Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753485AbeAFVRR (ORCPT + 1 other); Sat, 6 Jan 2018 16:17:17 -0500 Received: from smtp.ctxuk.citrix.com ([185.25.65.24]:54936 "EHLO SMTP.EU.CITRIX.COM" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752674AbeAFVRQ (ORCPT ); Sat, 6 Jan 2018 16:17:16 -0500 X-IronPort-AV: E=Sophos;i="5.46,323,1511827200"; d="scan'208";a="65687711" Subject: Re: [PATCH v5 02/12] x86/retpoline: Add initial retpoline support To: David Woodhouse , Andi Kleen CC: Paul Turner , LKML , Linus Torvalds , Greg Kroah-Hartman , Tim Chen , Dave Hansen , , Kees Cook , Rik van Riel , Peter Zijlstra , Andy Lutomirski , Jiri Kosina , , Thomas Lendacky References: <1515239374-23361-1-git-send-email-dwmw@amazon.co.uk> <1515239374-23361-3-git-send-email-dwmw@amazon.co.uk> From: Andrew Cooper Message-ID: <0c150bb9-f5eb-2bf2-1f64-84c1b315868b@citrix.com> Date: Sat, 6 Jan 2018 21:16:47 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <1515239374-23361-3-git-send-email-dwmw@amazon.co.uk> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Content-Language: en-GB X-ClientProxiedBy: AMSPEX02CAS02.citrite.net (10.69.22.113) To AMSPEX02CL02.citrite.net (10.69.22.126) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 06/01/18 11:49, David Woodhouse wrote: > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index 372ba3f..40e6e54 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -904,6 +904,11 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) > > setup_force_cpu_bug(X86_BUG_SPECTRE_V1); > setup_force_cpu_bug(X86_BUG_SPECTRE_V2); > +#ifdef CONFIG_RETPOLINE > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > + if (c->x86_vendor == X86_VENDOR_AMD) > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); This isn't safe.  It needs to be dependant on finding that LFENCEs are actually dispatch serialising. In particular, when virtualised, you'll most likely be saddled with the hypervisors choice of setting, in which case you need to use retpoline as a fallback. ~Andrew > +#endif > > fpu__init_system(c); > >