Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752550AbeAFVZy (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Sat, 6 Jan 2018 16:25:54 -0500
Received: from mail-io0-f196.google.com ([209.85.223.196]:42042 "EHLO
        mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751274AbeAFVZw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 6 Jan 2018 16:25:52 -0500
X-Google-Smtp-Source: ACJfBovY0jr2bVaNKU6QHuKUl8oR/JAIATtivBONdduoH5aX1G7gNd9wu4fJOXbFyiTXnH1FXZT22g==
Date: Sat, 6 Jan 2018 16:25:19 -0500
From: Konrad Rzeszutek Wilk <konrad@kernel.org>
To: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andy Lutomirski <luto@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Dave Hansen <dave.hansen@intel.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andi Kleen <ak@linux.intel.com>,
        Arjan Van De Ven <arjan.van.de.ven@intel.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 4/8] x86/spec_ctrl: Add sysctl knobs to enable/disable
 SPEC_CTRL feature
Message-ID: <20180106212519.GA18459@x230.dumpdata.com>
References: <cover.1515204614.git.tim.c.chen@linux.intel.com>
 <b77c0cfc2d50ebdaa721f95012fd735cc374f04c.1515204614.git.tim.c.chen@linux.intel.com>
 <20180106085410.GA4380@kroah.com>
 <0de2d41c-368c-685f-ac52-cf7ce440ac60@linux.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <0de2d41c-368c-685f-ac52-cf7ce440ac60@linux.intel.com>
User-Agent: Mutt/1.9.0 (2017-09-02)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Sat, Jan 06, 2018 at 10:10:59AM -0800, Tim Chen wrote:
> 
> 
> On 01/06/2018 12:54 AM, Greg KH wrote:
> > On Fri, Jan 05, 2018 at 06:12:19PM -0800, Tim Chen wrote:
> >> From: Tim Chen <tim.c.chen@linux.intel.com>
> >> From: Andrea Arcangeli <aarcange@redhat.com>
> >>
> >> There are 2 ways to control IBRS
> >>
> >> 1. At boot time
> >>     noibrs kernel boot parameter will disable IBRS usage
> >>
> >> Otherwise if the above parameters are not specified, the system
> >> will enable ibrs and ibpb usage if the cpu supports it.
> >>
> >> 2. At run time
> >>     echo 0 > /sys/kernel/debug/x86/ibrs_enabled will turn off IBRS
> >>     echo 1 > /sys/kernel/debug/x86/ibrs_enabled will turn on IBRS in kernel
> >>     echo 2 > /sys/kernel/debug/x86/ibrs_enabled will turn on IBRS in both userspace and kernel
> >>


This is going to create headaches in the future.

That is future CPUs there will be no need for this MSR nor retpoline as
the CPUs will observe correctness when switching .. rings/vm-exits/etc
and I would assume that 'ibrs_enabled' will return 0.

And that will make folks scared and run to support/Intel with
complaints.

Furthmore with the 'retpoline' work you can disable IBRS and instead use
'retpoline's as mitigation - and again the 'ibrs_enabled' is now zero.
Cue in horde of customers calling support.

Would it be better to have an global /sys/../spectre_resistent instead
of these 'well, check if the repoline sysfs is enabled, or if that is
not, then look at the cpuid flags'.

It would be good to have this future proof.