From: afzal mohammed <afzal.mohd.ma@gmail.com>
To: mingo@kernel.org, hpa@zytor.com, tglx@linutronix.de,
torvalds@linux-foundation.org, linux-kernel@vger.kernel.org,
dwmw@amazon.co.uk, peterz@infradead.org
Cc: linux-tip-commits@vger.kernel.org
Subject: Re: [tip:x86/pti] x86/speculation: Use IBRS if available before calling into firmware
Date: Mon, 12 Feb 2018 11:29:48 +0530 [thread overview]
Message-ID: <20180212055948.GA3281@afzalpc> (raw)
In-Reply-To: <tip-670c3e8da87fa4046a55077b1409cf250865a203@git.kernel.org>
Hi,
On Sun, Feb 11, 2018 at 11:19:10AM -0800, tip-bot for David Woodhouse wrote:
> x86/speculation: Use IBRS if available before calling into firmware
>
> Retpoline means the kernel is safe because it has no indirect branches.
> But firmware isn't, so use IBRS for firmware calls if it's available.
afaui, so only retpoline means still mitigation not enough.
Also David W has mentioned [1] that even with retpoline, IBPB is also
required (except Sky Lake).
If IBPB & IBRS is not supported by ucode, shouldn't the below indicate
some thing on the lines of Mitigation not enough ?
> - return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
> + return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
> boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
> + boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
> spectre_v2_module_string());
On 4.16-rc1, w/ GCC 7.3.0,
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
Here for the user (at least for me), it is not clear whether the
mitigation is enough. In the present system (Ivy Bridge), as ucode
update is not available, IBPB is not printed along with
"spectre_v2:Mitigation", so unless i am missing something, till then
this system should be considered vulnerable, but for a user not
familiar with details of the issue, it cannot be deduced.
Perhaps an additional status field [OKAY,PARTIAL] to Mitigation in
sysfs might be helpful. All these changes are in the air for me, this
is from a user perspective, sorry if my feedback seems idiotic.
afzal
[1] lkml.kernel.org/r/1516638426.9521.20.camel@infradead.org
next prev parent reply other threads:[~2018-02-12 6:00 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-10 23:39 [PATCH v2 0/6] Spectre v2 updates David Woodhouse
2018-02-10 23:39 ` [PATCH v2 1/6] x86/speculation: Update Speculation Control microcode blacklist David Woodhouse
2018-02-11 12:08 ` [tip:x86/pti] " tip-bot for David Woodhouse
2018-02-12 9:50 ` [PATCH v2 1/6] " Darren Kenny
2018-02-12 14:16 ` David Woodhouse
2018-02-12 14:32 ` Thomas Gleixner
2018-02-10 23:39 ` [PATCH v2 2/6] Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()" David Woodhouse
2018-02-11 12:09 ` [tip:x86/pti] " tip-bot for David Woodhouse
2018-02-13 8:58 ` tip-bot for David Woodhouse
2018-02-13 9:41 ` Peter Zijlstra
2018-02-13 11:28 ` Ingo Molnar
2018-02-13 13:28 ` Peter Zijlstra
2018-02-13 13:38 ` Ingo Molnar
2018-02-13 15:26 ` [tip:x86/pti] x86/speculation: Add <asm/msr-index.h> dependency tip-bot for Peter Zijlstra
2018-02-15 0:28 ` tip-bot for Peter Zijlstra
2018-02-10 23:39 ` [PATCH v2 3/6] KVM: x86: Reduce retpoline performance impact in slot_handle_level_range() David Woodhouse
