| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <90d6723f-9cb9-e299-3e99-fa01c2518c29@linux.intel.com>
Date: Fri, 26 Oct 2018 11:15:35 -0700
From: Tim Chen <tim.c.chen@...ux.intel.com>
To: Waiman Long <longman9394@...il.com>,
Jiri Kosina <jikos@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Tom Lendacky <thomas.lendacky@....com>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>,
Casey Schaufler <casey.schaufler@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>,
Arjan van de Ven <arjan@...ux.intel.com>,
Jon Masters <jcm@...hat.com>, linux-kernel@...r.kernel.org,
x86@...nel.org
Subject: Re: [Patch v3 03/13] x86/speculation: Add static key for Enhanced
IBRS
On 10/26/2018 09:58 AM, Waiman Long wrote:
> On 10/17/2018 01:59 PM, Tim Chen wrote:
>> Add static key to indicate whether we are using Enhanced IBRS to mitigate
>> Spectre v2. This will be used in later patches to disengage STIBP code
>> for Spectre v2 mitigation as STIBP is not needed when Enhanced IBRS is
>> in use.
>>
>> Signed-off-by: Tim Chen <tim.c.chen@...ux.intel.com>
>> ---
>> arch/x86/include/asm/nospec-branch.h | 3 +++
>> arch/x86/kernel/cpu/bugs.c | 4 ++++
>> 2 files changed, 7 insertions(+)
>>
>> diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
>> index fd2a8c1..d57e84e 100644
>> --- a/arch/x86/include/asm/nospec-branch.h
>> +++ b/arch/x86/include/asm/nospec-branch.h
>> @@ -3,6 +3,7 @@
>> #ifndef _ASM_X86_NOSPEC_BRANCH_H_
>> #define _ASM_X86_NOSPEC_BRANCH_H_
>>
>> +#include <linux/static_key.h>
>> #include <asm/alternative.h>
>> #include <asm/alternative-asm.h>
>> #include <asm/cpufeatures.h>
>> @@ -228,6 +229,8 @@ enum ssb_mitigation {
>> extern char __indirect_thunk_start[];
>> extern char __indirect_thunk_end[];
>>
>> +DECLARE_STATIC_KEY_FALSE(spectre_v2_enhanced_ibrs);
>> +
>> /*
>> * On VMEXIT we must ensure that no RSB predictions learned in the guest
>> * can be followed in the host, by overwriting the RSB completely. Both
>> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
>> index b2f6b8b..2fc7b4e 100644
>> --- a/arch/x86/kernel/cpu/bugs.c
>> +++ b/arch/x86/kernel/cpu/bugs.c
>> @@ -142,6 +142,9 @@ static const char *spectre_v2_strings[] = {
>> [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS",
>> };
>>
>> +DEFINE_STATIC_KEY_FALSE(spectre_v2_enhanced_ibrs);
>> +EXPORT_SYMBOL(spectre_v2_enhanced_ibrs);
>> +
>> #undef pr_fmt
>> #define pr_fmt(fmt) "Spectre V2 : " fmt
>>
>> @@ -386,6 +389,7 @@ static void __init spectre_v2_select_mitigation(void)
>> /* Force it so VMEXIT will restore correctly */
>> x86_spec_ctrl_base |= SPEC_CTRL_IBRS;
>> wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
>> + static_branch_enable(&spectre_v2_enhanced_ibrs);
>> goto specv2_set_mode;
>> }
>> if (IS_ENABLED(CONFIG_RETPOLINE))
>
> Why you need a static key for enhanced IBRS? It is supposed to be set at
> boot time and never get changed after that. It will be easier to use a
> feature bit for that instead. We usually use static key when the value
> can be changed at run time.
>
We're close to running out of the feature bits. So I'm trying not to
use those.
Tim
Powered by blists - more mailing lists