Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp253884imu; Tue, 27 Nov 2018 11:54:04 -0800 (PST) X-Google-Smtp-Source: AJdET5dzP7Ttb5YWXFFadXOfKhIeTmqkFf45EruWuvCg/FWG/HNuOcpy6q9Nz03tFOoU/ITK2wg2 X-Received: by 2002:a62:1b50:: with SMTP id b77mr34471528pfb.36.1543348443944; Tue, 27 Nov 2018 11:54:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543348443; cv=none; d=google.com; s=arc-20160816; b=F3cqeuurYWLAxayC6bzE84K0Tb1JTQCr1KqPLziNvA/Xw/aeOx1JYm7JNnB5ai03c5 G+cF2tyDC2oR7Gbf6kY2QArWIuACkF44V2GA487U57fj6SHFYbEF+LNQW+MsPURYCbgR Bd/ztlq4CGbrSnSuZM6m2pcjpspprNemHMSY5If0Y7iC7gIY/qKME16TXZwesohxra5n gWyIzqfIOCLd0AYaioeFqerrTlXzPLUPxKFC48SuDiuVcOuF5Ct08tsSb9odo1aUY8CK NT8noGRLzTsHhpSmO5g1Zc7tFUY7kfZxFrY44g9DRE6dtVXMIxLFFpzlWZOfw0i2xylH oK3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject; bh=OQl/hpfQ6YqcTtHgtlA6eXtJ6fStVV6Qqrek2SAekGU=; b=sCFmPk3IbNn6vfVSDplZVImjGugmhgI4GpkOWEYrXnJMwNZFogRuJQJVVyYXvv5yZb NwvqM25H+kuVsxG4Szbg0t4RW0o39TAVcUAzu4T4tVVcORKSj8UFDy2YQA0QiAepbkB+ qoT2/hBYOlAS5bo22blmAZis0c1p2U16B6+4JSoqbLzirWedXF7YIACWmynw5deroOlI JzJmBG2ghq19eStK9m6tQ87XbSPjVldsadVuXjwse53ySaw9kygP+AYHiDAW3EeWT/dO Ba8OMkNPbn7bZVzOFXPR02ASGg9fEg0U5QaonU1NFZ9LQQ+R1SVE87E5vZ7XGjnKS1Ns 3vHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p8si4543280plk.263.2018.11.27.11.53.47; Tue, 27 Nov 2018 11:54:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726462AbeK1Gul (ORCPT + 99 others); Wed, 28 Nov 2018 01:50:41 -0500 Received: from mga01.intel.com ([192.55.52.88]:37190 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725883AbeK1Guk (ORCPT ); Wed, 28 Nov 2018 01:50:40 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Nov 2018 11:51:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,287,1539673200"; d="scan'208";a="94866875" Received: from schen9-desk.jf.intel.com (HELO [10.54.74.144]) ([10.54.74.144]) by orsmga006.jf.intel.com with ESMTP; 27 Nov 2018 11:51:41 -0800 Subject: Re: [patch V2 18/28] x86/speculation: Prepare for per task indirect branch speculation control To: "Lendacky, Thomas" , Thomas Gleixner , LKML Cc: "x86@kernel.org" , Peter Zijlstra , Andy Lutomirski , Linus Torvalds , Jiri Kosina , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Andi Kleen , Dave Hansen , Casey Schaufler , Asit Mallick , Arjan van de Ven , Jon Masters , Waiman Long , Greg KH , Dave Stewart , Kees Cook References: <20181125183328.318175777@linutronix.de> <20181125185005.176917199@linutronix.de> <7ec59a1a-4caf-24f6-3466-ee1d01594861@amd.com> From: Tim