All of lore.kernel.org
 help / color / mirror / Atom feed
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [patch V9 00/16] SSB
Date: Tue, 1 May 2018 14:12:44 -0400	[thread overview]
Message-ID: <20180501181244.GA14888@char.us.oracle.com> (raw)
In-Reply-To: <20180501152420.785133537@linutronix.de>

On Tue, May 01, 2018 at 05:24:20PM +0200, speck for Thomas Gleixner wrote:
> Changes vs. V8:
> 
> Addressed review feed back and added Linus variant of
> alternative_write_msr().
> 
>  - Use EINVAL in the prctl
> 
>  - Fix the sbb typos
> 
>  - Make AMD default to prctl as well (Borislav)
> 
>  - Add the not affected CPU types (Tim)
> 
> I've updated the git repository as well
> 
>   ssh://git@cvs.ou.linutronix.de/linux/speck/linux master (forced update)
> 
> There are also two stable backport branches now:
> 
>   ssh://git@cvs.ou.linutronix.de/linux/speck/linux linux-4.16.y
> 
>   ssh://git@cvs.ou.linutronix.de/linux/speck/linux linux-4.14.y
> 
> 
> Delta patch against V8 below. Git bundle against 4.17-rc3 follows in
> separate mail.

On my Skylake box this does what is expected:

4
RHEL-64 <root@instance-20180426-1449:/home/opc> dmesg | grep -i spec
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.17.0-rc3-v9+ root=UUID=533fa2dd-5b2f-4964-aa99-5ab349614dcd ro crashkernel=auto LANG=en_US.UTF-8 transparent_hugepage=never console=tty0 console=ttyS0,9600 rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi iscsi_param=node.session.timeo.replacement_timeout=6000 net.ifnames=1 nvme_core.shutdown_timeout=10 ipmi_si.tryacpi=0 ipmi_si.trydmi=0 ipmi_si.trydefaults=0 network-config=e2NvbmZpZzogZGlzYWJsZWR9Cg== spec_store_bypass_disable=on
[    0.000000] please specify mtrr_gran_size/mtrr_chunk_size
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.17.0-rc3-v9+ root=UUID=533fa2dd-5b2f-4964-aa99-5ab349614dcd ro crashkernel=auto LANG=en_US.UTF-8 transparent_hugepage=never console=tty0 console=ttyS0,9600 rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi iscsi_param=node.session.timeo.replacement_timeout=6000 net.ifnames=1 nvme_core.shutdown_timeout=10 ipmi_si.tryacpi=0 ipmi_si.trydmi=0 ipmi_si.trydefaults=0 network-config=e2NvbmZpZzogZGlzYWJsZWR9Cg== spec_store_bypass_disable=on
[    0.145004] Spectre V2 : Mitigation: Full generic retpoline
[    0.146001] Spectre V2 : Spectre v2 mitigation: Filling RSB on context switch
[    0.147000] Spectre V2 : Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier
[    0.148000] Spectre V2 : Enabling Restricted Speculation for firmware calls
[    0.149004] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled
RHEL-64 <root@instance-20180426-1449:/home/opc> rdmsr 0x48 --all | uniq
4

And I don't see the weird issue that Tim reported?


With the normal:

