Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp756467lqb; Wed, 17 Apr 2024 09:46:19 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVqyjvJEAoAR/trsuX+8R2rHsr+ufOuzPTjo2Xw++t5cQ45vEBqsX0BmIIvSpqYHhMkc5njIaY31RGvVMfhg4UxCKCi166Ive5CQNLJZA== X-Google-Smtp-Source: AGHT+IHjNPeisZS57+awAcmircaqgpNTtU6McGmJpvG4rBhlW+XmMkv6/LsZCl/ODIiL2m9r7YRN X-Received: by 2002:a05:6359:4182:b0:186:3c3:b412 with SMTP id ki2-20020a056359418200b0018603c3b412mr19816503rwc.0.1713372378905; Wed, 17 Apr 2024 09:46:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713372378; cv=pass; d=google.com; s=arc-20160816; b=VK6TDGat12u8cOT6ugjYRESm6nwpUP5Pj11JFwdizS7dliVjoFqDf5MP8fguXbaTvf ZJFWjtXB53pBzmpt+ipRnrmnAMZE8aKfb1DUh74cgoeeOabKKScca740GEjVrQ3mpqZY HZ0BWb43x2H8d2SM/Eli0Kq0WpRNyGRrkJVyGPl1zdGGXECTJKjyOOueP5Z56uEeJMYV BX0h4YGU36VKcoG+Xoz1KQlMmNn9ObC7oQefVpg+lYjWU8UOWGLT+/8isaHecUC1E6IH mKLzJmBhW2lap5sQoSLRtiYUQwhaURG8Fqflf4zghpzFCT3THKW1/TAfUdIeEREp2JrP lhfw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=3cKHE7iLH5OetSrFxD4LI0HJM3GABuyj6smaZYUXJck=; fh=tGmVAd5187jnS3jDf7EIKjjnhqDh5sSxpwU1t7yt0to=; b=IJ3HLLIzDWUo6m3373t2RnS+A8XX7kttH3ditM5Mx6QGHrjHLoTVl83pKH3eoL85v9 33BnLti7tUA4HCALrhKvMCJczu3gqIdDQvSICdxWBjNvKPqL1kZNl8vGFLD8vdHg4WhG umpHFAaqFA9InsTrSN1ljMOVW8bQ6RySgQuL+HMTASMAc2uqf/YMgOOJp1XGhgFJ6oAh XAq7UsbcwixdQMaO89Wx4gT8OQL13GLjtCmsKJ5phztbvwvbJowO1z8gNXK6VB2ReE/i 8hXHgQCXqUqBatg1PP5PC/7BjzUZWcZ0eb+qwhQIruGg1uMjGX2PNvfeb1qXuK+Hh1Nc jb2A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FG7ROy2d; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-148933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-148933-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id dg16-20020a056214085000b0069b5f0daa3bsi12056956qvb.444.2024.04.17.09.46.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 09:46:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-148933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FG7ROy2d; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-148933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-148933-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 992041C2300B for ; Wed, 17 Apr 2024 16:46:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 56359171E5C; Wed, 17 Apr 2024 16:45:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FG7ROy2d" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA798171E50 for ; Wed, 17 Apr 2024 16:45:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.15 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713372326; cv=none; b=usFwG9XWAKFJKiLiTKIGu0rMLY+fVCx6DIMEVLfG8yNef/dbUJB63+kDpB3udlB8XmbHu25Zv6ZD3TomFPSlgW/k2qrtxaZr2ksZrr3oznvbKpbz2MUQ9tXln5OP93bs4kgecjwSEF0nGtgw8/+QCqdTCupXq6y+VXDOeDs1xEU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713372326; c=relaxed/simple; bh=JNNbbcDpsjSu5SzSQb4EGQ/IYA72a9ZEL7ImG/VKG5M=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=QvCkXNLpQkxaYDRpYbHyZG/DUPH5Ni3KGeYwlcTVV311OxQ/05TpkJLQBSKgpb7Yuob2uFVIub1HXbblvap5wq01n3LGaQz8HqHk64Sj0i5XVeqaGkqsynT8I5duf4DoER4ndjEl9rkBKLw3k0si02IMCVB6hFlEXxld7UW981Y= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FG7ROy2d; arc=none smtp.client-ip=192.198.163.