Received: by 10.223.176.5 with SMTP id f5csp13197wra; Tue, 6 Feb 2018 16:08:00 -0800 (PST) X-Google-Smtp-Source: AH8x227Y8fVeuvvZVqS5HJw5+20AgIiiaZeXhdVfywbRgw55OkDjyyRtSPZJjbpvZXAbtpaanQ5Z X-Received: by 10.99.125.82 with SMTP id m18mr3260651pgn.415.1517962079885; Tue, 06 Feb 2018 16:07:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517962079; cv=none; d=google.com; s=arc-20160816; b=Dp5MRgxp17A0fdHRl3Yb0GqRW+8IT/xzYM2MY9Lwm2R4mP2D2mx3VNrW77d1GwBZyA FTPW6d3zsVwyvEYEFWHUTib4gX2WwdecmZBGc2bO18d+KtJgOHzj2YRiQXq/I2phlEE6 +2nyZib83dDGMZY9T5cA3JbXvIl4NQDk3FtnLxgG8rDldFCuhZ28EqZPEIpxp/cQz9mu 4G6lJqfpezqLyxooo0T+H08s+yZeCPDHZ3pVYsQ+Dt3dj2Sg3LutlfKaeCsAmXC4gAUb 3Cf/iWZ+qA7cYxz22FSBg+EfCOmHStrQYmRLOV00RjdYpMGAY0W8JclV2dj6Z2cDRNZf MMlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:to:from:dkim-signature :arc-authentication-results; bh=8stZnq8pnb3oRlB9/guM9C8MfE/t+FzS+dRv2ygCo3c=; b=CyOMhE/sXk7hiDpQxP2CZF4mIIJN+9KMwnFNSZ8mnL2+8j83P30DcHTQ1jOQAIeVAJ uYcxM9RxKcYh6UsWISGszQZM5jvCq68u+ujNThc8w91kdYx83Nhgcw7yWNJljoRs5uGv ObNJa+mTPEnVrVztrNHAXgGzvGnhCZ2dwfOfogZNxiflyDs7BHHQIMQmFCygBhF3Qw3W sggkdZ+TrM7T5WXz793/YX3MlpxWD0TVn+4w4I94wxbrz2ddAI1ZTuw2Of5mMjWuPP6f t4ItMnI+83OUj2uLul4VvvsqZy1UHxkdqwDUCE5OGfs2Y4+KCHXDhrwBmAwMhsjlk8ts G18g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=SjYvrVAn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d9-v6si127506pli.623.2018.02.06.16.07.45; Tue, 06 Feb 2018 16:07:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=SjYvrVAn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754195AbeBGAG3 (ORCPT + 99 others); Tue, 6 Feb 2018 19:06:29 -0500 Received: from smtp-fw-9101.amazon.com ([207.171.184.25]:4164 "EHLO smtp-fw-9101.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754095AbeBGAG2 (ORCPT ); Tue, 6 Feb 2018 19:06:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazon201209; t=1517961988; x=1549497988; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=8stZnq8pnb3oRlB9/guM9C8MfE/t+FzS+dRv2ygCo3c=; b=SjYvrVAnACrZiKxS9lwA62Hev3HWj5zCbpvhqVO2X7ZVMzUOvlKdgRPA +fyYWyPjwjPOmROudYGJUzBPou30yhFqp20mIYsGf5aqQZ0lnziEFI8Up wjfG3ExnDG/BTZ5yLAXRtVVnnxrwXzbi/Gm7kaBXG6oGxAFsbfk84ho5m A=; X-IronPort-AV: E=Sophos;i="5.46,470,1511827200"; d="scan'208";a="721472249" Received: from sea3-co-svc-lb6-vlan3.sea.amazon.com (HELO email-inbound-relay-1d-37fd6b3d.us-east-1.amazon.com) ([10.47.22.38]) by smtp-border-fw-out-9101.sea19.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Feb 2018 00:03:53 +0000 Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146]) by email-inbound-relay-1d-37fd6b3d.us-east-1.amazon.com (8.14.7/8.14.7) with ESMTP id w1703TAk089711 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Feb 2018 00:03:31 GMT Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (localhost [127.0.0.1]) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w1703SEo015502; Wed, 7 Feb 2018 00:03:28 GMT Received: (from dwmw@localhost) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Submit) id w1703Qnl015499; Wed, 7 Feb 2018 00:03:26 GMT From: David Woodhouse To: tglx@linutronix.de, torvalds@linux-foundation.org, x86@kernel.org, linux-kernel@vger.kernel.org, bp@alien8.de, peterz@infradead.org, tim.c.chen@linux.intel.com, dave.hansen@intel.com, arjan.van.de.ven@intel.com Subject: [RFC PATCH 0/4] Retpoline / IBRS_ALL Date: Wed, 7 Feb 2018 00:03:10 +0000 Message-Id: <1517961794-14972-1-git-send-email-dwmw@amazon.co.uk> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Using retpoline ensures the kernel is safe because it doesn't contain any indirect branches, but firmware still can — and we make calls into firmware at runtime. Where the IBRS microcode support is available, use that before calling into firmware. While doing that, I noticed that we were calling C functions without telling the compiler about the call-clobbered registers. Stop that. This also contains the always_inline fix for the performance problem introduced by retpoline in KVM code, and finally adds IBRS_ALL support for future CPUs, where we can disable the retpoline but still want to use IBPB on context switch etc. I'll repeat the comment from that commit here, for clarity: This does not actually *set* the IBRS bit in the SPEC_CTRL register, because Intel's documentation is wrong. Not wrong in the sense of "does not accurately describe Intel's planned future hardware", but more in the sense that if Intel make hardware like that, then they are Doing It Wrong™. With IBRS_ALL advertised in IA32_ARCH_CAPABILITIES, the IBRS bit in the MSR should do *nothing*. The safe mode where the CPU honours the tags in the BTB/RSB should be enabled *unconditionally*. David Woodhouse (4): Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()" KVM: x86: Reduce retpoline performance impact in slot_handle_level_range() x86/speculation: Use IBRS if available before calling into firmware x86/speculation: Support "Enhanced IBRS" on future CPUs arch/x86/include/asm/apm.h | 6 ++++++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/efi.h | 13 +++++++++++-- arch/x86/include/asm/nospec-branch.h | 34 +++++++++++++++++++++++++++++----- arch/x86/include/asm/processor.h | 3 --- arch/x86/kernel/cpu/bugs.c | 29 ++++++++++++++++++++++------- arch/x86/kvm/mmu.c | 10 +++++----- drivers/watchdog/hpwdt.c | 3 +++ 8 files changed, 77 insertions(+), 22 deletions(-) -- 2.7.4