Received: by 10.223.176.5 with SMTP id f5csp13197wra;
        Tue, 6 Feb 2018 16:08:00 -0800 (PST)
X-Google-Smtp-Source: AH8x227Y8fVeuvvZVqS5HJw5+20AgIiiaZeXhdVfywbRgw55OkDjyyRtSPZJjbpvZXAbtpaanQ5Z
X-Received: by 10.99.125.82 with SMTP id m18mr3260651pgn.415.1517962079885;
        Tue, 06 Feb 2018 16:07:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517962079; cv=none;
        d=google.com; s=arc-20160816;
        b=Dp5MRgxp17A0fdHRl3Yb0GqRW+8IT/xzYM2MY9Lwm2R4mP2D2mx3VNrW77d1GwBZyA
         FTPW6d3zsVwyvEYEFWHUTib4gX2WwdecmZBGc2bO18d+KtJgOHzj2YRiQXq/I2phlEE6
         +2nyZib83dDGMZY9T5cA3JbXvIl4NQDk3FtnLxgG8rDldFCuhZ28EqZPEIpxp/cQz9mu
         4G6lJqfpezqLyxooo0T+H08s+yZeCPDHZ3pVYsQ+Dt3dj2Sg3LutlfKaeCsAmXC4gAUb
         3Cf/iWZ+qA7cYxz22FSBg+EfCOmHStrQYmRLOV00RjdYpMGAY0W8JclV2dj6Z2cDRNZf
         MMlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:to:from:dkim-signature
         :arc-authentication-results;
        bh=8stZnq8pnb3oRlB9/guM9C8MfE/t+FzS+dRv2ygCo3c=;
        b=CyOMhE/sXk7hiDpQxP2CZF4mIIJN+9KMwnFNSZ8mnL2+8j83P30DcHTQ1jOQAIeVAJ
         uYcxM9RxKcYh6UsWISGszQZM5jvCq68u+ujNThc8w91kdYx83Nhgcw7yWNJljoRs5uGv
         ObNJa+mTPEnVrVztrNHAXgGzvGnhCZ2dwfOfogZNxiflyDs7BHHQIMQmFCygBhF3Qw3W
         sggkdZ+TrM7T5WXz793/YX3MlpxWD0TVn+4w4I94wxbrz2ddAI1ZTuw2Of5mMjWuPP6f
         t4ItMnI+83OUj2uLul4VvvsqZy1UHxkdqwDUCE5OGfs2Y4+KCHXDhrwBmAwMhsjlk8ts
         G18g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=SjYvrVAn;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d9-v6si127506pli.623.2018.02.06.16.07.45;
        Tue, 06 Feb 2018 16:07:59 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=SjYvrVAn;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754195AbeBGAG3 (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Tue, 6 Feb 2018 19:06:29 -0500
Received: from smtp-fw-9101.amazon.com ([207.171.184.25]:4164 "EHLO
        smtp-fw-9101.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754095AbeBGAG2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Feb 2018 19:06:28 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt;
  s=amazon201209; t=1517961988; x=1549497988;
  h=from:to:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=8stZnq8pnb3oRlB9/guM9C8MfE/t+FzS+dRv2ygCo3c=;
  b=SjYvrVAnACrZiKxS9lwA62Hev3HWj5zCbpvhqVO2X7ZVMzUOvlKdgRPA
   +fyYWyPjwjPOmROudYGJUzBPou30yhFqp20mIYsGf5aqQZ0lnziEFI8Up
   wjfG3ExnDG/BTZ5yLAXRtVVnnxrwXzbi/Gm7kaBXG6oGxAFsbfk84ho5m
   A=;
X-IronPort-AV: E=Sophos;i="5.46,470,1511827200"; 
   d="scan'208";a="721472249"
Received: from sea3-co-svc-lb6-vlan3.sea.amazon.com (HELO email-inbound-relay-1d-37fd6b3d.us-east-1.amazon.com) ([10.47.22.38])
  by smtp-border-fw-out-9101.sea19.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Feb 2018 00:03:53 +0000
Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146])
        by email-inbound-relay-1d-37fd6b3d.us-east-1.amazon.com (8.14.7/8.14.7) with ESMTP id w1703TAk089711
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
        Wed, 7 Feb 2018 00:03:31 GMT
Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (localhost [127.0.0.1])
        by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w1703SEo015502;
        Wed, 7 Feb 2018 00:03:28 GMT
Received: (from dwmw@localhost)
        by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Submit) id w1703Qnl015499;
        Wed, 7 Feb 2018 00:03:26 GMT
From:   David Woodhouse <dwmw@amazon.co.uk>
To:     tglx@linutronix.de, torvalds@linux-foundation.org, x86@kernel.org,
        linux-kernel@vger.kernel.org, bp@alien8.de, peterz@infradead.org,
        tim.c.chen@linux.intel.com, dave.hansen@intel.com,
        arjan.van.de.ven@intel.com
Subject: [RFC PATCH 0/4] Retpoline / IBRS_ALL
Date:   Wed,  7 Feb 2018 00:03:10 +0000
Message-Id: <1517961794-14972-1-git-send-email-dwmw@amazon.co.uk>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Using retpoline ensures the kernel is safe because it doesn't contain
any indirect branches, but firmware still can — and we make calls into
firmware at runtime. Where the IBRS microcode support is available, use
that before calling into firmware.

While doing that, I noticed that we were calling C functions without
telling the compiler about the call-clobbered registers. Stop that.

This also contains the always_inline fix for the performance problem 
introduced by retpoline in KVM code, and finally adds IBRS_ALL support 
for future CPUs, where we can disable the retpoline but still want to 
use IBPB on context switch etc. I'll repeat the comment from that commit 
here, for clarity:

This does not actually *set* the IBRS bit in the SPEC_CTRL register,
because Intel's documentation is wrong. Not wrong in the sense of
"does not accurately describe Intel's planned future hardware", but
more in the sense that if Intel make hardware like that, then they
are Doing It Wrong™.

With IBRS_ALL advertised in IA32_ARCH_CAPABILITIES, the IBRS bit in
the MSR should do *nothing*. The safe mode where the CPU honours the
tags in the BTB/RSB should be enabled *unconditionally*.


David Woodhouse (4):
  Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
  KVM: x86: Reduce retpoline performance impact in slot_handle_level_range()
  x86/speculation: Use IBRS if available before calling into firmware
  x86/speculation: Support "Enhanced IBRS" on future CPUs

 arch/x86/include/asm/apm.h           |  6 ++++++
 arch/x86/include/asm/cpufeatures.h   |  1 +
 arch/x86/include/asm/efi.h           | 13 +++++++++++--
 arch/x86/include/asm/nospec-branch.h | 34 +++++++++++++++++++++++++++++-----
 arch/x86/include/asm/processor.h     |  3 ---
 arch/x86/kernel/cpu/bugs.c           | 29 ++++++++++++++++++++++-------
 arch/x86/kvm/mmu.c                   | 10 +++++-----
 drivers/watchdog/hpwdt.c             |  3 +++
 8 files changed, 77 insertions(+), 22 deletions(-)

-- 
2.7.4