Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE6BEC636D6 for ; Wed, 22 Feb 2023 19:42:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231856AbjBVTmS (ORCPT ); Wed, 22 Feb 2023 14:42:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231263AbjBVTmO (ORCPT ); Wed, 22 Feb 2023 14:42:14 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C6BE12B297 for ; Wed, 22 Feb 2023 11:42:13 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4FC0461548 for ; Wed, 22 Feb 2023 19:42:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BC49AC433A1 for ; Wed, 22 Feb 2023 19:42:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1677094932; bh=vl0l+s6Au0VrCtGm/qqHU/k7GVH6k2EtTrSSl0Zhot0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=AoBtCha7XHGGEGXhBihl0q0FjheYkXmMDXIDQeyCqq9e4j3QVsq8kSi3SwqtJ4Dfu YpkKLwiDnjdZRBpbnAIDaKPgIXZLsoOO71euJ3cp+C90Qx+iuwB0BNose8YDv9Z7ma IN+0tFHauTP4+f50SqxjhNZOXO9u0jztk7s5am+dDHZXnvD/mMA3QTU3bhCfxEgSD8 niGpbGcL7q7LikbR6r+2kxUuKzc+iq2LPx00sEPp+4YkCmsNStwRx3dmS+TIUKE0Nu ogaBkDxgywS9BJyjnnpb17iy9XyR3oK/fcEtkn8O9PdYbk2Mtf96VuuHueREbdyC0O +Myzu4oaIDbRA== Received: by mail-ed1-f50.google.com with SMTP id s26so34929734edw.11 for ; Wed, 22 Feb 2023 11:42:12 -0800 (PST) X-Gm-Message-State: AO0yUKX76SvTIqYRZpKnnGO84B7hxgPJpaoYtjrd+1fMoioondrLa50W 3NLx/gqScCUO8X2imkK075O3pD/nPFzPiGanP3rn3g== X-Google-Smtp-Source: AK7set+EnDQ5ZGD9YF1803eOIardxXn8qqmslC28OZkVXj4gOrukCpvFPR+mCaohzwS1cm99m6zxj6fd/cGZXNhTiTo= X-Received: by 2002:a17:906:938b:b0:8a5:c8bd:4ac4 with SMTP id l11-20020a170906938b00b008a5c8bd4ac4mr7737884ejx.15.1677094930921; Wed, 22 Feb 2023 11:42:10 -0800 (PST) MIME-Version: 1.0 References: <20230221184908.2349578-1-kpsingh@kernel.org> In-Reply-To: From: KP Singh Date: Wed, 22 Feb 2023 11:41:59 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 1/2] x86/speculation: Allow enabling STIBP with legacy IBRS To: Borislav Petkov Cc: linux-kernel@vger.kernel.org, pjt@google.com, evn@google.com, jpoimboe@kernel.org, tglx@linutronix.de, x86@kernel.org, hpa@zytor.com, peterz@infradead.org, pawan.kumar.gupta@linux.intel.com, kim.phillips@amd.com, alexandre.chartre@oracle.com, daniel.sneddon@linux.intel.com, corbet@lwn.net, bp@suse.de, linyujun809@huawei.com, jmattson@google.com, =?UTF-8?Q?Jos=C3=A9_Oliveira?= , Rodrigo Branco , Alexandra Sandulescu , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 22, 2023 at 9:48 AM Borislav Petkov wrote: > > On Wed, Feb 22, 2023 at 09:16:21AM -0800, KP Singh wrote: > > Thanks for iterating. I think your commit description and rewrite > > omits a few key subtleties which I have tried to reinforce in both the > > commit log and the comments. > > > > Q: What does STIBP have to do with IBRS? > > A: Setting the IBRS bit implicitly enables STIBP / some form of cross > > thread protection. > > That belongs in the docs, if you want to explain this properly. > > > Q: Why does it work with eIBRS? > > A: Because we set the IBRS bit once and leave it set when using eIBRS > > Also docs. > > > I think this subtlety should be reinforced in the commit description > > and code comments so that we don't get it wrong again. Your commit > > does answer this one (thanks!) > > Commit messages are fine when explaining *why* a change is being done. > What is even finer is when you put a lenghtier explanation in our > documentation so that people can actually find it. Finding text in > commit messages is harder... Sure, I think the docs do already cover it, but I sort of disagree with your statement around the commit message. I feel the more context you can add in the commit message, the better it is. When I am looking at the change log, it would be helpful to have the information that I mentioned in the Q&A. Small things like, "eIBRS needs the IBRS bit set which also enables cross-thread protections" is a very important context for this patch IMHO. Without this one is just left head scratching and scrambling to read lengthy docs and processor manuals. But again, totally your call. Others, feel free to chime in. > > > Q: Why does it not work with the way the kernel currently implements > > legacy IBRS? > > A: Because the kernel clears the bit on returning to user space. > > From the commit message: > > However, on return to userspace, the IBRS bit is cleared for performance > reasons. That leaves userspace threads vulnerable to cross-thread > predictions influence against which STIBP protects. This sort of loosely implies that the IBRS bit also enables cross-thread protections. Can you atleast add this one explicitly? "Setting the IBRS bit also enables cross thread protections" > > > The reason why I refactored this into a separate helper was to > > document the subtleties I mentioned above and anchor them to one place > > as the function is used in 2 places. But this is a maintainer's > > choice, so it's your call :) > > The less code gets added in that thing, the better. Not yet another > helper pls. Sure, your call. > > > I do agree with Pawan that it's worth adding a pr_info about what the > > kernel is doing about STIBP. > > STIBP status gets dumped through stibp_state(). Not at the stage when the kernel decides to drop the STIBP protection when eIBRS is enabled. If we had this information when we had a positive POC, it would have been much easier to figure out what's going on here. - KP > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette