From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41C5EC43334 for ; Thu, 14 Jul 2022 23:15:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240678AbiGNXPi (ORCPT ); Thu, 14 Jul 2022 19:15:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229481AbiGNXPh (ORCPT ); Thu, 14 Jul 2022 19:15:37 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 937AD70E52; Thu, 14 Jul 2022 16:15:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1657840536; x=1689376536; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=H72vDAfPb/FZ8kn2h1SLYLPaWmLyKQvlwofVuzFDncI=; b=V90tkd6ftmY8KikbwIimUrh8Q0SqrRur5Nr8gQD3gG0fnbIhEv4UaYxQ nNM0eZDHHQ4vFqC7aFZFa3j02F7VJIRsubh3Or2/deTgQBcB+hCNDafgL TTd6qNg+h5kHlutl99rlvB5iNx3Gkq/KUkb3Yi2hKjjBmxFXR7sKOkcgh zyRNSTA+0NnMnS82/yz+zk5pvOQ6SNG0VEW04Gr8NvLtpouMjWDUAyHk1 3fP6zs3RkVijNuMS3UcEzE4nwW/gI7F+PFYiXGoxNz39kvLkZGC7uJUCK gFOdszqyD/rgWuhG/yExcgNVmCHnq9jNNA28W0kJVkmmltvyIS8/1fFn9 Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10408"; a="286390807" X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="286390807" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2022 16:15:36 -0700 X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="546446644" Received: from jacobode-mobl.amr.corp.intel.com (HELO desk) ([10.212.243.89]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2022 16:15:35 -0700 Date: Thu, 14 Jul 2022 16:15:35 -0700 From: Pawan Gupta To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Daniel Sneddon , antonio.gomez.iglesias@linux.intel.com, Josh Poimboeuf Subject: [PATCH v2] x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts Message-ID: <2a5eaf54583c2bfe0edc4fea64006656256cca17.1657814857.git.pawan.kumar.gupta@linux.intel.com> References: <0456b35fb9ef957d9a9138e0913fb1a3fd445dff.1657747493.git.pawan.kumar.gupta@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <0456b35fb9ef957d9a9138e0913fb1a3fd445dff.1657747493.git.pawan.kumar.gupta@linux.intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org IBRS mitigation for spectre_v2 forces write to MSR_IA32_SPEC_CTRL at every kernel entry/exit. On Enhanced IBRS parts setting MSR_IA32_SPEC_CTRL[IBRS] only once at boot is sufficient. MSR writes at every kernel entry/exit incur unnecessary performance loss. When Enhanced IBRS feature is present, print a warning about this unnecessary performance loss. Signed-off-by: Pawan Gupta --- v1->v2: Instead of changing the mitigation, print a warning about the perf loss. v1: https://lore.kernel.org/lkml/0456b35fb9ef957d9a9138e0913fb1a3fd445dff.1657747493.git.pawan.kumar.gupta@linux.intel.com/ arch/x86/kernel/cpu/bugs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0dd04713434b..1c54fad3c54b 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -975,6 +975,7 @@ static inline const char *spectre_v2_module_string(void) { return ""; } #define SPECTRE_V2_LFENCE_MSG "WARNING: LFENCE mitigation is not recommended for this CPU, data leaks possible!\n" #define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n" #define SPECTRE_V2_EIBRS_LFENCE_EBPF_SMT_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS+LFENCE mitigation and SMT, data leaks possible via Spectre v2 BHB attacks!\n" +#define SPECTRE_V2_IBRS_PERF_MSG "WARNING: IBRS mitigation selected on Enhanced IBRS CPU, this may cause unnecessary performance loss\n" #ifdef CONFIG_BPF_SYSCALL void unpriv_ebpf_notify(int new_state) @@ -1415,6 +1416,8 @@ static void __init spectre_v2_select_mitigation(void) case SPECTRE_V2_IBRS: setup_force_cpu_cap(X86_FEATURE_KERNEL_IBRS); + if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) + pr_warn(SPECTRE_V2_IBRS_PERF_MSG); break; case SPECTRE_V2_LFENCE: base-commit: 4a57a8400075bc5287c5c877702c68aeae2a033d -- 2.35.3