All of this is pure garbage. Is Intel really planning on making this shit architectural? Has anybody talked to them and told them they are f*cking insane? Please, any Intel engineers here - talk to your managers. Linus On Jan 20, 2018 11:23, "KarimAllah Ahmed" wrote: > From: Tim Chen > > Create macros to control Indirect Branch Speculation. > > Name them so they reflect what they are actually doing. > The macros are used to restrict and unrestrict the indirect branch > speculation. > They do not *disable* (or *enable*) indirect branch speculation. A trip > back to > user-space after *restricting* speculation would still affect the BTB. > > Quoting from a commit by Tim Chen: > > """ > If IBRS is set, near returns and near indirect jumps/calls will not > allow > their predicted target address to be controlled by code that executed > in a > less privileged prediction mode *BEFORE* the IBRS mode was last > written with > a value of 1 or on another logical processor so long as all Return > Stack > Buffer (RSB) entries from the previous less privileged prediction mode > are > overwritten. > > Thus a near indirect jump/call/return may be affected by code in a less > privileged prediction mode that executed *AFTER* IBRS mode was last > written > with a value of 1. > """ > > [ tglx: Changed macro names and rewrote changelog ] > [ karahmed: changed macro names *again* and rewrote changelog ] > > Signed-off-by: Tim Chen > Signed-off-by: Thomas Gleixner > Signed-off-by: KarimAllah Ahmed > Cc: Andrea Arcangeli > Cc: Andi Kleen > Cc: Peter Zijlstra > Cc: Greg KH > Cc: Dave Hansen > Cc: Andy Lutomirski > Cc: Paolo Bonzini > Cc: Dan Williams > Cc: Arjan Van De Ven > Cc: Linus Torvalds > Cc: David Woodhouse > Cc: Ashok Raj > Link: https://lkml.kernel.org/r/3aab341725ee6a9aafd3141387453b > 45d788d61a.1515542293.git.tim.c.chen@linux.intel.com > Signed-off-by: David Woodhouse > --- > arch/x86/entry/calling.h | 73 ++++++++++++++++++++++++++++++ > ++++++++++++++++++ > 1 file changed, 73 insertions(+) > > diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h > index 3f48f69..5aafb51 100644 > --- a/arch/x86/entry/calling.h > +++ b/arch/x86/entry/calling.h > @@ -6,6 +6,8 @@ > #include > #include > #include > +#include > +#include > > /* > > @@ -349,3 +351,74 @@ For 32-bit we have the following conventions - kernel > is built with > .Lafter_call_\@: > #endif > .endm > + > +/* > + * IBRS related macros > + */ > +.macro PUSH_MSR_REGS > + pushq %rax > + pushq %rcx > + pushq %rdx > +.endm > + > +.macro POP_MSR_REGS > + popq %rdx > + popq %rcx > + popq %rax > +.endm > + > +.macro WRMSR_ASM msr_nr:req edx_val:req eax_val:req > + movl \msr_nr, %ecx > + movl \edx_val, %edx > + movl \eax_val, %eax > + wrmsr > +.endm > + > +.macro RESTRICT_IB_SPEC > + ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS > + PUSH_MSR_REGS > + WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $SPEC_CTRL_IBRS > + POP_MSR_REGS > +.Lskip_\@: > +.endm > + > +.macro UNRESTRICT_IB_SPEC > + ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS > + PUSH_MSR_REGS > + WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $0 > + POP_MSR_REGS > +.Lskip_\@: > +.endm > + > +.macro RESTRICT_IB_SPEC_CLOBBER > + ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS > + WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $SPEC_CTRL_IBRS > +.Lskip_\@: > +.endm > + > +.macro UNRESTRICT_IB_SPEC_CLOBBER > + ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS > + WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $0 > +.Lskip_\@: > +.endm > + > +.macro RESTRICT_IB_SPEC_SAVE_AND_CLOBBER save_reg:req > + ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS > + movl $MSR_IA32_SPEC_CTRL, %ecx > + rdmsr > + movl %eax, \save_reg > + movl $0, %edx > + movl $SPEC_CTRL_IBRS, %eax > + wrmsr > +.Lskip_\@: > +.endm > + > +.macro RESTORE_IB_SPEC_CLOBBER save_reg:req > + ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS > + /* Set IBRS to the value saved in the save_reg */ > + movl $MSR_IA32_SPEC_CTRL, %ecx > + movl $0, %edx > + movl \save_reg, %eax > + wrmsr > +.Lskip_\@: > +.endm > -- > 2.7.4 > >