Subject: Re: [PATCH] x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS if forced to
 zero
To: Borislav Petkov <bp@alien8.de>
References: <20170425180014.7533-1-jgross@suse.com>
 <20170425182443.3ab75tkfosol2yk4@pd.tnic>
 <f3cf034d-1a26-cfce-cf67-ebaa3b377cfc@suse.com>
 <20170425191809.uvdt4jimnbvqbyf2@pd.tnic>
 <24b7ab61-69e6-192e-5bb7-2ef5cdaa28c3@suse.com>
 <20170426063556.vc2zmns3uscubuim@pd.tnic>
Cc: linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org,
        x86@kernel.org, boris.ostrovsky@oracle.com, hpa@zytor.com,
        tglx@linutronix.de, mingo@redhat.com
From: Juergen Gross <jgross@suse.com>
Message-ID: <88dfeccc-61e9-20a7-e188-c3e5cb0f55d3@suse.com>
Date: Wed, 26 Apr 2017 20:24:12 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170426063556.vc2zmns3uscubuim@pd.tnic>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 972
Lines: 28

On 26/04/17 08:35, Borislav Petkov wrote:
> On Wed, Apr 26, 2017 at 06:45:42AM +0200, Juergen Gross wrote:
>> The really clean solution would be to add this test to set_cpu_bug()
> 
> No, the really clean solution is to set it once and not play toggle
> games.
> 
>> This would work. OTOH I'd prefer to test whether the bit should be
>> forced to remain zero than use the knowledge _who_ is trying to force
>> it.
> 
> Because we're in the business of investigating who did?
> 
> Nah, we should set it or clear it once and not do funky toggle games.
> Especially if in the future something else changes and timing windows
> grow and we refactor stuff and yadda yadda...

So what else is my patch doing? It is avoiding to set the bit in case
somebody (i.e. Xen) was forcing it to remain zero.

I'm not feeling strong about it. So if you want to test for
X86_FEATURE_XENPV to avoid setting X86_BUG_SYSRET_SS_ATTRS I'm fine
with it.

Will send V2 with that change.


Juergen