Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755286AbeAJA6w (ORCPT + 1 other); Tue, 9 Jan 2018 19:58:52 -0500 Received: from terminus.zytor.com ([65.50.211.136]:53695 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751805AbeAJA6u (ORCPT ); Tue, 9 Jan 2018 19:58:50 -0500 Date: Tue, 9 Jan 2018 16:51:57 -0800 From: tip-bot for Tom Lendacky Message-ID: Cc: dan.j.williams@intel.com, gregkh@linux-foundation.org, pjt@google.com, riel@redhat.com, dwmw@amazon.co.uk, dave.hansen@intel.com, luto@kernel.org, hpa@zytor.com, thomas.lendacky@amd.com, jikos@kernel.org, tglx@linutronix.de, ak@linux.intel.com, linux-kernel@vger.kernel.org, mingo@kernel.org, torvalds@linux-foundation.org, tim.c.chen@linux.intel.com, keescook@google.com, bp@alien8.de, peterz@infradead.org Reply-To: dave.hansen@intel.com, dwmw@amazon.co.uk, luto@kernel.org, hpa@zytor.com, thomas.lendacky@amd.com, gregkh@linux-foundation.org, dan.j.williams@intel.com, riel@redhat.com, pjt@google.com, tim.c.chen@linux.intel.com, keescook@google.com, bp@alien8.de, peterz@infradead.org, jikos@kernel.org, tglx@linutronix.de, ak@linux.intel.com, mingo@kernel.org, linux-kernel@vger.kernel.org, torvalds@linux-foundation.org In-Reply-To: <20180110003931.32411.55646.stgit@tlendack-t1.amdoffice.net> References: <20180110003931.32411.55646.stgit@tlendack-t1.amdoffice.net> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/pti] x86/retpoline: Only set RETPOLINE_AMD if LFENCE is serializing Git-Commit-ID: b10d070a67d96db93223d11832c1e74588d7d566 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: Commit-ID: b10d070a67d96db93223d11832c1e74588d7d566 Gitweb: https://git.kernel.org/tip/b10d070a67d96db93223d11832c1e74588d7d566 Author: Tom Lendacky AuthorDate: Tue, 9 Jan 2018 18:39:31 -0600 Committer: Thomas Gleixner CommitDate: Wed, 10 Jan 2018 01:49:13 +0100 x86/retpoline: Only set RETPOLINE_AMD if LFENCE is serializing The RETPOLINE_AMD feature relies on a serializing LFENCE for speculation control. For AMD hardware, only set RETPOLINE_AMD if LFENCE is a serializing instruction, which is indicated by the LFENCE_RDTSC feature. The call to spectre_v2_check_boottime_disable() is currently before the boot CPU is identified and, therefore, able to set the LFENCE_RDTSC feature. Move the call to spectre_v2_check_boottime_disable() to after identify_boot_cpu() in check_bugs(). Also, protect against specifying spectre_v2=retpoline,amd for non-AMD hardware and fall-back to the generic retpoline. 54d5103245ff ("x86/spectre: Add boot time option to select Spectre v2 mitigation") Originally-by: Thomas Gleixner Signed-off-by: Tom Lendacky Signed-off-by: Thomas Gleixner Cc: Rik van Riel Cc: Andi Kleen Cc: Peter Zijlstra Cc: Tim Chen Cc: Jiri Kosina Cc: Dave Hansen Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Kees Cook Cc: Dan Williams Cc: Linus Torvalds Cc: Greg Kroah-Hartman Cc: David Woodhouse Cc: Paul Turner Link: https://lkml.kernel.org/r/20180110003931.32411.55646.stgit@tlendack-t1.amdoffice.net --- arch/x86/include/asm/nospec-branch.h | 2 -- arch/x86/kernel/cpu/bugs.c | 22 +++++++++++++++++----- arch/x86/kernel/setup.c | 2 -- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 8ddf851..6bda2c0 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -152,7 +152,5 @@ # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) #endif -void spectre_v2_check_boottime_disable(void); - #endif /* __ASSEMBLY__ */ #endif /* __NOSPEC_BRANCH_H__ */ diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index b957f77..815dee2 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -24,6 +24,8 @@ #include #include +static void __init spectre_v2_check_boottime_disable(void); + void __init check_bugs(void) { identify_boot_cpu(); @@ -33,6 +35,9 @@ void __init check_bugs(void) print_cpu_info(&boot_cpu_data); } + /* Select the proper spectre mitigation before patching alternatives */ + spectre_v2_check_boottime_disable(); + #ifdef CONFIG_X86_32 /* * Check whether we are able to run this kernel safely on SMP. @@ -106,7 +111,7 @@ static inline bool match_option(const char *arg, int arglen, const char *opt) return len == arglen && !strncmp(arg, opt, len); } -void __init spectre_v2_check_boottime_disable(void) +static void __init spectre_v2_check_boottime_disable(void) { char arg[20]; int ret; @@ -148,14 +153,21 @@ force: retpoline: if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { retpoline_amd: + if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD || + !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { + pr_info("AMD retpoline not supported, fall back to generic\n"); + goto retpoline_generic; + } + spectre_v2_enabled = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : SPECTRE_V2_RETPOLINE_MINIMAL_AMD; setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); - } else { - retpoline_generic: - spectre_v2_enabled = retp_compiler() ? - SPECTRE_V2_RETPOLINE_GENERIC : SPECTRE_V2_RETPOLINE_MINIMAL; + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); + return; } +retpoline_generic: + spectre_v2_enabled = retp_compiler() ? + SPECTRE_V2_RETPOLINE_GENERIC : SPECTRE_V2_RETPOLINE_MINIMAL; setup_force_cpu_cap(X86_FEATURE_RETPOLINE); return; #else diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 9fb4f9d..b5a908b 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -1322,8 +1322,6 @@ void __init setup_arch(char **cmdline_p) register_refined_jiffies(CLOCK_TICK_RATE); - spectre_v2_check_boottime_disable(); - #ifdef CONFIG_EFI if (efi_enabled(EFI_BOOT)) efi_apply_memmap_quirks();