From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: KarimAllah Ahmed <karahmed@amazon.de>,
Mihai Carabas <mihai.carabas@oracle.com>
Cc: linux-kernel@vger.kernel.org, "Andi Kleen" <ak@linux.intel.com>,
"Andrea Arcangeli" <aarcange@redhat.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Arjan van de Ven" <arjan@linux.intel.com>,
"Ashok Raj" <ashok.raj@intel.com>,
"Asit Mallick" <asit.k.mallick@intel.com>,
"Borislav Petkov" <bp@suse.de>,
"Dan Williams" <dan.j.williams@intel.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"H . Peter Anvin" <hpa@zytor.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Janakarajan Natarajan" <Janakarajan.Natarajan@amd.com>,
"Joerg Roedel" <joro@8bytes.org>,
"Jun Nakajima" <jun.nakajima@intel.com>,
"Laura Abbott" <labbott@redhat.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Tim Chen" <tim.c.chen@linux.intel.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
kvm@vger.kernel.org, x86@kernel.org
Subject: Re: [RFC 00/10] Speculation Control feature support
Date: Sun, 21 Jan 2018 09:02:05 -0500 [thread overview]
Message-ID: <20180121140205.GB21306@char.us.oracle.com> (raw)
In-Reply-To: <1516476182-5153-1-git-send-email-karahmed@amazon.de>
On Sat, Jan 20, 2018 at 08:22:51PM +0100, KarimAllah Ahmed wrote:
> Start using the newly-added microcode features for speculation control on both
> Intel and AMD CPUs to protect against Spectre v2.
Thank you posting these.
>
> This patch series covers interrupts, system calls, context switching between
> processes, and context switching between VMs. It also exposes Indirect Branch
> Prediction Barrier MSR, aka IBPB MSR, to KVM guests.
>
> TODO:
>
> - Introduce a microcode blacklist to disable the feature for broken microcodes.
> - Restrict/Unrestrict the speculation (by toggling IBRS) around VMExit and
> VMEnter for KVM and expose IBRS to guests.
>
Depend on what we expose to the guest. That is if the guest is not suppose to have this exposed
(say cpuid 27 bit is not exposed) then trap on the MSR (and give an #GP)?
Mihai (CC-ed) is working on this, when ready he can post an patch against this tree?
> Ashok Raj (1):
> x86/kvm: Add IBPB support
>
> David Woodhouse (1):
> x86/speculation: Add basic IBRS support infrastructure
>
> KarimAllah Ahmed (1):
> x86: Simplify spectre_v2 command line parsing
>
> Thomas Gleixner (4):
> x86/speculation: Add basic support for IBPB
> x86/speculation: Use Indirect Branch Prediction Barrier in context
> switch
> x86/speculation: Add inlines to control Indirect Branch Speculation
> x86/idle: Control Indirect Branch Speculation in idle
>
> Tim Chen (3):
> x86/mm: Only flush indirect branches when switching into non dumpable
> process
> x86/enter: Create macros to restrict/unrestrict Indirect Branch
> Speculation
> x86/enter: Use IBRS on syscall and interrupts
>
> Documentation/admin-guide/kernel-parameters.txt | 1 +
> arch/x86/entry/calling.h | 73 ++++++++++
> arch/x86/entry/entry_64.S | 35 ++++-
> arch/x86/entry/entry_64_compat.S | 21 ++-
> arch/x86/include/asm/cpufeatures.h | 2 +
> arch/x86/include/asm/mwait.h | 14 ++
> arch/x86/include/asm/nospec-branch.h | 54 ++++++-
> arch/x86/kernel/cpu/bugs.c | 183 +++++++++++++++---------
> arch/x86/kernel/process.c | 14 ++
> arch/x86/kvm/svm.c | 14 ++
> arch/x86/kvm/vmx.c | 4 +
> arch/x86/mm/tlb.c | 21 ++-
> 12 files changed, 359 insertions(+), 77 deletions(-)
>
>
> Cc: Andi Kleen <ak@linux.intel.com>
> Cc: Andrea Arcangeli <aarcange@redhat.com>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Arjan van de Ven <arjan@linux.intel.com>
