From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bp@alien8.de>
X-Google-Smtp-Source: AH8x226AvWkTgq7KOb8Z0p+54/UrRmUyhnPvDXG6hlOukcCdCSVprAcv7WdLIv4v1KDqylSCGQ4U
ARC-Seal: i=1; a=rsa-sha256; t=1516747223; cv=none;
        d=google.com; s=arc-20160816;
        b=ICX5HxkA7901ZLQMJxRyHkOfXl2u50yrbgz0iyWvK5FbuNCPeL0x8/26zcJdd2A/HC
         HPTGyrYifwFagelYNc64p30g1o+C/DowT3LAT4ZuPucgyjf4z/CYSl4sfzwf36kyz91M
         nFUvlV+pbElNfpTEcjzM4ZGOlDZD/62uvGI8pXya3H/BLzqP1fPntcJPFJ4mVOejQFFC
         3wATI+1lKPzTucVyPUme70/UzP/7Sq87/OPs7EXkn5jteVGOEpGkhC54yryIpGL31CN2
         gQoOMkzLsKe/ybiP+LLgVJ2SOMO/JEsO5fDO/ZDIW/Hcs5CDoYefDJqxSXh0dLVk7kIt
         fqCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :message-id:subject:cc:to:from:date:arc-authentication-results;
        bh=VH54uWB3or34gS7mayy0/K3srBHnRUbw5h+GnwC4bRY=;
        b=iHRdNVMkNx6luvaqJOITvEo693EwD5Piy1jQsyql+Q8nnVk2JDH4CWHSNaw3fn48nR
         ed1ClXAPwCXuLM+bm+3trTW64ml8p98ABopx/ktyzZnEvsxRhxuyMwQAhoKqF9tNBeNT
         HF9pTH35lrUp9bHs7INaxCvflK7vIPxJ06m3tK2OY/opMF6zHRHpzJNsDmPrpTg/glwh
         zlLERWmCHpjyn9RcfszwNMQdhrUqQuzbIIe0ERuJTYsoQ8HmRN2Um9PDl9V3Mf44ykxi
         Ayzt9jp7UHktjxrINMGmaEsHrle+Op+V6CptoGSnFM1ncHfpGP17VYhpIKjU2YMoQ+E9
         9rNA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of bp@alien8.de designates 2a01:4f8:190:11c2::b:1457 as permitted sender) smtp.mailfrom=bp@alien8.de
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of bp@alien8.de designates 2a01:4f8:190:11c2::b:1457 as permitted sender) smtp.mailfrom=bp@alien8.de
Date: Tue, 23 Jan 2018 23:40:14 +0100
From: Borislav Petkov <bp@alien8.de>
To: David Woodhouse <dwmw@amazon.co.uk>
Cc: Andi Kleen <ak@linux.intel.com>, Paul Turner <pjt@google.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Greg Kroah-Hartman <gregkh@linux-foundation.org>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Dave Hansen <dave.hansen@intel.com>, tglx@linutronix.de,
	Kees Cook <keescook@google.com>, Rik van Riel <riel@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Andy Lutomirski <luto@amacapital.net>,
	Jiri Kosina <jikos@kernel.org>, gnomes@lxorguk.ukuu.org.uk,
	x86@kernel.org, thomas.lendacky@amd.com,
	Josh Poimboeuf <jpoimboe@redhat.com>
Subject: Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select
 Spectre v2 mitigation
Message-ID: <20180123224014.dsbzps4hydt6h7ed@pd.tnic>
References: <1515707194-20531-1-git-send-email-dwmw@amazon.co.uk>
 <1515707194-20531-5-git-send-email-dwmw@amazon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <1515707194-20531-5-git-send-email-dwmw@amazon.co.uk>
User-Agent: NeoMutt/20170609 (1.8.3)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1589334464875796449?=
X-GMAIL-MSGID: =?utf-8?q?1590424736222011086?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On Thu, Jan 11, 2018 at 09:46:26PM +0000, David Woodhouse wrote:
> Add a spectre_v2= option to select the mitigation used for the indirect
> branch speculation vulnerability.
> 
> Currently, the only option available is retpoline, in its various forms.
> This will be expanded to cover the new IBRS/IBPB microcode features.
> 
> The RETPOLINE_AMD feature relies on a serializing LFENCE for speculation
> control. For AMD hardware, only set RETPOLINE_AMD if LFENCE is a
> serializing instruction, which is indicated by the LFENCE_RDTSC feature.
> 
> [ tglx: Folded back the LFENCE/AMD fixes and reworked it so IBRS
>   	integration becomes simple ]

...

> +static inline bool retp_compiler(void)
> +{
> +	return __is_defined(RETPOLINE);
> +}

Btw, this came up today: do we have an idea how to detect objects built
with gcc which has retpoline support?

The only way I could think of is boot the respective kernel and stare at
dmesg:

[    0.064006] Spectre V2 mitigation: LFENCE not serializing. Switching to generic retpoline
[    0.068003] Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline

and then deduce that it is not a retpoline-enabled compiler:

> +retpoline_auto:
> +	if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) {
> +	retpoline_amd:
> +		if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {
> +			pr_err("LFENCE not serializing. Switching to generic retpoline\n");
> +			goto retpoline_generic;
> +		}
> +		mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD :
> +					 SPECTRE_V2_RETPOLINE_MINIMAL_AMD;
> +		setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD);
> +		setup_force_cpu_cap(X86_FEATURE_RETPOLINE);
> +	} else {
> +	retpoline_generic:
> +		mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC :
> +					 SPECTRE_V2_RETPOLINE_MINIMAL;
					^^^^^^^^^^^^^^^^^^^^^^^^^^^^

but that might not always be an option.

And it probably should be a more reliable method which we probably could
use to detect !retpolined modules too.

Hmmm.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.