Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751789AbeAEMyu (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Fri, 5 Jan 2018 07:54:50 -0500
Received: from Galois.linutronix.de ([146.0.238.70]:44414 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751495AbeAEMyt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Jan 2018 07:54:49 -0500
Date: Fri, 5 Jan 2018 13:54:42 +0100 (CET)
From: Thomas Gleixner <tglx@linutronix.de>
To: David Woodhouse <dwmw@amazon.co.uk>
cc: ak@linux.intel.com, Paul Turner <pjt@google.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Greg Kroah-Hartman <gregkh@linux-foundation.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Kees Cook <keescook@google.com>,
        Rik van Riel <riel@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Jiri Kosina <jikos@kernel.org>, gnomes@lxorguk.ukuu.org.uk
Subject: Re: [PATCH v3 01/13] x86/retpoline: Add initial retpoline support
In-Reply-To: <20180104143710.8961-1-dwmw@amazon.co.uk>
Message-ID: <alpine.DEB.2.20.1801051345490.1724@nanos>
References: <1515058213.12987.89.camel@amazon.co.uk> <20180104143710.8961-1-dwmw@amazon.co.uk>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Thu, 4 Jan 2018, David Woodhouse wrote:
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 07cdd1715705..900fa7016d3f 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -342,5 +342,6 @@
>  #define X86_BUG_MONITOR			X86_BUG(12) /* IPI required to wake up remote CPU */
>  #define X86_BUG_AMD_E400		X86_BUG(13) /* CPU is among the affected by Erratum 400 */
>  #define X86_BUG_CPU_INSECURE		X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */
> +#define X86_BUG_NO_RETPOLINE		X86_BUG(15) /* Placeholder: disable retpoline branch thunks */

I think this is the wrong approach. We have X86_BUG_CPU_INSECURE, which now
should be renamed to X86_BUG_CPU_MELTDOWN_V3 or something like that. It
tells the kernel, that the CPU is affected by variant 3.

If the kernel detects that and has PTI support then it sets the 'pti'
feature bit which tells that the mitigation is in place.

So what we really want is

   X86_BUG_MELTDOWN_V1/2/3

which get set when the CPU is affected by a particular variant and then
have feature flags

   X86_FEATURE_RETPOLINE
   X86_FEATURE_IBRS
   X86_FEATURE_NOSPEC

or whatever it takes to signal that a mitigation is in place. Then we
depend all actions on those feature flags very much in the way we do for
FEATURE_PTI.

If CPUs come along which are not affected by a particular variant the BUG
flag does not get set.

Thanks,

	tglx