RHEL-64 <root@instance-20180426-1449:/home/opc> dmesg | grep -i spec
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.17.0-rc3-v9+ root=UUID=533fa2dd-5b2f-4964-aa99-5ab349614dcd ro crashkernel=auto LANG=en_US.UTF-8 transparent_hugepage=never console=tty0 console=ttyS0,9600 rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi iscsi_param=node.session.timeo.replacement_timeout=6000 net.ifnames=1 nvme_core.shutdown_timeout=10 ipmi_si.tryacpi=0 ipmi_si.trydmi=0 ipmi_si.trydefaults=0 network-config=e2NvbmZpZzogZGlzYWJsZWR9Cg== spec_store_bypass_disable=auto
[    0.000000] please specify mtrr_gran_size/mtrr_chunk_size
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.17.0-rc3-v9+ root=UUID=533fa2dd-5b2f-4964-aa99-5ab349614dcd ro crashkernel=auto LANG=en_US.UTF-8 transparent_hugepage=never console=tty0 console=ttyS0,9600 rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi iscsi_param=node.session.timeo.replacement_timeout=6000 net.ifnames=1 nvme_core.shutdown_timeout=10 ipmi_si.tryacpi=0 ipmi_si.trydmi=0 ipmi_si.trydefaults=0 network-config=e2NvbmZpZzogZGlzYWJsZWR9Cg== spec_store_bypass_disable=auto
[    0.146004] Spectre V2 : Mitigation: Full generic retpoline
[    0.147000] Spectre V2 : Spectre v2 mitigation: Filling RSB on context switch
[    0.148000] Spectre V2 : Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier
[    0.149000] Spectre V2 : Enabling Restricted Speculation for firmware calls
[    0.150003] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
RHEL-64 <root@instance-20180426-1449:/home/opc> rdmsr 0x48 --all | uniq
0
RHEL-64 <root@instance-20180426-1449:/home/opc> ./test-prctl 
Initial state
   PR_GET_SPECULATION_CTRL PR_SPEC_STORE_BYPASS r=3
        r=PR_SPEC_PRCTL PR_SPEC_ENABLE 
PR_SET_SPECULATION_CTRL PR_SPEC_DISABLE r=0
        r=  
   PR_GET_SPECULATION_CTRL PR_SPEC_STORE_BYPASS r=5
        r=PR_SPEC_PRCTL  PR_SPEC_DISABLE
PR_SET_SPECULATION_CTRL PR_SPEC_DISABLE r=0
        r=  
   PR_GET_SPECULATION_CTRL PR_SPEC_STORE_BYPASS r=5
        r=PR_SPEC_PRCTL  PR_SPEC_DISABLE
PR_SET_SPECULATION_CTRL PR_SPEC_ENABLE r=0
        r=  
   PR_GET_SPECULATION_CTRL PR_SPEC_STORE_BYPASS r=3
        r=PR_SPEC_PRCTL PR_SPEC_ENABLE 
PR_SET_SPECULATION_CTRL PR_SPEC_ENABLE r=0
        r=  
   PR_GET_SPECULATION_CTRL PR_SPEC_STORE_BYPASS r=3
        r=PR_SPEC_PRCTL PR_SPEC_ENABLE 

Real test-case
PR_SET_SPECULATION_CTRL PR_SPEC_DISABLE r=0
        r=  
   PR_GET_SPECULATION_CTRL PR_SPEC_STORE_BYPASS r=5
        r=PR_SPEC_PRCTL  PR_SPEC_DISABLE

