Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751287AbeADXvi (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Thu, 4 Jan 2018 18:51:38 -0500
Received: from mx1.redhat.com ([209.132.183.28]:33406 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751108AbeADXvh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 4 Jan 2018 18:51:37 -0500
Date: Fri, 5 Jan 2018 00:51:34 +0100
From: Andrea Arcangeli <aarcange@redhat.com>
To: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andy Lutomirski <luto@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Greg KH <gregkh@linuxfoundation.org>,
        Dave Hansen <dave.hansen@intel.com>,
        Andi Kleen <ak@linux.intel.com>,
        Arjan Van De Ven <arjan.van.de.ven@intel.com>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable
 SPEC_CTRL feature
Message-ID: <20180104235134.GC13348@redhat.com>
References: <cover.1515086770.git.tim.c.chen@linux.intel.com>
 <4d4b3752e8e533201c6983d8473eea95c747ea33.1515086770.git.tim.c.chen@linux.intel.com>
 <20180104225422.GG32035@hirez.programming.kicks-ass.net>
 <ff9235b5-b215-9867-b154-fb760a699a52@linux.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ff9235b5-b215-9867-b154-fb760a699a52@linux.intel.com>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 04 Jan 2018 23:51:37 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Thu, Jan 04, 2018 at 03:26:52PM -0800, Tim Chen wrote:
> On 01/04/2018 02:54 PM, Peter Zijlstra wrote:
> > On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote:
> >>  .macro ENABLE_IBRS
> >> -	ALTERNATIVE "jmp 10f", "", X86_FEATURE_SPEC_CTRL
> >> +	testl $SPEC_CTRL_IBRS_INUSE, spec_ctrl_ibrs
> >> +	jz .Lskip_\@
> >> +
> >>  	PUSH_MSR_REGS
> >>  	WRMSR_ASM $MSR_IA32_SPEC_CTRL, $SPEC_CTRL_FEATURE_ENABLE_IBRS
> >>  	POP_MSR_REGS
> >> -10:
> >> +
> >> +	jmp .Ldone_\@
> >> +.Lskip_\@:
> >> +	/*
> >> +	 * prevent speculation beyond here as we could want to
> >> +	 * stop speculation by enabling IBRS
> >> +	 */
> >> +	lfence
> >> +.Ldone_\@:
> >>  .endm
> > 
> > 
> > Yeah no. We have jump labels for this stuff. There is no reason what so
> > ever to do dynamic tests for a variable that _never_ changes.
> > 
> 
> Admin can change spec_ctrl_ibrs value at run time, or when
> we scan new microcode.  So it doesn't often change, but it could.
> 
> There may be time when the admin wants to run the system
> in a more secure mode, and time when it is okay to leave out
> IBRS.

I think he meant to use STATIC_JUMP_IF_TRUE instead of testl
spec_ctrl_ibrs to avoid the conditional jump but still allow to
enable/disable the branch. I suggested using static key earlier too.

In older kernels there's not even the boilerplate to check the static
key in asm, so I used a pcp bitfield in a already guaranteed hot
cacheline so in practice it's as fast as static key but static key is
always theoretically preferable.