Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp347609lqt; Thu, 18 Apr 2024 18:18:33 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXP1uQSnFotyLDJUYUnyzmcNDcwcznn5yNEm5Y0AJpXF/4eQmMVETK8jeOEFxozmc0SUB6MeriIDKcgg2uG4HtqExEZoYfeZSCbqpjBmQ== X-Google-Smtp-Source: AGHT+IEU9f2PEfhJ9zrKwFuuE0KBBSDvn5Nx+3skp6yu6HdHyJIAaXfNBQN0IIKoDd/T++nCTwLx X-Received: by 2002:a17:903:120f:b0:1e4:200e:9c2b with SMTP id l15-20020a170903120f00b001e4200e9c2bmr740640plh.21.1713489513435; Thu, 18 Apr 2024 18:18:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713489513; cv=pass; d=google.com; s=arc-20160816; b=LSEbI7FNUadPIDx6maH7DO7VRPqmGmPuQ0/nOoyRJQr5HN5J4GHvfyTRodHdQ1ud3+ N+7dSZcYFTvmAwPQgM/KPBFc605BtpM6auntDueFI3ZLT0mDf+oUKWybHtAF0s59t1ti UhbU/0mp+7vTv1gRyR3bqy5c6EMzZllYx7oKLOcIndc7Qgd1zc0ouPfsqAzhr43ELUuP nKh47/LOVCPOGrTLrn3+iV7sBoQe2BRfu2vsh3WvGR1jIK0ZXI1OxELi+xSDYzON7L/9 CZ01Y+MHDV7UgNuKvAU2rjNDAC3kMcKQECHx4qGorF0AncmMG/44+7nAEZn50/eDS5Sq DoCw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=dP8YX1Xh9G/1EvO4OewiO0wJ9i04QmF55lrwuUJZh4Q=; fh=UTniZeBZ4PDZwj0oLjGvPjndRqqZbXiaWtfk36aO7o4=; b=rHIZ6eJ795/VZoQU5tmGEgpJlGQZ6qYLuMz+b4hYge0UMmSU9z8w64fNYbFKdYNUz7 TbpJVcpx2g9TaEyURdP6/FM1Z8BfZPDsvkVX6nGKrh9uK1edyXITyf00N0+cmBhZi+KN dQ5DGWvhTnwX+/iEiT/EE5AnSD4NNVVVXZS9szDGOpPGd619bOFrYanzdV7L5VGBgcvz qQT8OnZl7aggr48/jYbZla2XQ/GxdutyCctUHJPdCj18zOsMfF/Hp4Bh2sPtks7WINmD iWQS/A0tx45GmyblWTTTMVtlasDLwZSu7wTAWRVoz3dOPW/QyZOjG2XdhirSPnioT37q tUXQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hKWY1e0a; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-150900-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-150900-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id l13-20020a170902f68d00b001e4c7903818si2507563plg.491.2024.04.18.18.18.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 18:18:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-150900-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hKWY1e0a; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-150900-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-150900-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 15171283AB8 for ; Fri, 19 Apr 2024 01:18:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E8AF4137E; Fri, 19 Apr 2024 01:18:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="hKWY1e0a" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 813D27E2 for ; Fri, 19 Apr 2024 01:18:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.14 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713489496; cv=none; b=DLfLE2h23RcQ9DxlYT+m7tAQyvixQkmeT/JGLmEKT1ka/zrD1rTMChKonLgcFruvlQHQ2wcOTl+p5DXfI4e+cUDvY8pS+tory2PU6zld4NosR4G0ixEZHdoyKknJUJACZt+ZsQn2Fv8DTRlrDQlGJylfvTJMk6zPZezTrYBtlaY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713489496; c=relaxed/simple; bh=K1im4bHfvgpOGWvoUKD1j9lm7YqKiEjRz2tzXl9uvNU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ki95wFKrSUc7WHjSaw74Z8QZw+7/RSlxWFZSqFuXwW4/uDHPEq15IXEVDaPivgR9iaGaRqb2DMCCk5rOt5wgmE9ygi3qS33+AwHrYC2ukwVAApJdCJc+LLN3E4Y4gIRKmguPlxqTHshhnDgncCReD6bHRSKM85CV0TzjCGckEmk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=hKWY1e0a; arc=none smtp.client-ip=192.198.163.