Received: by 10.192.165.148 with SMTP id m20csp333266imm; Wed, 2 May 2018 00:43:57 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqVC+eVVkPqV9rg+sFhk7h+RxcZGo5vd9d5kXkAJonhpL+7sUMiSg5q4KPaeIucOug1FovL X-Received: by 10.98.238.21 with SMTP id e21mr13872725pfi.203.1525247037473; Wed, 02 May 2018 00:43:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525247037; cv=none; d=google.com; s=arc-20160816; b=lmE9oTA4BMgr+LeHBTWX3WPw4+Z+nSK5ImOarhT+uz5ATqbESlazd74viPud2h7mxF 2Kje7jLX162CVg6k3smqpw11+jbAr3+qpt026bJnkYH3u1hs1/9JufYfnQ5Luk4KUoJo WYdVzCruVHdodbVpX+o2izisjeyQ3+fG6rxM9RwBi2zRhmqoHxx9J7F1tkE5jRK+bkFc YAWM26Yx/U6jkIbm+tzzGupSVNSC1bOkvC+pRoL8jvXb44zlzmIQFUyBnTzkEaBXEU85 3ZGqZr3RiHJktiCkKO6sQwZL0HWfg7P6/sMqVLJUnCPRieycXRXPdk+TJ4WGjLVL29Xz hdxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=LvIhzYu/yF5JVPif94gV4S0Y8n1Zrb3RrfvqvqWe2zk=; b=qHUpdHXZ41N/Y6pxkXOnhrPnc0naK0N83oEJGaYR3gDtwzE+5yxoBk1Zdtox3p5g5J ERz1bsZWiTiXIw0OEz7m96khRibY6sx0ob7U9wTRjbjgKVJPZzvejd0cNAn4DHnMJrsQ erHg7h/TzQmY2cD4hmW8Fnh15x+dBjfv/BAmtUqOa/hNfrjvHrPPO9t1KMp4MR3u13NE Z0OKLRPRJelQ7IRnh/8Q+5pgK8W/n9JXzKzKsP2Dd11yTrtnhd15fgA2CthZu570gKkM hbUFRcBcI8C56T4B2UXAhvgV9Ib+tdmy4f0B/D4a7S2r/7ja+DVgrOhX5MdjL6MyU9e4 msPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RDztLsWN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r22-v6si11191554pls.591.2018.05.02.00.43.43; Wed, 02 May 2018 00:43:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RDztLsWN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751025AbeEBHne (ORCPT + 99 others); Wed, 2 May 2018 03:43:34 -0400 Received: from mail-io0-f194.google.com ([209.85.223.194]:46875 "EHLO mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750907AbeEBHnd (ORCPT ); Wed, 2 May 2018 03:43:33 -0400 Received: by mail-io0-f194.google.com with SMTP id f21-v6so16364136iob.13 for ; Wed, 02 May 2018 00:43:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=LvIhzYu/yF5JVPif94gV4S0Y8n1Zrb3RrfvqvqWe2zk=; b=RDztLsWN/v+S6gl/Vk0Jriji9mmgmVzYY5KQio2oUVPCIo3KOK9wG4SflqwoOxnf0d hgVgJZXiNjN+qEwHzVa6R/uHcDcbcFjcGYIU64+Q/2+UfB47SztyKCLemncUTgMajOFA AZGoMGLKsqlaL2eEqWcsZFOE25NlOIdjHgIsRfFsaoXd8PnIN1czmj+tMu24wkhNExd8 tr/h1Ao9A1K+TBTJHlyVQWfi2ZGWbKipBupnpVDv6J39Det/EcyTs5otfhMCH73dYSIo 6kv+j9dfMzS0iV7rTPqsm/U56fm22bkCRS2AmY/kwlskKvAdDO0i5+Rbcwyr/JML/rbw sr/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=LvIhzYu/yF5JVPif94gV4S0Y8n1Zrb3RrfvqvqWe2zk=; b=jj8PgmhqbDCcdA6og89GfzeWrPzR0JacK+ehOCKxbChwue0saA10UO7cSwtcpSt6/t JXS03vIUoQH0PcnkSyDd41xpAn8PuiCXIklAeO0RnEguOQnX4u6gWjI+LFf0tDO64/ym Zc4PDI51qcLfONic0R2BQ9zkmhkgjtxOYwfmiYGTIzsEb2qSGgDYRlJh9CfM4bMJXQ3g op1BahTfWQ+DtgQZvkT9u7wtdMWjvWMzhEjDNNvcPEE+j8Q5R57hufQ2xz/zVuPuRulC ODoY7WHyNrOugmhatwiCcPifvmbS5bW7Dmcf0MERnR/BhtEH7/NJH4YPq75xx1A/XSZr SRog== X-Gm-Message-State: ALQs6tCXQzl1IobejH5c0eFpQMB/PRNgvdwoQNds09lz3YNiaYgAR5fX +MDQRs8x72iw7mBJMNUrdQwJv8ulQV4+RNVv8A== X-Received: by 2002:a6b:98ca:: with SMTP id a193-v6mr20635378ioe.254.1525247012432; Wed, 02 May 2018 00:43:32 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:9e86:0:0:0:0:0 with HTTP; Wed, 2 May 2018 00:43:31 -0700 (PDT) In-Reply-To: References: From: =?UTF-8?Q?J=C3=B6rg_Otte?