From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jpoimboe@redhat.com>
X-Google-Smtp-Source: ACJfBov4OaxQ1d2sa/JfGEvm+yT8PZjiN8U5UMESQO11ZxmlPbXKta/HS/dYEdIhM1qFTr2r28BB
ARC-Seal: i=1; a=rsa-sha256; t=1516293476; cv=none;
        d=google.com; s=arc-20160816;
        b=V/rft8KVd6Zyml4IBnVCn91hQ2Uc+DcwMKBd+9PC5YshwoUmfjQrTIVRRRwYHcmGDF
         om47zL1b3okXsCCHh1GEIzO5EqsNPefwZFaDQl3QijU6EczveUVHVCa0c65XFQBsRe6N
         qbyBLt8kyyrrchgCid6w8OUNALVdqxwn3IbOXBXS7y8qM9X5jOpegC4ATFqQvCR/wzUA
         cX2I3kkKaK9dkx7TWivmrOKnjsQXDQJLmeRFB3vfaNTSoVc7HVNtlcK9VzpqtN8MVOje
         Rj7Thtm0QcKYfDSS0nH/9nG/Q7M7WQ9p0j1liqyHvpeNtauEVda7Do97H7SMvNEBljK4
         MahQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :message-id:subject:cc:to:from:date:arc-authentication-results;
        bh=BHn73+l1dR80d8BcY92EyI7lXaSn2wqLljnm9Tfy8og=;
        b=hHfjYq0jYLQv/PEGT4pcSNs1/tfKIbH3/FGjvNnGSbuLdeAeDHZt2GBD/8rt6IHgPW
         M4sIvQAFuORn3wufu1bU5zobE/yQwVrQVg9oKAfpNx8aCsjCPXN/iOEsvc0CNMu5dfRV
         qG3A2EGU/DvJEO1whRQedSg9g2meFCnbBPYyUJ/tHgKOT2iFsgbt3+ZqpKmmAuyBfAtm
         kTcFvZxtd/6BqPGQT19ijfiOT7fAob39FnwqsAtVbjJCo/VPMQBm/izKRngeyxhgAX5e
         cPO55KQLDXelv5Yfv/o3hoayrzrnp+gefHuxSf5QJ/xxciG7uU9GjCbE3Uz8gifuS/eW
         Uzqg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jpoimboe@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=jpoimboe@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jpoimboe@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=jpoimboe@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Date: Thu, 18 Jan 2018 10:37:45 -0600
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: David Woodhouse <dwmw2@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>, linux-kernel@vger.kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Ashok Raj <ashok.raj@intel.com>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Andy Lutomirski <luto@kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Greg KH <gregkh@linuxfoundation.org>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Andi Kleen <ak@linux.intel.com>,
	Arjan Van De Ven <arjan.van.de.ven@intel.com>,
	Dan Williams <dan.j.williams@intel.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Jun Nakajima <jun.nakajima@intel.com>,
	Asit Mallick <asit.k.mallick@intel.com>,
	Jason Baron <jbaron@akamai.com>
Subject: Re: [PATCH 23/35] x86/speculation: Add basic speculation control code
Message-ID: <20180118163745.t5nmwdr53wjsl7o5@treble>
References: <20180118134800.711245485@infradead.org>
 <20180118140152.830682032@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20180118140152.830682032@infradead.org>
User-Agent: Mutt/1.6.0.1 (2016-04-01)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-LABELS: =?utf-8?b?IlxcSW1wb3J0YW50Ig==?=
X-GMAIL-THRID: =?utf-8?q?1589948948566960870?=
X-GMAIL-MSGID: =?utf-8?q?1589948948566960870?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On Thu, Jan 18, 2018 at 02:48:23PM +0100, Peter Zijlstra wrote:
> From: Thomas Gleixner <tglx@linutronix.de>
> 
> Add the minimal infrastructure to control the speculation control feature.
> 
>  - Integrate it into the spectre_v2 coammand line parser and the mitigation
>    selector function. The conditional selector function is a placeholder
>    right now, which needs to be expanded with CPU specific decision
>    functions.
> 
>  - Provide a static key for the actual code control.
> 
>  - Provide a init function which is called after jump label patching is
>    functional.
> 
>  - Provide an interface for the late micro code loader to allow late
>    discovery of the IBRS support. Not yet functional.
> 
> [peterz: fixed Makefile]
> 
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
>  Documentation/admin-guide/kernel-parameters.txt |    1 
>  arch/x86/include/asm/nospec-branch.h            |    5 +++
>  arch/x86/kernel/cpu/Makefile                    |    1 
>  arch/x86/kernel/cpu/bugs.c                      |   26 +++++++++++++++++-
>  arch/x86/kernel/cpu/specctrl.c                  |   33 ++++++++++++++++++++++++
>  5 files changed, 64 insertions(+), 2 deletions(-)
> 
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -3932,6 +3932,7 @@
>  			retpoline	  - replace indirect branches
>  			retpoline,generic - google's original retpoline
>  			retpoline,amd     - AMD-specific minimal thunk
> +			ibrs		  - Intel: Indirect Branch Restricted Speculation

Are there plans to add spectre_v2=ibrs_always to prevent SMT-based
attacks?

> --- /dev/null
> +++ b/arch/x86/kernel/cpu/specctrl.c
> @@ -0,0 +1,33 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +#include <asm/cpufeature.h>
> +#include <asm/cpufeatures.h>
> +#include <asm/nospec-branch.h>
> +
> +static inline void specctrl_enable_ibrs(void)
> +{
> +	setup_force_cpu_cap(X86_FEATURE_IBRS);
> +}

"spec_ctrl" seems much more readable than specctrl (for both function
and file names).  And also more consistent with the SPEC_CTRL MSR and
FEATURE names.

-- 
Josh