> Cc: Ashok Raj <ashok.raj@intel.com>
> Cc: Asit Mallick <asit.k.mallick@intel.com>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Dave Hansen <dave.hansen@intel.com>
> Cc: David Woodhouse <dwmw@amazon.co.uk>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: H. Peter Anvin <hpa@zytor.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
> Cc: Joerg Roedel <joro@8bytes.org>
> Cc: Jun Nakajima <jun.nakajima@intel.com>
> Cc: Laura Abbott <labbott@redhat.com>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Masami Hiramatsu <mhiramat@kernel.org>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Radim Krčmář <rkrcmar@redhat.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Tim Chen <tim.c.chen@linux.intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: kvm@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: x86@kernel.org
>
> --
> 2.7.4
>
next prev parent reply other threads:[~2018-01-21 14:02 UTC|newest]
Thread overview: 135+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-20 19:22 [RFC 00/10] Speculation Control feature support KarimAllah Ahmed
2018-01-20 19:22 ` [RFC 01/10] x86/speculation: Add basic support for IBPB KarimAllah Ahmed
2018-01-20 19:22 ` [RFC 02/10] x86/kvm: Add IBPB support KarimAllah Ahmed
2018-01-20 20:18 ` Woodhouse, David
2018-01-22 18:56 ` Jim Mattson
2018-01-22 19:31 ` Jim Mattson
2018-01-20 19:22 ` [RFC 03/10] x86/speculation: Use Indirect Branch Prediction Barrier in context switch KarimAllah Ahmed
2018-01-20 19:22 ` [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process KarimAllah Ahmed
2018-01-20 21:06 ` Woodhouse, David
2018-01-22 18:29 ` Tim Chen
2018-01-21 11:22 ` Peter Zijlstra
2018-01-21 12:04 ` David Woodhouse
2018-01-21 14:07 ` H.J. Lu
2018-01-22 10:19 ` Peter Zijlstra
2018-01-22 10:23 ` David Woodhouse
2018-01-21 16:21 ` Ingo Molnar
2018-01-21 16:25 ` Arjan van de Ven
2018-01-21 22:20 ` Woodhouse, David
2018-01-29 6:35 ` Jon Masters
2018-01-29 14:07 ` Peter Zijlstra
2018-01-20 19:22 ` [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure KarimAllah Ahmed
2018-01-21 14:31 ` Thomas Gleixner
2018-01-21 14:56 ` Borislav Petkov
2018-01-22 9:51 ` Peter Zijlstra
2018-01-22 12:06 ` Borislav Petkov
2018-01-22 13:30 ` Greg Kroah-Hartman
2018-01-22 13:37 ` Woodhouse, David
2018-01-21 15:25 ` David Woodhouse
2018-01-23 20:58 ` David Woodhouse
2018-01-23 22:43 ` Johannes Erdfelt
2018-01-24 8:47 ` Peter Zijlstra
2018-01-24 9:02 ` David Woodhouse
2018-01-24 9:10 ` Greg Kroah-Hartman
2018-01-24 15:09 ` Arjan van de Ven
2018-01-24 15:18 ` David Woodhouse
2018-01-24 9:34 ` Peter Zijlstra
2018-01-24 10:49 ` Henrique de Moraes Holschuh
2018-01-24 12:30 ` David Woodhouse
2018-01-24 12:14 ` David Woodhouse
2018-01-24 12:29 ` Peter Zijlstra
2018-01-24 12:58 ` David Woodhouse
2018-01-29 20:14 ` [RFC,05/10] " Eduardo Habkost
2018-01-29 20:17 ` David Woodhouse
2018-01-29 20:42 ` Eduardo Habkost
2018-01-29 20:44 ` Arjan van de Ven
2018-01-29 21:02 ` David Woodhouse
2018-01-29 21:37 ` Jim Mattson
2018-01-29 21:50 ` Eduardo Habkost
2018-01-29 22:12 ` Jim Mattson
2018-01-30 1:22 ` Eduardo Habkost
2018-01-29 22:25 ` Andi Kleen
2018-01-30 1:37 ` Eduardo Habkost
2018-01-29 21:37 ` Andi Kleen
2018-01-29 21:44 ` Eduardo Habkost
2018-01-29 22:10 ` Konrad Rzeszutek Wilk
2018-01-30 1:12 ` Eduardo Habkost
2018-01-30 0:23 ` Linus Torvalds
2018-01-30 1:03 ` Jim Mattson
2018-01-30 3:13 ` Andi Kleen
2018-01-31 15:03 ` Paolo Bonzini
2018-01-31 15:07 ` Dr. David Alan Gilbert