= Date: Wed, 2 May 2018 09:43:31 +0200 Message-ID: Subject: Re: [v4.17-rcx] Lost IBPB, IBRS_FW support for spectre_v2 mitigation. To: Linus Torvalds Cc: Thomas Gleixner , "Kirill A. Shutemov" , Linux Kernel Mailing List , Borislav Petkov Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-05-01 22:14 GMT+02:00 Linus Torvalds : > On Tue, May 1, 2018 at 5:59 AM Thomas Gleixner wrote= : > >> Then I really have no idea how reverting the patch you pointed out would >> fix it. > > So I do think that the original patch is buggy. > > What I think *may* be going on is: > > - first we do that > > get_cpu_cap(c); > get_cpu_address_sizes(c); > > but at that point, CPU levels may be masked, and that 0x80000008 lea= f > isn't seen > > - then we do > > if (this_cpu->c_early_init) > this_cpu->c_early_init(c); > > which calls early_init_intel(), which does that > > if (msr_clear_bit(MSR_IA32_MISC_ENABLE, > MSR_IA32_MISC_ENABLE_LIMIT_CPUID_BIT) = > > 0) { > > which now raises the cpuid_level. > > - then we do > > get_cpu_cap(c); > > again, because the cpuid level has been raised, and _now_ it used to = get > that 0x80000008 leaf information. > > But with the change, that second call to get_cpu_cap() didn't do anything= , > because the 0x80000008 leaf handling had been moved away. > > However, I agree that your patch to just do that CPUID_8000_0008_EBX in > get_cpu_cap() should have fixed it, and it's possible that J=C3=B6rg mis-= tested > it. > > J=C3=B6rg, are you sure you didn't somehow get the wrong microcode? Becau= se > another way for those bits to be cleared again is if > bad_spectre_microcode() triggers. That should show up in dmesg as "Intel > Spectre v2 broken microcode detected" though. > > Linus I downloaded microcode from Intel. Here are the excerpts from dmesg: With revert: jojo@fichte:~$ dmesg | grep -i -e spec -e micro -e "Linux version" [ 0.000000] microcode: microcode updated early to revision 0x24, date =3D 2018-01-21 [ 0.000000] Linux version 4.17.0-rc3-revert-00001-gcb1069f (jojo@fichte) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubu dmesg | grep -i -e spec -e micro -e "Linux version" [ 0.000000] microcode: microcode updated early to revision 0x24, date =3D 2018-01-21 [ 0.000000] Linux version 4.17.0-rc3-patch-00001-gdc10603 (jojo@fichte) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9)) #20 SMP Wed May 2 09:08:07 CEST 2018 [ 0.028417] Spectre V2 : Mitigation: Full generic retpoline [ 0.491803] microcode: sig=3D0x306c3, pf=3D0x10, revision=3D0x24 [ 0.491831] microcode: Microcode Update Driver: v2.2.ntu1~16.04.9)) #21 SMP Wed May 2 09:14:29 CEST 2018 [ 0.028414] Spectre V2 : Mitigation: Full generic retpoline [ 0.028415] Spectre V2 : Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier [ 0.028415] Spectre V2 : Enabling Restricted Speculation for firmware ca= lls [ 0.500157] microcode: sig=3D0x306c3, pf=3D0x10, revision=3D0x24 [ 0.500183] microcode: Microcode Update Driver: v2.2. With patch: dmesg | grep -i -e spec -e micro -e "Linux version" [ 0.000000] microcode: microcode updated early to revision 0x24, date =3D 2018-01-21 [ 0.000000] Linux version 4.17.0-rc3-patch-00001-gdc10603 (jojo@fichte) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9)) #20 SMP Wed May 2 09:08:07 CEST 2018 [ 0.028417] Spectre V2 : Mitigation: Full generic retpoline [ 0.491803] microcode: sig=3D0x306c3, pf=3D0x10, revision=3D0x24 [ 0.491831] microcode: Microcode Update Driver: v2.2. Thanks, J=C3=B6rg