I will fix up the manpage patch and send it out shortly.
> 
> Thanks,
> 
> 	tglx
> 
> 8<-------------------
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index de1ca7510697..29984fd3dd18 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -4052,10 +4052,10 @@
>  			on     - Unconditionally disable Speculative Store Bypass
>  			off    - Unconditionally enable Speculative Store Bypass
>  			auto   - Kernel detects whether the CPU model contains a
> -			         vulnerable implementation of Speculative Store
> -			         Bypass and picks the most appropriate mitigation
> +				 implementation of Speculative Store Bypass and
> +				 picks the most appropriate mitigation
>  			prctl  - Control Speculative Store Bypass for a thread
> -			         via prctl. By default it is enabled. The state
> +				 via prctl. By default it is enabled. The state
>  				 is inherited on fork.
>  
>  			Not specifying this option is equivalent to
> diff --git a/Documentation/userspace-api/spec_ctrl.rst b/Documentation/userspace-api/spec_ctrl.rst
> index 867b8b435baa..8ff39a26a992 100644
> --- a/Documentation/userspace-api/spec_ctrl.rst
> +++ b/Documentation/userspace-api/spec_ctrl.rst
> @@ -56,11 +56,10 @@ Common error codes
>  ======= =================================================================
>  Value   Meaning
>  ======= =================================================================
> -EINVAL  The prctl is not implemented by the architecture
> +EINVAL  The prctl is not implemented by the architecture or unused
> +        prctl(2) arguments are not 0
>  
>  ENODEV  arg2 is selecting a not supported speculation misfeature
> -
> -EUCLEAN The unused prctl() arguments are not 0
>  ======= =================================================================
>  
>  PR_SET_SPECULATION_CTRL error codes
> diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
> index 7a1be0b2c264..023e2edc0f3c 100644
> --- a/arch/x86/include/asm/nospec-branch.h
> +++ b/arch/x86/include/asm/nospec-branch.h
> @@ -259,22 +259,22 @@ static inline void vmexit_fill_RSB(void)
>  #endif
>  }
>  
> -#define alternative_msr_write(_msr, _val, _feature)		\
> -	asm volatile(ALTERNATIVE("",				\
> -				 "movl %[msr], %%ecx\n\t"	\
> -				 "movl %[val], %%eax\n\t"	\
> -				 "movl $0, %%edx\n\t"		\
> -				 "wrmsr",			\
> -				 _feature)			\
> -		     : : [msr] "i" (_msr), [val] "m" (_val)	\
> -		     : "eax", "ecx", "edx", "memory")
> +static __always_inline
> +void alternative_msr_write(unsigned int msr, u64 val, unsigned int feature)
> +{
> +	asm volatile(ALTERNATIVE("", "wrmsr", %c[feature])
> +		: : "c" (msr),
> +		    "a" (val),
> +		    "d" (val >> 32),
> +		    [feature] "i" (feature)
> +		: "memory");
> +}
>  
>  static inline void indirect_branch_prediction_barrier(void)
>  {
>  	u64 val = PRED_CMD_IBPB;
>  
> -	alternative_msr_write(MSR_IA32_PRED_CMD, val,
> -			      X86_FEATURE_USE_IBPB);
> +	alternative_msr_write(MSR_IA32_PRED_CMD, val, X86_FEATURE_USE_IBPB);
>  }
>  
>  /*
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index d52ccd0ce507..c28856e475c8 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -476,11 +476,6 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
>  
>  	switch (cmd) {
>  	case SPEC_STORE_BYPASS_CMD_AUTO:
> -		/*
> -		 * AMD platforms by default don't need SSB mitigation.
> -		 */
> -		if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
> -			break;
>  		/* Choose prctl as the default mode */
>  		mode = SPEC_STORE_BYPASS_PRCTL;
>  		break;
> @@ -531,7 +526,7 @@ static void ssb_select_mitigation()
>  
>  #undef pr_fmt
>  
> -static int sbb_prctl_set(unsigned long ctrl)
> +static int ssb_prctl_set(unsigned long ctrl)
>  {
>  	bool rds = !!test_tsk_thread_flag(current, TIF_RDS);
>  
> @@ -549,7 +544,7 @@ static int sbb_prctl_set(unsigned long ctrl)
>  	return 0;
>  }
>  
> -static int sbb_prctl_get(void)
> +static int ssb_prctl_get(void)
>  {
>  	switch (ssb_mode) {
>  	case SPEC_STORE_BYPASS_DISABLE:
> @@ -572,7 +567,7 @@ int arch_prctl_set_spec_ctrl(unsigned long which, unsigned long ctrl)
>  
>  	switch (which) {
>  	case PR_SPEC_STORE_BYPASS:
> -		return sbb_prctl_set(ctrl);
> +		return ssb_prctl_set(ctrl);
>  	default:
>  		return -ENODEV;
>  	}
> @@ -582,7 +577,7 @@ int arch_prctl_get_spec_ctrl(unsigned long which)
>  {
>  	switch (which) {
>  	case PR_SPEC_STORE_BYPASS:
> -		return sbb_prctl_get();
> +		return ssb_prctl_get();
>  	default:
>  		return -ENODEV;
>  	}
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index c3b53bc30a29..6101e3dba2f6 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -931,6 +931,9 @@ static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = {
>  	{ X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_CEDARVIEW },
>  	{ X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_SILVERMONT1 },
>  	{ X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_AIRMONT },
> +	{ X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_SILVERMONT2 },
> +	{ X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_MERRIFIELD },
> +	{ X86_VENDOR_INTEL,     6, INTEL_FAM6_CORE_YONAH },
>  	{ X86_VENDOR_INTEL,     6, INTEL_FAM6_XEON_PHI_KNL },
>  	{ X86_VENDOR_INTEL,     6, INTEL_FAM6_XEON_PHI_KNM },
>  	{ X86_VENDOR_CENTAUR,	5 },
> diff --git a/kernel/sys.c b/kernel/sys.c
> index 8bb8051bd9a1..d7afe29319f1 100644
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -2464,15 +2464,13 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
>  		break;
>  	case PR_SET_SPECULATION_CTRL:
>  		if (arg4 || arg5)
> -			error = -EUCLEAN;
> -		else
> -			error = arch_prctl_set_spec_ctrl(arg2, arg3);
> +			return -EINVAL;
> +		error = arch_prctl_set_spec_ctrl(arg2, arg3);
>  		break;
>  	case PR_GET_SPECULATION_CTRL:
>  		if (arg3 || arg4 || arg5)
> -			error = -EUCLEAN;
> -		else
> -			error = arch_prctl_get_spec_ctrl(arg2);
> +			return -EINVAL;
> +		error = arch_prctl_get_spec_ctrl(arg2);
>  		break;
>  	default:
>  		error = -EINVAL;
> 

