Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753544AbeAFB3a (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Fri, 5 Jan 2018 20:29:30 -0500
Received: from mga04.intel.com ([192.55.52.120]:27497 "EHLO mga04.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753401AbeAFB32 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Jan 2018 20:29:28 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,320,1511856000"; 
   d="scan'208";a="18641657"
Subject: Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable
 SPEC_CTRL feature
To: David Woodhouse <dwmw2@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andy Lutomirski <luto@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Greg KH <gregkh@linuxfoundation.org>
Cc: Dave Hansen <dave.hansen@intel.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andi Kleen <ak@linux.intel.com>,
        Arjan Van De Ven <arjan.van.de.ven@intel.com>,
        linux-kernel@vger.kernel.org
References: <cover.1515086770.git.tim.c.chen@linux.intel.com>
 <4d4b3752e8e533201c6983d8473eea95c747ea33.1515086770.git.tim.c.chen@linux.intel.com>
 <1515151008.29312.116.camel@infradead.org>
From: Tim Chen <tim.c.chen@linux.intel.com>
Message-ID: <8c0c0ac6-f8d4-971b-7b8e-a39ae707bfdc@linux.intel.com>
Date: Fri, 5 Jan 2018 17:29:27 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.1.0
MIME-Version: 1.0
In-Reply-To: <1515151008.29312.116.camel@infradead.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On 01/05/2018 03:16 AM, David Woodhouse wrote:
> On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote:
>>
>> +       mutex_lock(&spec_ctrl_mutex);
>> +
>> +       if (enable == IBRS_DISABLED) {
>> +               /* disable IBRS usage */
>> +               set_ibrs_disabled();
>> +               if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
>> +                       spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_DISABLE_IBRS);
>> +       } else if (enable == IBRS_ENABLED) {
>> +               /* enable IBRS usage in kernel */
>> +               clear_ibrs_disabled();
>> +               if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
>> +                       set_ibrs_inuse();
>> +               else
>> +                       /* Platform don't support IBRS */
>> +                       enable = IBRS_DISABLED;
>> +       } else if (enable == IBRS_ENABLED_USER) {
>> +               /* enable IBRS usage in both userspace and kernel */
>> +               clear_ibrs_disabled();
>> +               /* don't change IBRS value once we set it to always on */
>> +               clear_ibrs_inuse();
>> +               if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
>> +                       spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_ENABLE_IBRS);
>> +               else
>> +                       /* Platform don't support IBRS */
>> +                       enable = IBRS_DISABLED;
>> +       }
> 
> This doesn't take the retpoline status into account. If we have
> retpoline, we don't need IBRS in the kernel.
> 

If retpoline is used, we don't enable IBRS automatically during feature detection.
But if the admin is paranoid, he still has the choice to explicitly issue
a command to enable IBRS here.

Tim