| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250219220826.2453186-1-yosry.ahmed@linux.dev> Date: Wed, 19 Feb 2025 22:08:20 +0000 From: Yosry Ahmed <yosry.ahmed@...ux.dev> To: x86@...nel.org Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>, Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [PATCH 0/6] IBPB cleanups and a fixup This series removes X86_FEATURE_USE_IBPB, and fixes a KVM nVMX bug in the process. The motivation is mostly the confusing name of X86_FEATURE_USE_IBPB, which sounds like it controls IBPBs in general, but it only controls IBPBs for spectre_v2_mitigation. A side effect of this confusion is the nVMX bug, where virtualizing IBRS correctly depends on the spectre_v2_user mitigation. The feature bit is mostly redundant, except in controlling the IBPB in the vCPU load path. For that, a separate static branch is introduced, similar to switch_mm_*_ibpb. I wanted to do more, but decided to stay conservative. I was mainly hoping to merge indirect_branch_prediction_barrier() with entry_ibpb() to have a single IBPB primitive that always stuffs the RSB if the IBPB doesn't, but this would add some overhead in paths that currently use indirect_branch_prediction_barrier(), and I was not sure if that's acceptable. For the record, my measurements of the latency of indirect_branch_prediction_barrier() and entry_ibpb() on Rome and Milan (both do not have X86_FEATURE_AMD_IBPB_RET) are as follows: Rome: 400ns (indirect_branch_prediction_barrier) vs 500ns (entry_ibpb) Milan: 220ns (indirect_branch_prediction_barrier) vs 280ns (entry_ibpb) I also wanted to move controlling the IBPB on vCPU load from being under spectre_v2_user to spectre_v2, because "user" in a lot of mitigation contexts does not include VMs. Just laying out these thoughts in case others have any comments. Yosry Ahmed (6): x86/bugs: Move the X86_FEATURE_USE_IBPB check into callers x86/mm: Remove X86_FEATURE_USE_IBPB checks in cond_mitigation() x86/bugs: Remove the X86_FEATURE_USE_IBPB check in ib_prctl_set() x86/bugs: Use a static branch to guard IBPB on vCPU load KVM: nVMX: Always use IBPB to properly virtualize IBRS x86/bugs: Remove X86_FEATURE_USE_IBPB arch/x86/include/asm/cpufeatures.h | 1 - arch/x86/include/asm/nospec-branch.h | 4 +++- arch/x86/kernel/cpu/bugs.c | 7 +++++-- arch/x86/kvm/svm/svm.c | 3 ++- arch/x86/kvm/vmx/vmx.c | 3 ++- arch/x86/mm/tlb.c | 3 +-- tools/arch/x86/include/asm/cpufeatures.h | 1 - 7 files changed, 13 insertions(+), 9 deletions(-) -- 2.48.1.601.g30ceb7b040-goog
Powered by blists - more mailing lists