  parent reply	other threads:[~2018-05-01 18:12 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-01 15:24 [patch V9 00/16] SSB 0 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 01/16] SSB 1 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 02/16] SSB 2 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 03/16] SSB 3 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 04/16] SSB 4 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 05/16] SSB 5 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 06/16] SSB 6 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 07/16] SSB 7 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 08/16] SSB 8 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 09/16] SSB 9 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 10/16] SSB 10 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 11/16] SSB 11 Thomas Gleixner
2018-05-01 19:26   ` Thomas Gleixner
2018-05-01 15:24 ` [patch V9 12/16] SSB 12 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 13/16] SSB 13 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 14/16] SSB 14 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 15/16] SSB 15 Thomas Gleixner
2018-05-01 15:24 ` [patch V9 16/16] SSB 16 Thomas Gleixner
2018-05-01 15:40 ` [patch V9 00/16] SSB Thomas Gleixner
2018-05-01 15:51 ` [patch V9 00/16] SSB 0 - Bundle Thomas Gleixner
2018-05-01 16:11 ` [patch V9 00/16] SSB Thomas Gleixner
2018-05-01 17:22 ` [MODERATED] " Tim Chen
2018-05-01 17:28   ` Thomas Gleixner
2018-05-01 17:31   ` [MODERATED] " Linus Torvalds
2018-05-01 17:36     ` Thomas Gleixner
2018-05-01 19:14       ` [MODERATED] " Borislav Petkov
2018-05-01 19:20   ` Thomas Gleixner
2018-05-01 19:24   ` Thomas Gleixner
2018-05-01 19:28     ` [MODERATED] " Borislav Petkov
2018-05-01 18:12 ` Konrad Rzeszutek Wilk [this message]
2018-05-01 18:30   ` Thomas Gleixner
2018-05-01 22:22     ` [MODERATED] " Konrad Rzeszutek Wilk
2018-05-01 19:28   ` Tim Chen
2018-05-01 21:54     ` Thomas Gleixner
2018-05-01 22:33     ` [MODERATED] " Tim Chen
2018-05-01 22:46       ` Thomas Gleixner
2018-05-02  5:08 ` [MODERATED] " Jon Masters

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180501181244.GA14888@char.us.oracle.com \
    --to=konrad.wilk@oracle.com \
    --cc=speck@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.