5/8] x86/speculation: Add basic support for IBPB


* David Woodhouse <dwmw@...zon.co.uk> wrote:

> From: Thomas Gleixner <tglx@...utronix.de>
> 
> Expose indirect_branch_prediction_barrier() for use in subsequent patches.
> 
> [karahmed: remove the special-casing of skylake for using IBPB (wtf?),
>            switch to using ALTERNATIVES instead of static_cpu_has]
> [dwmw2:    set up ax/cx/dx in the asm too so it gets NOP'd out]
> 
> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> Signed-off-by: KarimAllah Ahmed <karahmed@...zon.de>
> Signed-off-by: David Woodhouse <dwmw@...zon.co.uk>
> ---
>  arch/x86/include/asm/cpufeatures.h   |  1 +
>  arch/x86/include/asm/nospec-branch.h | 16 ++++++++++++++++
>  arch/x86/kernel/cpu/bugs.c           |  7 +++++++
>  3 files changed, 24 insertions(+)
> 
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 8c9e5c0..cf28399 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -207,6 +207,7 @@
>  #define X86_FEATURE_RETPOLINE_AMD	( 7*32+13) /* AMD Retpoline mitigation for Spectre variant 2 */
>  #define X86_FEATURE_INTEL_PPIN		( 7*32+14) /* Intel Processor Inventory Number */
>  
> +#define X86_FEATURE_IBPB		( 7*32+16) /* Using Indirect Branch Prediction Barrier */
>  #define X86_FEATURE_AMD_PRED_CMD	( 7*32+17) /* Prediction Command MSR (AMD) */
>  #define X86_FEATURE_MBA			( 7*32+18) /* Memory Bandwidth Allocation */
>  #define X86_FEATURE_RSB_CTXSW		( 7*32+19) /* Fill RSB on context switches */
> diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
> index 4ad4108..c333c95 100644
> --- a/arch/x86/include/asm/nospec-branch.h
> +++ b/arch/x86/include/asm/nospec-branch.h
> @@ -218,5 +218,21 @@ static inline void vmexit_fill_RSB(void)
>  #endif
>  }
>  
> +static inline void indirect_branch_prediction_barrier(void)
> +{
> +	unsigned long ax, cx, dx;
> +
> +	asm volatile(ALTERNATIVE("",
> +				 "movl %[msr], %%ecx\n\t"
> +				 "movl %[val], %%eax\n\t"
> +				 "movl $0, %%edx\n\t"
> +				 "wrmsr",
> +				 X86_FEATURE_IBPB)
> +		     : "=a" (ax), "=c" (cx), "=d" (dx)
> +		     : [msr] "i" (MSR_IA32_PRED_CMD),
> +		       [val] "i" (PRED_CMD_IBPB)
> +		     : "memory");
> +}
> +
>  #endif /* __ASSEMBLY__ */
>  #endif /* __NOSPEC_BRANCH_H__ */
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 390b3dc..96548ff 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -249,6 +249,13 @@ static void __init spectre_v2_select_mitigation(void)
>  		setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
>  		pr_info("Filling RSB on context switch\n");
>  	}
> +
> +	/* Initialize Indirect Branch Prediction Barrier if supported */
> +	if (boot_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +	    boot_cpu_has(X86_FEATURE_AMD_PRED_CMD)) {
> +		setup_force_cpu_cap(X86_FEATURE_IBPB);
> +		pr_info("Enabling Indirect Branch Prediction Barrier\n");
> +	}
>  }

I'd suggest writing out the common 'IBPB' acronym in the messages as well:

		pr_info("Enabling Indirect Branch Prediction Barrier (IBPB)\n");

Also, the kernel's barrier*() namespace as it exists today is:

	barrier()
	barrier_data()

I think the better name to introduce would be:

	barrier_indirect_branch_prediction()

to maintain barrier_ as a prefix.

Thanks,

	Ingo

Powered by blists - more mailing lists