Chen Openpgp: preference=signencrypt Autocrypt: addr=tim.c.chen@linux.intel.com; prefer-encrypt=mutual; keydata= xsFNBE6ONugBEAC1c8laQ2QrezbYFetwrzD0v8rOqanj5X1jkySQr3hm/rqVcDJudcfdSMv0 BNCCjt2dofFxVfRL0G8eQR4qoSgzDGDzoFva3NjTJ/34TlK9MMouLY7X5x3sXdZtrV4zhKGv 3Rt2osfARdH3QDoTUHujhQxlcPk7cwjTXe4o3aHIFbcIBUmxhqPaz3AMfdCqbhd7uWe9MAZX 7M9vk6PboyO4PgZRAs5lWRoD4ZfROtSViX49KEkO7BDClacVsODITpiaWtZVDxkYUX/D9OxG AkxmqrCxZxxZHDQos1SnS08aKD0QITm/LWQtwx1y0P4GGMXRlIAQE4rK69BDvzSaLB45ppOw AO7kw8aR3eu/sW8p016dx34bUFFTwbILJFvazpvRImdjmZGcTcvRd8QgmhNV5INyGwtfA8sn L4V13aZNZA9eWd+iuB8qZfoFiyAeHNWzLX/Moi8hB7LxFuEGnvbxYByRS83jsxjH2Bd49bTi XOsAY/YyGj6gl8KkjSbKOkj0IRy28nLisFdGBvgeQrvaLaA06VexptmrLjp1Qtyesw6zIJeP oHUImJltjPjFvyfkuIPfVIB87kukpB78bhSRA5mC365LsLRl+nrX7SauEo8b7MX0qbW9pg0f wsiyCCK0ioTTm4IWL2wiDB7PeiJSsViBORNKoxA093B42BWFJQARAQABzTRUaW0gQ2hlbiAo d29yayByZWxhdGVkKSA8dGltLmMuY2hlbkBsaW51eC5pbnRlbC5jb20+wsF+BBMBAgAoAhsD BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCWfPBPgUJDyfxUQAKCRCiZ7WKota4SReFEACa 5ruzJM/hXJguHJY8i95rxHfLOgE7QoDgsR2aK2C1BSu84StTcT9BMikndQ0em28mpd1zROCs FvJ8Dzpp923699FU7s70+bFG9zIWtAOLWt2QyIMYImILzKkzkyLZo2RTcLNdUWS5fkAtjspQ QPg29W+kcbX1NhB6WDdbvk2HNeZoDh4A5ucOzKjEPqbSFIbw2Wt3RUmXxezjH1NzZG3fMkEN cT7JezYhUxvi2PrJlD+mo26q2/PQmFgF49tneRJXmYyie5o2+ClfFVO9I6Rd1k7hS9uXQLg3 udpnDKobNYZ7/+O5+ucp0Y/MwzTfBYmtJ5fBjUTi2L1RMDJee8WqCNY1VU6cQ8MD4KstxUp2 bxlSRAYaDtNa1Omr61E7BA1Cc2E3cIt/O1mMfudWUjCND8qrAtEnugqKjk5tJJZzmzIKSHPY dCiJtOBQaVAYYchXF2hwOKhpFS43V4FdWLlM1CnFXsmbk48hGbiA8XHU85JBCXmG0i4qUlKn x2ilChvq4A102ahnlGbEmFaSwxuqR/5lhai6lOkwHXDFUT6jblaSs24L3MTn/vXtvwaLEEKh SPzNaj7yFvEhrJoLiZmDm0SZuPbQ+wrmPWUbzyf5te2Oq0JyrHTQJoQqn+CwGqwF/JaUq60f VuUD3T0icgsfljsOA4apyH7kyfxXGP0hOM7BTQROjjboARAAx+LxKhznLH0RFvuBEGTcntrC 3S0tpYmVsuWbdWr2ZL9VqZmXh6UWb0K7w7OpPNW1FiaWtVLnG1nuMmBJhE5jpYsi+yU8sbMA 5BEiQn2hUo0k5eww5/oiyNI9H7vql9h628JhYd9T1CcDMghTNOKfCPNGzQ8Js33cFnszqL4I N9jh+qdg5FnMHs/+oBNtlvNjD1dQdM6gm8WLhFttXNPn7nRUPuLQxTqbuoPgoTmxUxR3/M5A KDjntKEdYZziBYfQJkvfLJdnRZnuHvXhO2EU1/7bAhdz7nULZktw9j1Sp9zRYfKRnQdIvXXa jHkOn3N41n0zjoKV1J1KpAH3UcVfOmnTj+u6iVMW5dkxLo07CddJDaayXtCBSmmd90OG0Odx cq9VaIu/DOQJ8OZU3JORiuuq40jlFsF1fy7nZSvQFsJlSmHkb+cDMZDc1yk0ko65girmNjMF hsAdVYfVsqS1TJrnengBgbPgesYO5eY0Tm3+0pa07EkONsxnzyWJDn4fh/eA6IEUo2JrOrex O6cRBNv9dwrUfJbMgzFeKdoyq/Zwe9QmdStkFpoh9036iWsj6Nt58NhXP8WDHOfBg9o86z9O VMZMC2Q0r6pGm7L0yHmPiixrxWdW0dGKvTHu/DH/ORUrjBYYeMsCc4jWoUt4Xq49LX98KDGN dhkZDGwKnAUAEQEAAcLBZQQYAQIADwIbDAUCVEAL2AUJC1VvawAKCRCiZ7WKota4SWWrD/9L 4H3kHUR9qPTfSpwFBV0+PspkpMQmRQ9cQauIRXL+qIqCYfx48Jz/WZkq47COhY4d1tAvX4qv lviIoCwShAHhVkxD2rWFpa6Yang7cyPDjS6sNChsZ9aTAP0zX4LLHN8ub5LwCcU9JA4Avwdy NDSeeSeqNq9QOvVd2bDmyHxgVv4zRgLTNPH28hXAnDODy0wCJWg53PWvlp35XfWdIsC0ZAPK vgA1Bh+FYYKfT8Uzj8J/SYH+chmeYMt+8Y+FZa+NybivWJg6+UaJ2fCTuKCc7TgqLneBudox izWQMnBso0tHOT6+ju+L+ewPWc0OrJdKJeadrE2T1E949vMup5jG0lJLeSpBNmELODNL0xz6 Erjs/pwX7cYGKUbJfBaQcC9frPfpWfSqnK5X+12HFDxAxquXKC4ejBJOhbo3xx0sziiPTC3m 4LvLkEa9evQNtMvRcnWY5qIC4YdT5waC0stYNpyCiBXpYArKYCmlra3xpgAe0MRL94PHU4UW yxxdxRubFYna9LeNcWL7C0w2ngg1jd0tjRjLnimrOL8rSVUzwjNSQOV37tWTueTr40M/SfjU B6bifflZQpeSY8IpqzKqB0vvxo2xD0rU7JqUh7rW8U6rg2JEzVgYiHS4cf/vJMHuauHAjH7a ys7DYlLhlOVo3o0jOor4xuZPrWbSp4w51sLBZQQYAQIADwIbDAUCWfPBJQUJDyfxOAAKCRCi Z7WKota4SZKQD/wLu3j8kgATic+wF3ekngjwPcW3JhbQJeHxUZwsb9OgVMHumlrZHGoltKQu FfAhG/sOfuAh5f7QMzzA1M+2JD1Q6lr74vUHNBu+xBFMgZstE6hpkKmn0pNZ5JS3iZRVRLBx dWw63DYr0GM80vmbHjAhwxoF2PsO2/PkWTc68+pFyl3Dy0heZSJii81hkzh8FnF8CaMH0VXu MJoWyuYgnC058hHj0QqXvlNx9LzMtmrsskTmPvwqXTgG/dTEfTkQ4RfX3enrBy55cg9tMc88 BEQ/0/JV1bCDwyWXKRpz6FsHbICGQ4G9TTD4pS5QJ+oRQccMjfiDM3rFTcG1RYP2lHXjSm9c 0VnimpQBz3LarrdHJilmTHbAWf5KLmtWfYXHrlncnhnCtw2nfwBBdy8cQW4tUyniSVRLOwGm eJziyuPJ5SVVZcil2oN5/o7js7BYAeAV/WVF2Sk/blnXaaObIYIVqnDhV4N0oUz1KXq1Leem Uvjo5rljmmhOBdgl6D0scXCWICbuuWN9eW2fZl38hBSI3M0MX0jnV2e+0FY+76iNmKadpTDw gY3OaQAZ/UlJVI+pRV4JtRrajtpo9Vb38SBPXwp9moWmwVQyIdFUXjCTQARvxjRsUoPVu9oA SCd9W74oOgrqC1hadvVU867d07PlWksfYwCeYP4bs+4GSLzI1w== Message-ID: Date: Tue, 27 Nov 2018 11:51:41 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <7ec59a1a-4caf-24f6-3466-ee1d01594861@amd.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/27/2018 09:25 AM, Lendacky, Thomas wrote: >> --- a/arch/x86/kernel/cpu/bugs.c >> +++ b/arch/x86/kernel/cpu/bugs.c >> @@ -148,6 +148,10 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, >> static_cpu_has(X86_FEATURE_AMD_SSBD)) >> hostval |= ssbd_tif_to_spec_ctrl(ti->flags); >> >> + /* Conditional STIBP enabled? */ >> + if (static_branch_unlikely(&switch_to_cond_stibp)) >> + hostval |= stibp_tif_to_spec_ctrl(ti->flags); >> + >> if (hostval != guestval) { >> msrval = setguest ? guestval : hostval; >> wrmsrl(MSR_IA32_SPEC_CTRL, msrval); >> --- a/arch/x86/kernel/process.c >> +++ b/arch/x86/kernel/process.c >> @@ -406,6 +406,11 @@ static __always_inline void spec_ctrl_up >> if (static_cpu_has(X86_FEATURE_SSBD)) >> msr |= ssbd_tif_to_spec_ctrl(tifn); > > I did some quick testing and found my original logic was flawed. Since > spec_ctrl_update_msr() can now be called for STIBP, an additional