[PATCH] x86/speculation: Update TIF_SPEC_IB before ibpb barrier

From: Zhenzhong Duan <zhenzhong.duan@oracle.com>
To: <linux-kernel@vger.kernel.org>
Cc: <mingo@redhat.com>, <konrad.wilk@oracle.com>, <x86@kernel.org>,
	<tglx@linutronix.de>, <srinivas.eeda@oracle.com>, <bp@suse.de>,
	<tim.c.chen@linux.intel.com>, <peterz@infradead.org>,
	<hpa@zytor.com>
Subject: [PATCH] x86/speculation: Update TIF_SPEC_IB before ibpb barrier
Date: Fri, 18 Jan 2019 03:09:54 -0800 (PST)	[thread overview]
Message-ID: <48a105d3-fa32-40e4-9775-37d49f42eac0@default> (raw)

When a task is set for updating TIF_SPEC_IB throuth SECCOMP by others
and it's scheduled in the first time, a stale TIF_SPEC_IB value is
picked in cond_ibpb(). This is due to TIF_SPEC_IB is updated later at
__switch_to_xtra().

Add an extra call to speculation_ctrl_update_tif() to update it before
IBPB barrier.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
---
 arch/x86/include/asm/spec-ctrl.h | 1 +
 arch/x86/kernel/process.c        | 2 +-
 arch/x86/mm/tlb.c                | 4 +++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
index 5393bab..8b2814a 100644
--- a/arch/x86/include/asm/spec-ctrl.h
+++ b/arch/x86/include/asm/spec-ctrl.h
@@ -82,6 +82,7 @@ static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn)
 static inline void speculative_store_bypass_ht_init(void) { }
 #endif
 
+extern unsigned long speculation_ctrl_update_tif(struct task_struct *tsk);
 extern void speculation_ctrl_update(unsigned long tif);
 extern void speculation_ctrl_update_current(void);
 
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 90ae0ca..454e71d 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -446,7 +446,7 @@ static __always_inline void __speculation_ctrl_update(unsigned long tifp,
 		wrmsrl(MSR_IA32_SPEC_CTRL, msr);
 }
 
-static unsigned long speculation_ctrl_update_tif(struct task_struct *tsk)
+unsigned long speculation_ctrl_update_tif(struct task_struct *tsk)
 {
 	if (test_and_clear_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE)) {
 		if (task_spec_ssb_disable(tsk))
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 999d6d8..c0f3fcf 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -8,6 +8,7 @@
 #include <linux/cpu.h>
 #include <linux/debugfs.h>
 
+#include <asm/spec-ctrl.h>
 #include <asm/tlbflush.h>
 #include <asm/mmu_context.h>
 #include <asm/nospec-branch.h>
@@ -190,7 +191,8 @@ static void sync_current_stack_to_mm(struct mm_struct *mm)
 
 static inline unsigned long mm_mangle_tif_spec_ib(struct task_struct *next)
 {
-	unsigned long next_tif = task_thread_info(next)->flags;
+	/* Update the flag bits to newest value actively */
+	unsigned long next_tif = speculation_ctrl_update_tif(next);
 	unsigned long ibpb = (next_tif >> TIF_SPEC_IB) & LAST_USER_MM_IBPB;
 
 	return (unsigned long)next->mm | ibpb;
-- 
1.8.3.1
