Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1161420pxu; Fri, 27 Nov 2020 00:52:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJyj25QlzRZzQnRf5GDg+xOx2gQZzS1jiBeoeCLTPrcvAwpysWRUSiktPp7eHKSA6e8QPxwf X-Received: by 2002:a17:907:720e:: with SMTP id dr14mr6686568ejc.303.1606467129086; Fri, 27 Nov 2020 00:52:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606467129; cv=none; d=google.com; s=arc-20160816; b=k0BxRtrMkFSz7BlWYZWhgbZAqRMP+/7PqXIlLStIqHce2Jt1i5Udn0YynO4VR/1ns1 imoHObnFQOjf2E1cVR09apdK+TxaTpgJkphrDWySunBuiimJ0S1n+6EwptAoX9vrQwPa mkbP+CCz8oEngHRRc6pRQJelbC4yhlqYHnB4l5NwwlNNhFGR2Pl579U8MG9Cg1yeVZfy tddsPafC9BkDnJw13XAzYf5iBA3DKstZFWwJ75ODVsS07Sq3M5U18vg/ewpFrM8sH3b6 vt8jsdILh4++sJNjk01t8jMyG87fK7sithaQ9zdTbGhRFERHLtWfn0gMNvtLWU9l9+8h y1bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=3bVG+jp921Kn3IDRLyCttlpzkz94OI+mhMcdZriiLWY=; b=YHTGPO+PlBkWzP6w8Lvz9dCIakcLlA9nKZSSaIK6oPdV41VJ7iLU/lK13/2m1EsUGT 9RACcjgYppBAmV3lhK0GBDwE+gDEuX2MxYKsois5aOzHCsobqFyVAo+AST1zzLShgXmr Hoob7wlwC77wyLU9ts/LLobHzRBQJjNBatsSMrkUALrnMT9mmQgZekMfRZNWzh3gxQ8R HKC/pSzIx9CdLFgaWcnWFikdnDso3w/6XKdagn/68i99dKpF/cr0sx1DaVDh2TrhP6Sc rByu8hzZ3EWXo767k5CsYNXNXj/Djy8zpudlkYZ/WBV//lZ6v3JEb/gH5llGLmFfV1vu ZIIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=aXHvoNTv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cz7si4197103edb.170.2020.11.27.00.51.46; Fri, 27 Nov 2020 00:52:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=aXHvoNTv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404832AbgK0HAC (ORCPT + 99 others); Fri, 27 Nov 2020 02:00:02 -0500 Received: from smtp-fw-33001.amazon.com ([207.171.190.10]:5454 "EHLO smtp-fw-33001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2392673AbgK0HAB (ORCPT ); Fri, 27 Nov 2020 02:00:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1606460401; x=1637996401; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=3bVG+jp921Kn3IDRLyCttlpzkz94OI+mhMcdZriiLWY=; b=aXHvoNTvVFjh7uPOaIGLOGBd1RJuG1JnxQs9m1zL/iKXuMXkzXAPA52W 8vXoF718qIketR0cRqisSJq6N1V2VPAy0n/dmUdKZ4D6SKzVffa2J0CJW dmIXIPeiCEYCF7zBYG3E3TWSPJFeBbIfxc8o6UgykhBVKoNgD+fIDLT3C k=; X-IronPort-AV: E=Sophos;i="5.78,373,1599523200"; d="scan'208";a="98359479" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-2c-397e131e.us-west-2.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 27 Nov 2020 06:59:55 +0000 Received: from EX13MTAUWB001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198]) by email-inbound-relay-2c-397e131e.us-west-2.amazon.com (Postfix) with ESMTPS id 11930A2559; Fri, 27 Nov 2020 06:59:54 +0000 (UTC) Received: from EX13D01UWB004.ant.amazon.com (10.43.161.157) by EX13MTAUWB001.ant.amazon.com (10.43.161.207) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 27 Nov 2020 06:59:53 +0000 Received: from EX13MTAUEA001.ant.amazon.com (10.43.61.82) by EX13d01UWB004.ant.amazon.com (10.43.161.157) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 27 Nov 2020 06:59:53 +0000 Received: from localhost (10.85.0.203) by mail-relay.amazon.com (10.43.61.243) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 27 Nov 2020 06:59:52 +0000 From: Balbir Singh To: , CC: , , , , , , , , , , Balbir Singh Subject: [PATCH v3 2/5] x86/mm: Refactor cond_ibpb() to support other use cases Date: Fri, 27 Nov 2020 17:59:35 +1100 Message-ID: <20201127065938.8200-3-sblbir@amazon.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20201127065938.8200-1-sblbir@amazon.com> References: <20201127065938.8200-1-sblbir@amazon.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org cond_ibpb() has the necessary bits required to track the previous mm in switch_mm_irqs_off(). This can be reused for other use cases like L1D flushing on context switch. [ tglx: Moved comment, added a separate define for state (re)initialization ] Suggested-by: Thomas Gleixner Signed-off-by: Balbir Singh Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200510014803.12190-4-sblbir@amazon.com Link: https://lore.kernel.org/r/20200729001103.6450-3-sblbir@amazon.com --- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/mm/tlb.c | 53 ++++++++++++++++++--------------- 2 files changed, 30 insertions(+), 25 deletions(-) diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h index 8c87a2e0b660..a927d40664df 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -83,7 +83,7 @@ struct tlb_state { /* Last user mm for optimizing IBPB */ union { struct mm_struct *last_user_mm; - unsigned long last_user_mm_ibpb; + unsigned long last_user_mm_spec; }; u16 loaded_mm_asid; diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 11666ba19b62..ca021e039451 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -42,10 +42,14 @@ */ /* - * Use bit 0 to mangle the TIF_SPEC_IB state into the mm pointer which is - * stored in cpu_tlb_state.last_user_mm_ibpb. + * Bits to mangle the TIF_SPEC_IB state into the mm pointer which is + * stored in cpu_tlb_state.last_user_mm_spec. */ #define LAST_USER_MM_IBPB 0x1UL +#define LAST_USER_MM_SPEC_MASK (LAST_USER_MM_IBPB) + +/* Bits to set when tlbstate and flush is (re)initialized */ +#define LAST_USER_MM_INIT LAST_USER_MM_IBPB /* * The x86 feature is called PCID (Process Context IDentifier). It is similar @@ -316,20 +320,29 @@ void switch_mm(struct mm_struct *prev, struct mm_struct *next, local_irq_restore(flags); } -static inline unsigned long mm_mangle_tif_spec_ib(struct task_struct *next) +static inline unsigned long mm_mangle_tif_spec_bits(struct task_struct *next) { unsigned long next_tif = task_thread_info(next)->flags; - unsigned long ibpb = (next_tif >> TIF_SPEC_IB) & LAST_USER_MM_IBPB; + unsigned long spec_bits = (next_tif >> TIF_SPEC_IB) & LAST_USER_MM_SPEC_MASK; - return (unsigned long)next->mm | ibpb; + return (unsigned long)next->mm | spec_bits; } -static void cond_ibpb(struct task_struct *next) +static void cond_mitigation(struct task_struct *next) { + unsigned long prev_mm, next_mm; + if (!next || !next->mm) return; + next_mm = mm_mangle_tif_spec_bits(next); + prev_mm = this_cpu_read(cpu_tlbstate.last_user_mm_spec); + /* + * Avoid user/user BTB poisoning by flushing the branch predictor + * when switching between processes. This stops one process from + * doing Spectre-v2 attacks on another. + * * Both, the conditional and the always IBPB mode use the mm * pointer to avoid the IBPB when switching between tasks of the * same process. Using the mm pointer instead of mm->context.ctx_id @@ -339,8 +352,6 @@ static void cond_ibpb(struct task_struct *next) * exposed data is not really interesting. */ if (static_branch_likely(&switch_mm_cond_ibpb)) { - unsigned long prev_mm, next_mm; - /* * This is a bit more complex than the always mode because * it has to handle two cases: @@ -370,20 +381,14 @@ static void cond_ibpb(struct task_struct *next) * Optimize this with reasonably small overhead for the * above cases. Mangle the TIF_SPEC_IB bit into the mm * pointer of the incoming task which is stored in - * cpu_tlbstate.last_user_mm_ibpb for comparison. - */ - next_mm = mm_mangle_tif_spec_ib(next); - prev_mm = this_cpu_read(cpu_tlbstate.last_user_mm_ibpb); - - /* + * cpu_tlbstate.last_user_mm_spec for comparison. + * * Issue IBPB only if the mm's are different and one or * both have the IBPB bit set. */ if (next_mm != prev_mm && (next_mm | prev_mm) & LAST_USER_MM_IBPB) indirect_branch_prediction_barrier(); - - this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, next_mm); } if (static_branch_unlikely(&switch_mm_always_ibpb)) { @@ -392,11 +397,12 @@ static void cond_ibpb(struct task_struct *next) * different context than the user space task which ran * last on this CPU. */ - if (this_cpu_read(cpu_tlbstate.last_user_mm) != next->mm) { + if ((prev_mm & ~LAST_USER_MM_SPEC_MASK) != + (unsigned long)next->mm) indirect_branch_prediction_barrier(); - this_cpu_write(cpu_tlbstate.last_user_mm, next->mm); - } } + + this_cpu_write(cpu_tlbstate.last_user_mm_spec, next_mm); } #ifdef CONFIG_PERF_EVENTS @@ -518,11 +524,10 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, need_flush = true; } else { /* - * Avoid user/user BTB poisoning by flushing the branch - * predictor when switching between processes. This stops - * one process from doing Spectre-v2 attacks on another. + * Apply process to process speculation vulnerability + * mitigations if applicable. */ - cond_ibpb(tsk); + cond_mitigation(tsk); /* * Stop remote flushes for the previous mm. @@ -630,7 +635,7 @@ void initialize_tlbstate_and_flush(void) write_cr3(build_cr3(mm->pgd, 0)); /* Reinitialize tlbstate. */ - this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, LAST_USER_MM_IBPB); + this_cpu_write(cpu_tlbstate.last_user_mm_spec, LAST_USER_MM_INIT); this_cpu_write(cpu_tlbstate.loaded_mm_asid, 0); this_cpu_write(cpu_tlbstate.next_asid, 1); this_cpu_write(cpu_tlbstate.ctxs[0].ctx_id, mm->context.ctx_id); -- 2.17.1