2018-01-30 1:32 ` Arjan van de Ven
2018-01-30 3:32 ` Linus Torvalds
2018-01-30 12:04 ` Eduardo Habkost
2018-01-30 13:54 ` Arjan van de Ven
2018-01-30 8:22 ` David Woodhouse
2018-01-30 11:35 ` David Woodhouse
2018-01-30 11:56 ` Dr. David Alan Gilbert
2018-01-30 12:11 ` Christian Borntraeger
2018-01-30 14:46 ` Christophe de Dinechin
2018-01-30 14:52 ` Christian Borntraeger
2018-01-30 14:56 ` Christophe de Dinechin
2018-01-30 15:33 ` Christian Borntraeger
2018-01-30 20:46 ` Alan Cox
2018-01-31 10:05 ` Christophe de Dinechin
2018-01-31 10:15 ` Thomas Gleixner
2018-01-31 11:04 ` Dr. David Alan Gilbert
2018-01-31 11:52 ` Borislav Petkov
2018-01-31 12:30 ` Dr. David Alan Gilbert
2018-01-31 13:18 ` Borislav Petkov
2018-01-31 14:04 ` Dr. David Alan Gilbert
2018-01-31 14:44 ` Eduardo Habkost
2018-01-31 16:28 ` Borislav Petkov
2018-01-31 11:07 ` Christophe de Dinechin
2018-01-31 15:00 ` Eduardo Habkost
2018-01-31 15:11 ` Arjan van de Ven
2018-01-31 10:03 ` [RFC 05/10] " Christophe de Dinechin
2018-01-20 19:22 ` [RFC 06/10] x86/speculation: Add inlines to control Indirect Branch Speculation KarimAllah Ahmed
2018-01-20 19:22 ` [RFC 07/10] x86: Simplify spectre_v2 command line parsing KarimAllah Ahmed
2018-01-20 19:22 ` [RFC 08/10] x86/idle: Control Indirect Branch Speculation in idle KarimAllah Ahmed
2018-01-20 19:23 ` [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation KarimAllah Ahmed
2018-01-21 19:14 ` Andy Lutomirski
2018-01-23 16:12 ` Tom Lendacky
2018-01-23 16:20 ` Woodhouse, David
2018-01-23 22:37 ` Tom Lendacky
2018-01-23 22:49 ` Andi Kleen
2018-01-23 23:14 ` Woodhouse, David
2018-01-23 23:22 ` Andi Kleen
2018-01-24 0:47 ` Tim Chen
2018-01-24 1:00 ` Andy Lutomirski
2018-01-24 1:22 ` David Woodhouse
2018-01-24 1:59 ` Van De Ven, Arjan
2018-01-24 3:25 ` Andy Lutomirski
2018-01-21 19:34 ` Linus Torvalds
2018-01-21 20:28 ` David Woodhouse
2018-01-21 21:35 ` Linus Torvalds
2018-01-21 22:00 ` David Woodhouse
2018-01-21 22:27 ` Linus Torvalds
2018-01-22 16:27 ` David Woodhouse
2018-01-23 7:29 ` Ingo Molnar
2018-01-23 7:53 ` Ingo Molnar
2018-01-23 9:27 ` Ingo Molnar
2018-01-23 9:37 ` David Woodhouse
2018-01-23 15:01 ` Dave Hansen
2018-01-23 9:30 ` David Woodhouse
2018-01-23 10:15 ` Ingo Molnar
2018-01-23 10:27 ` David Woodhouse
2018-01-23 10:44 ` Ingo Molnar
2018-01-23 10:57 ` David Woodhouse
2018-01-23 10:23 ` Ingo Molnar
2018-01-23 10:35 ` David Woodhouse
2018-02-04 18:43 ` Thomas Gleixner
2018-02-04 20:22 ` David Woodhouse
2018-02-06 9:14 ` David Woodhouse
2018-01-25 16:19 ` Mason
2018-01-25 17:16 ` Greg Kroah-Hartman
2018-01-29 11:59 ` Mason
2018-01-24 0:05 ` Andi Kleen
2018-01-23 20:16 ` Pavel Machek
2018-01-20 19:23 ` [RFC 10/10] x86/enter: Use IBRS on syscall and interrupts KarimAllah Ahmed
2018-01-21 13:50 ` Konrad Rzeszutek Wilk
2018-01-21 14:40 ` KarimAllah Ahmed
2018-01-21 17:22 ` Dave Hansen
2018-01-21 14:02 ` Konrad Rzeszutek Wilk [this message]
2018-01-22 21:27 ` [RFC 00/10] Speculation Control feature support David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180121140205.GB21306@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=Janakarajan.Natarajan@amd.com \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=asit.k.mallick@intel.com \
--cc=bp@suse.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=jun.nakajima@intel.com \
--cc=karahmed@amazon.de \
--cc=kvm@vger.kernel.org \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mihai.carabas@oracle.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).