Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDCCAC61DA4 for ; Wed, 22 Feb 2023 08:25:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231303AbjBVIZ6 (ORCPT ); Wed, 22 Feb 2023 03:25:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230482AbjBVIZ5 (ORCPT ); Wed, 22 Feb 2023 03:25:57 -0500 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C844C34F65; Wed, 22 Feb 2023 00:25:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1677054355; x=1708590355; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=DRwoo1lNoGt487S0GcnC+Sdud16AUBOCSqLzv6WHOqY=; b=kSRwSh0RrSI7DnnSwJVa/BgR28bcNzqW1C/9tJpsvTTzCIMTYyhK/73F PWj8aBT1cswjs+K2v4XkZ6uuxnHC8POMWjz4YVDGrixxDCUaQsGIjmk+P KPX+kZsddnzjYTpHSSi3Z9LXv2mVSK5xs88B6tfYZvRqqsS4lzf+mQEq7 OiDBLVjwM6VFi9T+vovwEfoQUe8zPipj+dA79E3lWoegfZ1tc8dgLA2Ue nKAl/sFI2pXQqSM9szD5cDDpjgt/T+qZ//hUmNYe/enINFGaZSBafWCxK xd1sVMxIDRdzXSLi0WTpQUlJxivDqdie3+0vFlSKHbzv3EMoC1nykEgI/ g==; X-IronPort-AV: E=McAfee;i="6500,9779,10628"; a="312490285" X-IronPort-AV: E=Sophos;i="5.97,318,1669104000"; d="scan'208";a="312490285" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2023 00:25:55 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10628"; a="781343745" X-IronPort-AV: E=Sophos;i="5.97,318,1669104000"; d="scan'208";a="781343745" Received: from jrust-mobl.amr.corp.intel.com (HELO desk) ([10.251.9.236]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2023 00:25:54 -0800 Date: Wed, 22 Feb 2023 00:25:42 -0800 From: Pawan Gupta To: KP Singh Cc: linux-kernel@vger.kernel.org, pjt@google.com, evn@google.com, jpoimboe@kernel.org, tglx@linutronix.de, x86@kernel.org, hpa@zytor.com, peterz@infradead.org, kim.phillips@amd.com, alexandre.chartre@oracle.com, daniel.sneddon@linux.intel.com, corbet@lwn.net, bp@alien8.de, linyujun809@huawei.com, jmattson@google.com, =?utf-8?B?Sm9zw6k=?= Oliveira , Rodrigo Branco , Alexandra Sandulescu , stable@vger.kernel.org Subject: Re: [PATCH v2 1/2] x86/speculation: Allow enabling STIBP with legacy IBRS Message-ID: <20230222082542.bjgwgydfdswkqwre@desk> References: <20230221184908.2349578-1-kpsingh@kernel.org> <20230222030728.v4ldlndtnx6gqd6x@desk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 21, 2023 at 09:49:57PM -0800, KP Singh wrote: > > > @@ -1193,13 +1209,8 @@ spectre_v2_user_select_mitigation(void) > > > "always-on" : "conditional"); > > > } > > > > > > - /* > > > - * If no STIBP, IBRS or enhanced IBRS is enabled, or SMT impossible, > > > - * STIBP is not required. > > > - */ > > > - if (!boot_cpu_has(X86_FEATURE_STIBP) || > > > - !smt_possible || > > > - spectre_v2_in_ibrs_mode(spectre_v2_enabled)) > > > + if (!boot_cpu_has(X86_FEATURE_STIBP) || !smt_possible || > > > + !spectre_v2_user_needs_stibp(spectre_v2_enabled)) > > > > As pointed out in other discussions, it will be great if can get rid of > > eIBRS check, and do what the user asked for; or atleast print a warning > > I think I will keep it as pr_info as, with eIBRS, the user does not > really need STIBP and the mitigation is still effective. Thats fair. > > about not setting STIBP bit explicitly. > > That is a bit more complicated as, for now, the user is not really > exposed to STIBP explicitly yet. > I would prefer to do it as a follow up and fix this bug first. On a second thought, STIBP bit being explicitly set or not shouldn't matter as long as user is getting the STIBP protection that it asked for. A print may just help catch some bugs sooner than later. > It's a bit gnarly and I think we really need to think about the > options that are exposed to the user [especially in light of Intel / > AMD subtelties]. With AMD's AutoIBRS support landing in mainline, and both (AutoIBRS and eIBRS) sharing the same =eibrs mitigation mode, those subtelties becomes more important. Following up on Andrew's comment in the other thread, I hope AutoIBRS does not require setting STIBP explicitly?: /sigh so we're still talking about 3 different things then. 1) Intel's legacy IBRS 2) AMD's regular IBRS 3) AMD's AutoIBRS which all have different relevant behaviours for userspace.  Just so it's written out coherently in at least one place... [...] For any AMD configuration setting STIBP, there must be an IBPB after having set STIBP.   Setting STIBP alone does not evict previously created shared predictions.  This one can go subtly wrong for anyone who assumes that Intel STIBP and AMD STIBP have the same behaviour.