2018-02-11 12:09 ` [tip:x86/pti] KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods tip-bot for David Woodhouse
2018-02-13 8:58 ` tip-bot for David Woodhouse
2018-02-10 23:39 ` [PATCH v2 4/6] X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs David Woodhouse
2018-02-11 12:10 ` [tip:x86/pti] " tip-bot for KarimAllah Ahmed
2018-02-13 8:59 ` tip-bot for KarimAllah Ahmed
2018-02-10 23:39 ` [PATCH v2 5/6] KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap David Woodhouse
2018-02-11 10:19 ` Ingo Molnar
[not found] ` <1518345844.3677.365.camel@amazon.co.uk>
2018-02-11 10:55 ` Ingo Molnar
2018-02-11 12:10 ` [tip:x86/pti] " tip-bot for KarimAllah Ahmed
2018-02-13 8:59 ` tip-bot for KarimAllah Ahmed
2018-02-10 23:39 ` [PATCH v2 6/6] x86/speculation: Use IBRS if available before calling into firmware David Woodhouse
2018-02-11 11:46 ` Ingo Molnar
2018-02-11 10:41 ` [PATCH v2 0/6] Spectre v2 updates Ingo Molnar
2018-02-11 15:19 ` [PATCH v2.1] x86/speculation: Use IBRS if available before calling into firmware David Woodhouse
2018-02-11 18:50 ` [PATCH] x86/speculation: Clean up various Spectre related details Ingo Molnar
2018-02-11 19:25 ` David Woodhouse
2018-02-11 19:43 ` Ingo Molnar
2018-02-12 15:30 ` David Woodhouse
2018-02-13 8:04 ` Ingo Molnar
2018-02-11 19:19 ` [tip:x86/pti] x86/speculation: Use IBRS if available before calling into firmware tip-bot for David Woodhouse
2018-02-12 5:59 ` afzal mohammed [this message]
2018-02-12 16:30 ` David Woodhouse
2018-02-12 10:22 ` Ingo Molnar
2018-02-12 11:50 ` Peter Zijlstra
2018-02-12 12:27 ` David Woodhouse
2018-02-12 13:06 ` Peter Zijlstra
2018-02-13 7:58 ` Ingo Molnar
2018-02-12 12:28 ` Peter Zijlstra
2018-02-12 16:13 ` Dave Hansen
2018-02-12 16:58 ` Peter Zijlstra
2018-02-13 7:55 ` Ingo Molnar
2018-02-14 1:49 ` Tim Chen
2018-02-14 8:56 ` Peter Zijlstra
2018-02-14 8:57 ` Peter Zijlstra
2018-02-14 19:20 ` Tim Chen
2018-02-14 23:19 ` Ingo Molnar
2018-02-15 2:01 ` Tim Chen
2018-02-14 9:31 ` [PATCH] watchdog: hpwdt: Remove spinlock acquire and BIOS calls from NMI context Ingo Molnar
2018-02-14 9:38 ` Peter Zijlstra
2018-02-14 10:39 ` Ingo Molnar
2018-02-14 9:44 ` Borislav Petkov
2018-02-14 18:13 ` Jerry Hoemann
2018-02-14 23:17 ` Ingo Molnar
2018-02-15 17:44 ` Jerry Hoemann
2018-02-15 19:02 ` Ingo Molnar
2018-02-15 19:48 ` Peter Zijlstra
2018-02-16 18:44 ` [tip:x86/pti] x86/speculation: Use IBRS if available before calling into firmware Tim Chen
2018-02-16 19:16 ` David Woodhouse
2018-02-16 23:46 ` Tim Chen
2018-02-17 10:26 ` Ingo Molnar
2018-02-19 9:20 ` Peter Zijlstra
2018-02-19 9:29 ` David Woodhouse
2018-02-19 9:39 ` Ingo Molnar
2018-02-19 9:44 ` David Woodhouse
2018-02-19 10:08 ` Peter Zijlstra
2018-02-19 9:36 ` Ingo Molnar
2018-02-12 8:27 ` [PATCH v2 0/6] Spectre v2 updates Paolo Bonzini
2018-02-13 7:59 ` Ingo Molnar
2018-02-19 10:50 [PATCH v3 1/4] x86/speculation: Use IBRS if available before calling into firmware David Woodhouse
2018-02-20 10:29 ` [tip:x86/pti] " tip-bot for David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180212055948.GA3281@afzalpc \
--to=afzal.mohd.ma@gmail.com \
--cc=dwmw@amazon.co.uk \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.