Received: by 10.223.176.46 with SMTP id f43csp1125396wra; Sat, 20 Jan 2018 11:25:32 -0800 (PST) X-Google-Smtp-Source: AH8x2242JS8hRqXVJGyjgsBK4UXBUGX0AXDmHjJdotLY2dT5HFnCaQKhUrBy6Dw4K1cs9Fqw8O5A X-Received: by 10.99.56.18 with SMTP id f18mr2741280pga.438.1516476332620; Sat, 20 Jan 2018 11:25:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516476332; cv=none; d=google.com; s=arc-20160816; b=M9+r9unIaxXZWEUAVaEK/nL0saZwOx+ESpkdkk2cwl45iC+HRl4V3KOB6opwi0U0/X ol3dhFZsaZWK+5fbkE5+snXGhimqg+4h/8hRY/opeHBt6LlfASUGJwBpbVPM0cPN+o32 ibxTXPXLmlpLDcVh1p8Y1a0gOafbSsFVWZT7K4TAqbe0/ILU1y2O1Tvmau3w/38KgAx+ 4HvcKN0eKgw1SLIlN+Kl7ZxAS/Tlcr//lnm/KeCH89zDtlIRAMhta1X5KAB/zK0vt8M5 bvb+Wyg6fyv1Jq3AjBVC0F3fOCO7gofM3HsebwhRqEDsS09E2oEazxr0ZbFkDIbSeTsN G4sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=qD66IVTN2xAui9VTSC/NLrV3jxzxyCjSKrpmg9COAv4=; b=BHfnxd5lDndhkpI3nVdhDVsLIGWhO+e0H1UqwQZ77dOdiyQbE5PwU97eXMJ8SVJ6G/ +TqT2RbpMMHUqv63+vvnvmXkL72KUwXJMJt00lvFSggHpj/f64fk1o1yp/f7zAmsdNHh JvZ95T/Zk+E22x9cM6T/lSCQqkSu9tv9Zi/9cqjxeEU9I0Fs3ids5adfx07xpd+y7oXb 1DrsZmmk/PqvTkXHTl1vNFoYpRwjmRiJRzA+d5pjstoGeAArw2T34CjVjhNCF5sMRsZ+ UWT4z05wiyQkfzrtq6zdJwSXxPq0UBUAyns9s9YwW1eOOVyTwpuNS3d70YH3QLkyrh7y FvSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=e08FulhM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z7si5833777pfa.360.2018.01.20.11.24.45; Sat, 20 Jan 2018 11:25:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=e08FulhM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932503AbeATTXn (ORCPT + 99 others); Sat, 20 Jan 2018 14:23:43 -0500 Received: from smtp-fw-4101.amazon.com ([72.21.198.25]:57033 "EHLO smtp-fw-4101.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932182AbeATTXi (ORCPT ); Sat, 20 Jan 2018 14:23:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1516476218; x=1548012218; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=qD66IVTN2xAui9VTSC/NLrV3jxzxyCjSKrpmg9COAv4=; b=e08FulhMxl2Fo9wTJ7bDDS/apifD9qjGQi/WakpA1ZeYno31/tV00RWn sPNacy0GrN7yKSo+PxqhEXObQPf2NDoIi1sIwcvENZo1eoQE1KaLcmUEi 8WnPvWzhSPDhtfgIY0R0DFmVTQ+GvkXjO9dgubN1pfy6wNSjmU2v6TYGA 4=; X-IronPort-AV: E=Sophos;i="5.46,387,1511827200"; d="scan'208";a="704529209" Received: from iad6-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1a-715bee71.us-east-1.amazon.com) ([10.124.125.6]) by smtp-border-fw-out-4101.iad4.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Jan 2018 19:23:30 +0000 Received: from u54e1ad5160425a4b64ea.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146]) by email-inbound-relay-1a-715bee71.us-east-1.amazon.com (8.14.7/8.14.7) with ESMTP id w0KJNGC9128300 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 20 Jan 2018 19:23:18 GMT Received: from u54e1ad5160425a4b64ea.ant.amazon.com (localhost [127.0.0.1]) by u54e1ad5160425a4b64ea.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w0KJNCQj005235; Sat, 20 Jan 2018 20:23:12 +0100 Received: (from karahmed@localhost) by u54e1ad5160425a4b64ea.ant.amazon.com (8.15.2/8.15.2/Submit) id w0KJN9xm005232; Sat, 20 Jan 2018 20:23:09 +0100 From: KarimAllah Ahmed To: linux-kernel@vger.kernel.org Cc: KarimAllah Ahmed , Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , David Woodhouse , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Thomas Gleixner , Tim Chen , Tom Lendacky , kvm@vger.kernel.org, x86@kernel.org Subject: [RFC 00/10] Speculation Control feature support Date: Sat, 20 Jan 2018 20:22:51 +0100 Message-Id: <1516476182-5153-1-git-send-email-karahmed@amazon.de> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Start using the newly-added microcode features for speculation control on both Intel and AMD CPUs to protect against Spectre v2. This patch series covers interrupts, system calls, context switching between processes, and context switching between VMs. It also exposes Indirect Branch Prediction Barrier MSR, aka IBPB MSR, to KVM guests. TODO: - Introduce a microcode blacklist to disable the feature for broken microcodes. - Restrict/Unrestrict the speculation (by toggling IBRS) around VMExit and VMEnter for KVM and expose IBRS to guests. Ashok Raj (1): x86/kvm: Add IBPB support David Woodhouse (1): x86/speculation: Add basic IBRS support infrastructure KarimAllah Ahmed (1): x86: Simplify spectre_v2 command line parsing Thomas Gleixner (4): x86/speculation: Add basic support for IBPB x86/speculation: Use Indirect Branch Prediction Barrier in context switch x86/speculation: Add inlines to control Indirect Branch Speculation x86/idle: Control Indirect Branch Speculation in idle Tim Chen (3): x86/mm: Only flush indirect branches when switching into non dumpable process x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation x86/enter: Use IBRS on syscall and interrupts Documentation/admin-guide/kernel-parameters.txt | 1 + arch/x86/entry/calling.h | 73 ++++++++++ arch/x86/entry/entry_64.S | 35 ++++- arch/x86/entry/entry_64_compat.S | 21 ++- arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/mwait.h | 14 ++ arch/x86/include/asm/nospec-branch.h | 54 ++++++- arch/x86/kernel/cpu/bugs.c | 183 +++++++++++++++--------- arch/x86/kernel/process.c | 14 ++ arch/x86/kvm/svm.c | 14 ++ arch/x86/kvm/vmx.c | 4 + arch/x86/mm/tlb.c | 21 ++- 12 files changed, 359 insertions(+), 77 deletions(-) Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Andy Lutomirski Cc: Arjan van de Ven Cc: Ashok Raj Cc: Asit Mallick Cc: Borislav Petkov Cc: Dan Williams Cc: Dave Hansen Cc: David Woodhouse Cc: Greg Kroah-Hartman Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Janakarajan Natarajan Cc: Joerg Roedel Cc: Jun Nakajima Cc: Laura Abbott Cc: Linus Torvalds Cc: Masami Hiramatsu Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Radim Krčmář Cc: Thomas Gleixner Cc: Tim Chen Cc: Tom Lendacky Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: x86@kernel.org -- 2.7.4