Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp807090imm; Fri, 31 Aug 2018 13:58:27 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbZV0A2MUrZZQX3VMCANTUrOC/2AA+egQ2srK8SbvvysOAD7LugC9w4iz4a4Aelh7Sizxi2 X-Received: by 2002:a62:9e08:: with SMTP id s8-v6mr17909504pfd.23.1535749107638; Fri, 31 Aug 2018 13:58:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535749107; cv=none; d=google.com; s=arc-20160816; b=0+OZcHPqDY0GjDTtl2FpCffxJ1sEpdJjnivEACXoJc+W7/4vv3D57QefE5O15nkV3k Nyyv82mgX/QZPODldf6px0IPeNoCprE6vtOZ8MORXfqdej3h48/RWYPXd4TAwrWI0cdm 9ZyvmBlJYRGqKS8UtwumhtnbBs4fq58zp3WQodNin2sRbA5Bape/4PZrCgBVgLjMWM86 8RUec3fCQvAiC3DGZ/W/MhkBKiZO/qoU4QgUky+aCcGODnPGW2cJLU/Kf9hoAXvrSi0r qegDb68SPlu1muGTG3ogBZ4SabmUwUeHEDHLdpu3FAlknlSqNt1KjRq7laeoS43ldEBB UAig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :subject:cc:to:from:date:arc-authentication-results; bh=FFqJICZkYH7voRJKxjcjoLUe1wOAhkG7Mxu2U4G3DME=; b=Wcm2vmrQfX6nCAeOvoQz0GMteBeRbNC6TpRnjIs5a4bdQ8fFhXH/V92wjzTLck63Yo RRWxdD0qVTv7wyDdZhx3tXwr/2R56UtqvOXt2DPmM94QKgrZKJdFLVgW0SfD2Lcd2gzo CjoHSVyVKgTgFWimBXR2CgrklsvocKrMiAn0WW6P6vJVLF9qM3zsdmXNBibDssjVFNGc 75mev+6q0gi3/lrigro7PXaP4JY5UMW2fyD6YTW5XK2erZSRdv1uZxC78J5/kVTV9hCB EU+HX8vGeb7ES7VIyJ8rtaSc21G2Un4/6KLMceLOygEPrWU6K9KlQWOaFnU6yDd4n52R fQJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p66-v6si11399383pfp.237.2018.08.31.13.58.12; Fri, 31 Aug 2018 13:58:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727539AbeIABGO (ORCPT + 99 others); Fri, 31 Aug 2018 21:06:14 -0400 Received: from mx2.suse.de ([195.135.220.15]:46046 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727201AbeIABGN (ORCPT ); Fri, 31 Aug 2018 21:06:13 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 3EBB5ACE8; Fri, 31 Aug 2018 20:56:58 +0000 (UTC) Date: Fri, 31 Aug 2018 22:56:56 +0200 (CEST) From: Jiri Kosina To: Thomas Gleixner , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , "Woodhouse, David" cc: linux-kernel@vger.kernel.org, x86@kernel.org Subject: [PATCH] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Message-ID: User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Kosina STIBP is a feature provided by certain Intel ucodes / CPUs. This feature (once enabled) prevents cross-hyperthread control of decisions made by indirect branch predictors. Enable this feature if - the CPU is vulnerable to spectre v2 - the CPU supports SMT - spectre_v2 mitigation autoselection is enabled (default) After some previous discussion, this patch leaves STIBP on all the time, as wrmsr on crossing kernel boundary is a no-no. This could perhaps later be a bit more optimized (like disabling it in NOHZ, experiment with disabling it in idle, etc) if needed. Cc: stable@vger.kernel.org Signed-off-by: Jiri Kosina --- Let's add the most basic STIBP support, as it has been kind of lost in all the previous noise. arch/x86/kernel/cpu/bugs.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 4c2313d0b9ca..02edf8a6ced7 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -325,6 +325,12 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) return cmd; } +static bool __init stibp_needed(void) +{ + return (cpu_smt_control != CPU_SMT_NOT_SUPPORTED && + boot_cpu_has(X86_FEATURE_STIBP)); +} + static void __init spectre_v2_select_mitigation(void) { enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); @@ -344,6 +350,12 @@ static void __init spectre_v2_select_mitigation(void) case SPECTRE_V2_CMD_FORCE: case SPECTRE_V2_CMD_AUTO: + if (stibp_needed()) { + /* Enable STIBP on SMT-capable systems */ + pr_info("Spectre v2 cross-process SMT mitigation: Enabling STIBP\n"); + x86_spec_ctrl_base |= SPEC_CTRL_STIBP; + wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); + } if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) { mode = SPECTRE_V2_IBRS_ENHANCED; /* Force it so VMEXIT will restore correctly */ -- Jiri Kosina SUSE Labs