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1713372325; x=1744908325; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=JNNbbcDpsjSu5SzSQb4EGQ/IYA72a9ZEL7ImG/VKG5M=; b=FG7ROy2duY/+qKiyHc5doixnBOX01OSyCH+RAR9c+svr7Q0IloTumfzR 8OtBKjJar7O4H9vxRD20YIMA1N4zwNnWYhQZi8I9EcfpYyXjiGi3XT6Ym UVXhR8xyuXopk4Jeiu6IOWRRm88J3XiNv599GEdHXqUngUKKd8GLBfsSW QoVQqahs0NPSc9WBqMEshS8Ls9efaWeHD/EtnLXtsA4cB3N2nR9WcOuq8 HQrIZDCms2CyS7LtKFIJ/aWslHaQz+s26HPsPiUWxzReWQPpzTA2hfDQD NbVsoYIT8XITy/kBzkcPW72gp6I8uCasIrR06gGkHj3MZ6CHf7YEDDB3d Q==; X-CSE-ConnectionGUID: cS0bFtWyTqCRBbXsAIdDSQ== X-CSE-MsgGUID: A78hUBFuTPG92w4wLeWOdw== X-IronPort-AV: E=McAfee;i="6600,9927,11046"; a="9045786" X-IronPort-AV: E=Sophos;i="6.07,209,1708416000"; d="scan'208";a="9045786" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Apr 2024 09:45:22 -0700 X-CSE-ConnectionGUID: NXZ1A3m5SRyhpASJnq5bZA== X-CSE-MsgGUID: wQjzvXvFQGOjaFwNJwQnEg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,209,1708416000"; d="scan'208";a="27319575" Received: from wangc3-mobl.amr.corp.intel.com (HELO desk) ([10.209.4.219]) by fmviesa004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Apr 2024 09:45:20 -0700 Date: Wed, 17 Apr 2024 09:45:14 -0700 From: Pawan Gupta To: Andrew Cooper Cc: Josh Poimboeuf , x86@kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds , Daniel Sneddon , Thomas Gleixner , Alexandre Chartre , Konrad Rzeszutek Wilk , Peter Zijlstra , Greg Kroah-Hartman , Sean Christopherson , Dave Hansen , Nikolay Borisov , KP Singh , Waiman Long , Borislav Petkov , Ingo Molnar Subject: Re: [PATCH v3] x86/bugs: Only harden syscalls when needed Message-ID: <20240417164514.66hgypzxgqxt3ssk@desk> References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, Apr 17, 2024 at 04:14:26PM +0100, Andrew Cooper wrote: > On 17/04/2024 12:02 am, Josh Poimboeuf wrote: > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > > index ca295b0c1eee..dcb97cc2758f 100644 > > --- a/arch/x86/kernel/cpu/bugs.c > > +++ b/arch/x86/kernel/cpu/bugs.c > > @@ -1678,6 +1687,21 @@ static void __init spectre_v2_select_mitigation(void) > > enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); > > enum spectre_v2_mitigation mode = SPECTRE_V2_NONE; > > > > + /* > > + * X86_FEATURE_INDIRECT_SAFE indicates whether indirect calls can be > > + * considered safe. That means either: > > + * > > + * - the CPU isn't vulnerable to Spectre v2 or its variants; > > + * > > + * - a hardware mitigation is in place (e.g., IBRS, BHI_DIS_S); or > > + * > > + * - the user turned off mitigations altogether. > > + * > > + * Assume innocence until proven guilty: set the cap bit now, then > > + * clear it later if/when needed. > > + */ > > + setup_force_cpu_cap(X86_FEATURE_INDIRECT_SAFE); > > Following on from the (re)discovery that X86_FEATURE_RETPOLINE is a poor > name given what it *actually* does, can I recommend s/SAFE/OK/ here? Or simply X86_FEATURE_USE_INDIRECT_BRANCH. > This flag really is "do I want indirect branches or not", which - as > noted here - is more than just a judgement of whether indirect branches > are "safe".