Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp993688ybt; Fri, 19 Jun 2020 20:55:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzDs+ewFx1fozgRap2vlgCOCsrfYz8CRfy4VQ7esSIdT378iW/sWFImNfeOc5uacuzy/NPv X-Received: by 2002:a50:d0dc:: with SMTP id g28mr6532870edf.71.1592625308805; Fri, 19 Jun 2020 20:55:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592625308; cv=none; d=google.com; s=arc-20160816; b=oGjsxmrg9ghoseqpiBkjh5Qxs6BNEcYWUS1qVysGVnQN8gx5Tpf/1CpOTPyTJY5lB6 WNYkoafE5HNE3FTLUlvjcG5SXFK41nD4ylbN7AXOrEubaocLXCsAJb+fdRHWL+3Y64rA Bt5FlI2Db1GGEqPHNI1CrFV1qnRwpLkFR9ECXoFtIPtuQwc2ynFlPeJKsWQ2fu9aZU8Y eYQPxeYQHwclVgEsRvLQK6LWWb7RYGW0NQi6cmX7XeBh3JhxjeZUdXj2cdwpTVlghU8R Dw6qFPhMtY3rWipU3myO+5aXxijTrOxju+6w1FQXJnVnkJbjbJwmjoPSWHWjyvCMqNXF KEGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=mUflRMYDJGnprbW5A34Zg/xtcPE4IVc2gehlncCUcpE=; b=FaJTnk3B9HmLgRqveM3R8QxTntM2iStVfIf4sl5zHUI1qs1WNUt9oRu+G0OWdHfmta KWoXuabdxopLadGf4L9D0HCMULS0obOhEFo2g/cr7idlKZcyaQW8LtATblklajff3ktV K5GxxdGkQj4Qcwo91shQ1PzFe4qyhWVHGIm2/pJqEbtMfYvi0iG1XPQK1ZIlUNZUQ+z0 enhDxIMYHYhWIhpmmp1/O5kRWkM74DdpkzyV7Qwhrt4B9MpJYXQ1gAyfJnU/4lV3VueE dC2id8HaAZSpC9J2MZRP553ydQLDHIRaIse8HqvNxKHwmReEwsZBzBSy7bVPwy4mDqeT kFfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bRKdxVMA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n22si4967616edy.377.2020.06.19.20.54.46; Fri, 19 Jun 2020 20:55:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bRKdxVMA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2393963AbgFSQ07 (ORCPT + 99 others); Fri, 19 Jun 2020 12:26:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:51622 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390094AbgFSO4h (ORCPT ); Fri, 19 Jun 2020 10:56:37 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E20B92158C; Fri, 19 Jun 2020 14:56:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592578596; bh=MLF7YZWtnpDe0ee6OzSgyNixRgqBvxn+l1+6Xy2YPSY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bRKdxVMA6Oa6+fjJkjd2k0szTHgx7DzRv8zVxBD18rYgRTFeGyU/CFFp2rlfrnzuv NbpG3aeMitRLDAakY2k3cSaD/Id3OCl81Pj9fVgWLtkZASwS6cge3cDuC8sZYPQKZU Kn2ausNEfxfgijzjj8/H9lRsKOJEOHJaMCqKt7P8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tom Lendacky , Thomas Gleixner , Andrea Arcangeli , Konrad Rzeszutek Wilk , Jiri Kosina , Borislav Petkov , Tim Chen , David Woodhouse , Sasha Levin Subject: [PATCH 4.19 055/267] x86/speculation: Add support for STIBP always-on preferred mode Date: Fri, 19 Jun 2020 16:30:40 +0200 Message-Id: <20200619141651.515880186@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200619141648.840376470@linuxfoundation.org> References: <20200619141648.840376470@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Lendacky [ Upstream commit 20c3a2c33e9fdc82e9e8e8d2a6445b3256d20191 ] Different AMD processors may have different implementations of STIBP. When STIBP is conditionally enabled, some implementations would benefit from having STIBP always on instead of toggling the STIBP bit through MSR writes. This preference is advertised through a CPUID feature bit. When conditional STIBP support is requested at boot and the CPU advertises STIBP always-on mode as preferred, switch to STIBP "on" support. To show that this transition has occurred, create a new spectre_v2_user_mitigation value and a new spectre_v2_user_strings message. The new mitigation value is used in spectre_v2_user_select_mitigation() to print the new mitigation message as well as to return a new string from stibp_state(). Signed-off-by: Tom Lendacky Signed-off-by: Thomas Gleixner Cc: Andrea Arcangeli Cc: Konrad Rzeszutek Wilk Cc: Jiri Kosina Cc: Borislav Petkov Cc: Tim Chen Cc: David Woodhouse Link: https://lkml.kernel.org/r/20181213230352.6937.74943.stgit@tlendack-t1.amdoffice.net Signed-off-by: Sasha Levin --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/nospec-branch.h | 1 + arch/x86/kernel/cpu/bugs.c | 28 ++++++++++++++++++++++------ 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 9f03ac233566..f7f9604b10cc 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -291,6 +291,7 @@ #define X86_FEATURE_AMD_IBPB (13*32+12) /* "" Indirect Branch Prediction Barrier */ #define X86_FEATURE_AMD_IBRS (13*32+14) /* "" Indirect Branch Restricted Speculation */ #define X86_FEATURE_AMD_STIBP (13*32+15) /* "" Single Thread Indirect Branch Predictors */ +#define X86_FEATURE_AMD_STIBP_ALWAYS_ON (13*32+17) /* "" Single Thread Indirect Branch Predictors always-on preferred */ #define X86_FEATURE_AMD_SSBD (13*32+24) /* "" Speculative Store Bypass Disable */ #define X86_FEATURE_VIRT_SSBD (13*32+25) /* Virtualized Speculative Store Bypass Disable */ #define X86_FEATURE_AMD_SSB_NO (13*32+26) /* "" Speculative Store Bypass is fixed in hardware. */ diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 09c7466c4880..e3f70c60e8cc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -232,6 +232,7 @@ enum spectre_v2_mitigation { enum spectre_v2_user_mitigation { SPECTRE_V2_USER_NONE, SPECTRE_V2_USER_STRICT, + SPECTRE_V2_USER_STRICT_PREFERRED, SPECTRE_V2_USER_PRCTL, SPECTRE_V2_USER_SECCOMP, }; diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0ea87f9095f0..1f1f342574a2 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -633,10 +633,11 @@ enum spectre_v2_user_cmd { }; static const char * const spectre_v2_user_strings[] = { - [SPECTRE_V2_USER_NONE] = "User space: Vulnerable", - [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection", - [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl", - [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl", + [SPECTRE_V2_USER_NONE] = "User space: Vulnerable", + [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection", + [SPECTRE_V2_USER_STRICT_PREFERRED] = "User space: Mitigation: STIBP always-on protection", + [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl", + [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl", }; static const struct { @@ -726,6 +727,15 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) break; } + /* + * At this point, an STIBP mode other than "off" has been set. + * If STIBP support is not being forced, check if STIBP always-on + * is preferred. + */ + if (mode != SPECTRE_V2_USER_STRICT && + boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON)) + mode = SPECTRE_V2_USER_STRICT_PREFERRED; + /* Initialize Indirect Branch Prediction Barrier */ if (boot_cpu_has(X86_FEATURE_IBPB)) { setup_force_cpu_cap(X86_FEATURE_USE_IBPB); @@ -999,6 +1009,7 @@ void arch_smt_update(void) case SPECTRE_V2_USER_NONE: break; case SPECTRE_V2_USER_STRICT: + case SPECTRE_V2_USER_STRICT_PREFERRED: update_stibp_strict(); break; case SPECTRE_V2_USER_PRCTL: @@ -1233,7 +1244,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) * Indirect branch speculation is always disabled in strict * mode. */ - if (spectre_v2_user == SPECTRE_V2_USER_STRICT) + if (spectre_v2_user == SPECTRE_V2_USER_STRICT || + spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED) return -EPERM; task_clear_spec_ib_disable(task); task_update_spec_tif(task); @@ -1246,7 +1258,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) */ if (spectre_v2_user == SPECTRE_V2_USER_NONE) return -EPERM; - if (spectre_v2_user == SPECTRE_V2_USER_STRICT) + if (spectre_v2_user == SPECTRE_V2_USER_STRICT || + spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED) return 0; task_set_spec_ib_disable(task); if (ctrl == PR_SPEC_FORCE_DISABLE) @@ -1317,6 +1330,7 @@ static int ib_prctl_get(struct task_struct *task) return PR_SPEC_PRCTL | PR_SPEC_DISABLE; return PR_SPEC_PRCTL | PR_SPEC_ENABLE; case SPECTRE_V2_USER_STRICT: + case SPECTRE_V2_USER_STRICT_PREFERRED: return PR_SPEC_DISABLE; default: return PR_SPEC_NOT_AFFECTED; @@ -1564,6 +1578,8 @@ static char *stibp_state(void) return ", STIBP: disabled"; case SPECTRE_V2_USER_STRICT: return ", STIBP: forced"; + case SPECTRE_V2_USER_STRICT_PREFERRED: + return ", STIBP: always-on"; case SPECTRE_V2_USER_PRCTL: case SPECTRE_V2_USER_SECCOMP: if (static_key_enabled(&switch_to_cond_stibp)) -- 2.25.1