Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1048461imw; Thu, 14 Jul 2022 16:17:13 -0700 (PDT) X-Google-Smtp-Source: AGRyM1v3ls54M/2lEU35bMs6iAkAyZ/8NKVKlGdbtfGx70MEZUbE6I+Ro5SpVk9wkTGkUqY+JCBF X-Received: by 2002:a05:6808:1450:b0:339:bf2c:4d52 with SMTP id x16-20020a056808145000b00339bf2c4d52mr5588929oiv.56.1657840633004; Thu, 14 Jul 2022 16:17:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657840632; cv=none; d=google.com; s=arc-20160816; b=AvzBxlRpkKp3A0X1hHWnmrB+i4jf7dmvBZ4MNeNwXaoknxUzsSlyOQDsqcMAlpV4R+ 9HnfdvCkdKqfpSIGzcESFq3/r47A30AV2lXZLzUA4VBduKoi2wwEQ6gW4SSzaJlA1vvC RXXEUr3LseebWAyUle26CuEgwUcu/bpFwSMz8D0dISP6yEMFTvprZFv7nDlIsR01aofN pEAuehBov4WL9nb08s4YWyapWrLs//DaQLoi/jb16as/thuHJJT32PN+TKdWKhltTFny J51jbL2JPnd/a4s7sOgCaPY4hT2u3hDlOxgh/ySgo87FjP0G1YufRv8FamFdWkXzLKxY pWmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6KA0gef8naUX0W4bRAuJDWJ+IHCcxKX/COLqHt3pc3s=; b=cJBdWyRdY3WW0zF1NB3wSDwStnp2HXEL/e+OqGR/R+eVUT6gPwTKFCKn9G7djpQP8G iMm330rXoZYKBXsZYqM70Zxta3LTmC2ocNp5UucQfdz1lspSPcVAfG+B7E9f2E0GCEMd 74LKlpdV66HH5vuJ1fgTMelmL+dOZruYECDEW3exYV7figH1zjf/eX3z5ResgwReDipe hgU83vDWE/aBoCE6teCKCPkvRyWU8crZ2ge7CxuaqHxgrcTrqBDceoXvhOQTuR8+nFWt /HzJ4m7l9dWuarh3c+/fc4oEiAHdT3DEm0PPoj2XnZOczD5p0PP15VC+DAmKFJ9mPgXS Z7sQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=V90tkd6f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bb32-20020a056820162000b00425cf0a4d9asi2918373oob.75.2022.07.14.16.16.59; Thu, 14 Jul 2022 16:17:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=V90tkd6f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240618AbiGNXPi (ORCPT + 99 others); Thu, 14 Jul 2022 19:15:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229481AbiGNXPh (ORCPT ); Thu, 14 Jul 2022 19:15:37 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 937AD70E52; Thu, 14 Jul 2022 16:15:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1657840536; x=1689376536; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=H72vDAfPb/FZ8kn2h1SLYLPaWmLyKQvlwofVuzFDncI=; b=V90tkd6ftmY8KikbwIimUrh8Q0SqrRur5Nr8gQD3gG0fnbIhEv4UaYxQ nNM0eZDHHQ4vFqC7aFZFa3j02F7VJIRsubh3Or2/deTgQBcB+hCNDafgL TTd6qNg+h5kHlutl99rlvB5iNx3Gkq/KUkb3Yi2hKjjBmxFXR7sKOkcgh zyRNSTA+0NnMnS82/yz+zk5pvOQ6SNG0VEW04Gr8NvLtpouMjWDUAyHk1 3fP6zs3RkVijNuMS3UcEzE4nwW/gI7F+PFYiXGoxNz39kvLkZGC7uJUCK gFOdszqyD/rgWuhG/yExcgNVmCHnq9jNNA28W0kJVkmmltvyIS8/1fFn9 Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10408"; a="286390807" X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="286390807" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2022 16:15:36 -0700 X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="546446644" Received: from jacobode-mobl.amr.corp.intel.com (HELO desk) ([10.212.243.89]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2022 16:15:35 -0700 Date: Thu, 14 Jul 2022 16:15:35 -0700 From: Pawan Gupta To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Daniel Sneddon , antonio.gomez.iglesias@linux.intel.com, Josh Poimboeuf Subject: [PATCH v2] x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts Message-ID: <2a5eaf54583c2bfe0edc4fea64006656256cca17.1657814857.git.pawan.kumar.gupta@linux.intel.com> References: <0456b35fb9ef957d9a9138e0913fb1a3fd445dff.1657747493.git.pawan.kumar.gupta@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <0456b35fb9ef957d9a9138e0913fb1a3fd445dff.1657747493.git.pawan.kumar.gupta@linux.intel.com> X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org IBRS mitigation for spectre_v2 forces write to MSR_IA32_SPEC_CTRL at every kernel entry/exit. On Enhanced IBRS parts setting MSR_IA32_SPEC_CTRL[IBRS] only once at boot is sufficient. MSR writes at every kernel entry/exit incur unnecessary performance loss. When Enhanced IBRS feature is present, print a warning about this unnecessary performance loss. Signed-off-by: Pawan Gupta --- v1->v2: Instead of changing the mitigation, print a warning about the perf loss. v1: https://lore.kernel.org/lkml/0456b35fb9ef957d9a9138e0913fb1a3fd445dff.1657747493.git.pawan.kumar.gupta@linux.intel.com/ arch/x86/kernel/cpu/bugs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0dd04713434b..1c54fad3c54b 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -975,6 +975,7 @@ static inline const char *spectre_v2_module_string(void) { return ""; } #define SPECTRE_V2_LFENCE_MSG "WARNING: LFENCE mitigation is not recommended for this CPU, data leaks possible!\n" #define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n" #define SPECTRE_V2_EIBRS_LFENCE_EBPF_SMT_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS+LFENCE mitigation and SMT, data leaks possible via Spectre v2 BHB attacks!\n" +#define SPECTRE_V2_IBRS_PERF_MSG "WARNING: IBRS mitigation selected on Enhanced IBRS CPU, this may cause unnecessary performance loss\n" #ifdef CONFIG_BPF_SYSCALL void unpriv_ebpf_notify(int new_state) @@ -1415,6 +1416,8 @@ static void __init spectre_v2_select_mitigation(void) case SPECTRE_V2_IBRS: setup_force_cpu_cap(X86_FEATURE_KERNEL_IBRS); + if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) + pr_warn(SPECTRE_V2_IBRS_PERF_MSG); break; case SPECTRE_V2_LFENCE: base-commit: 4a57a8400075bc5287c5c877702c68aeae2a033d -- 2.35.3