check > is needed to set the SSBD MSR bit. > > Both X86_FEATURE_VIRT_SSBD and X86_FEATURE_LS_CFG_SSBD cause > X86_FEATURE_SSBD to be set. Before this patch, spec_ctrl_update_msr() was > only called if X86_FEATURE_SSBD was set and one of the other SSBD features > wasn't set. But now, STIBP can cause spec_ctrl_update_msr() to get called > and cause the SSBD MSR bit to be set when it shouldn't (could result in > a GP fault). > I think it will be cleaner just to fold the msr update into __speculation_ctrl_update to fix this issue. Something like this perhaps. Thanks. Tim --- diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 3f5e351..614ec51 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -398,25 +398,6 @@ static __always_inline void amd_set_ssb_virt_state(unsigned long tifn) wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn)); } -static __always_inline void spec_ctrl_update_msr(unsigned long tifn) -{ - u64 msr = x86_spec_ctrl_base; - - /* - * If X86_FEATURE_SSBD is not set, the SSBD bit is not to be - * touched. - */ - if (static_cpu_has(X86_FEATURE_SSBD)) - msr |= ssbd_tif_to_spec_ctrl(tifn); - - /* Only evaluate if conditional STIBP is enabled */ - if (IS_ENABLED(CONFIG_SMP) && - static_branch_unlikely(&switch_to_cond_stibp)) - msr |= stibp_tif_to_spec_ctrl(tifn); - - wrmsrl(MSR_IA32_SPEC_CTRL, msr); -} - /* * Update the MSRs managing speculation control, during context switch. * @@ -428,6 +409,7 @@ static __always_inline void __speculation_ctrl_update(unsigned long tifp, { unsigned long tif_diff = tifp ^ tifn; bool updmsr = false; + u64 msr = x86_spec_ctrl_base; /* * If TIF_SSBD is different, select the proper mitigation @@ -440,8 +422,10 @@ static __always_inline void __speculation_ctrl_update(unsigned long tifp, amd_set_ssb_virt_state(tifn); else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) amd_set_core_ssb_state(tifn); - else if (static_cpu_has(X86_FEATURE_SSBD)) + else if (static_cpu_has(X86_FEATURE_SSBD)) { updmsr = true; + msr |= ssbd_tif_to_spec_ctrl(tifn); + } } /* @@ -449,11 +433,13 @@ static __always_inline void __speculation_ctrl_update(unsigned long tifp, * otherwise avoid the MSR write. */ if (IS_ENABLED(CONFIG_SMP) && - static_branch_unlikely(&switch_to_cond_stibp)) + static_branch_unlikely(&switch_to_cond_stibp)) { updmsr |= !!(tif_diff & _TIF_SPEC_IB); + msr |= stibp_tif_to_spec_ctrl(tifn); + } if (updmsr) - spec_ctrl_update_msr(tifn); + wrmsrl(MSR_IA32_SPEC_CTRL, msr); } void speculation_ctrl_update(unsigned long tif)