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1713489494; x=1745025494; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=K1im4bHfvgpOGWvoUKD1j9lm7YqKiEjRz2tzXl9uvNU=; b=hKWY1e0aMqg0oXiVc5qBuvq7y4oGINBKkR18K056jABmNs1kE9z8v8nQ 8TIkr9x6rKIQt1CTSaTAn3XlUgKdZDgyLVlsVXUPhtnHA2+shI7+sYA46 oNr5b9Tdyx9eAOVxqiz9Iuh5r0YVjPFgnDLXKXCLhRD5qhZaiA0NJqUv+ 0hKmXdS1A5+ukE25CZmHqKoL6AggyT+GPt90rSeSp7n9Wxsqczw1t7TFk ueIaGvQioBDR7rpwbU6J9kE3f0rPUIFKNPTuaDjeMbymtyWTFI8rI8H7g UahcKUgRTu6e6S+e02M5DxiAIjbshOGm2/wdaJxKAmtqpoGiSiLNr1O2w A==; X-CSE-ConnectionGUID: fYVxvTQZQBeZLKAHRcGcnw== X-CSE-MsgGUID: 5Omtx27YQB6IN06rzgG5zA== X-IronPort-AV: E=McAfee;i="6600,9927,11047"; a="9298668" X-IronPort-AV: E=Sophos;i="6.07,213,1708416000"; d="scan'208";a="9298668" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by fmvoesa108.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2024 18:15:29 -0700 X-CSE-ConnectionGUID: XJThbsBkSeiRHKyhs3iP1Q== X-CSE-MsgGUID: eGGIpkEuRs6I3ZKY8r8iIw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,213,1708416000"; d="scan'208";a="23243959" Received: from sferrell-mobl2.amr.corp.intel.com (HELO desk) ([10.209.93.160]) by fmviesa010-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2024 18:15:08 -0700 Date: Thu, 18 Apr 2024 18:14:45 -0700 From: Pawan Gupta To: Josh Poimboeuf Cc: Andrew Cooper , x86@kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds , Daniel Sneddon , Thomas Gleixner , Alexandre Chartre , Konrad Rzeszutek Wilk , Peter Zijlstra , Greg Kroah-Hartman , Sean Christopherson , Dave Hansen , Nikolay Borisov , KP Singh , Waiman Long , Borislav Petkov , Ingo Molnar Subject: Re: [PATCH v3] x86/bugs: Only harden syscalls when needed Message-ID: <20240419011445.2ryomgruj2ein6wh@desk> References: <20240417164514.66hgypzxgqxt3ssk@desk> <20240417175723.r4si62d6oqirqadb@treble> <2a490bb4-fd00-46e7-b7c3-bb8ef962d8b9@citrix.com> <20240419004845.ker26cp3hslttslk@treble> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240419004845.ker26cp3hslttslk@treble> On Thu, Apr 18, 2024 at 05:48:45PM -0700, Josh Poimboeuf wrote: > On Wed, Apr 17, 2024 at 07:01:54PM +0100, Andrew Cooper wrote: > > On 17/04/2024 6:57 pm, Josh Poimboeuf wrote: > > > On Wed, Apr 17, 2024 at 09:45:14AM -0700, Pawan Gupta wrote: > > >> On Wed, Apr 17, 2024 at 04:14:26PM +0100, Andrew Cooper wrote: > > >>> On 17/04/2024 12:02 am, Josh Poimboeuf wrote: > > >>>> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > > >>>> index ca295b0c1eee..dcb97cc2758f 100644 > > >>>> --- a/arch/x86/kernel/cpu/bugs.c > > >>>> +++ b/arch/x86/kernel/cpu/bugs.c > > >>>> @@ -1678,6 +1687,21 @@ static void __init spectre_v2_select_mitigation(void) > > >>>> enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); > > >>>> enum spectre_v2_mitigation mode = SPECTRE_V2_NONE; > > >>>> > > >>>> + /* > > >>>> + * X86_FEATURE_INDIRECT_SAFE indicates whether indirect calls can be > > >>>> + * considered safe. That means either: > > >>>> + * > > >>>> + * - the CPU isn't vulnerable to Spectre v2 or its variants; > > >>>> + * > > >>>> + * - a hardware mitigation is in place (e.g., IBRS, BHI_DIS_S); or > > >>>> + * > > >>>> + * - the user turned off mitigations altogether. > > >>>> + * > > >>>> + * Assume innocence until proven guilty: set the cap bit now, then > > >>>> + * clear it later if/when needed. > > >>>> + */ > > >>>> + setup_force_cpu_cap(X86_FEATURE_INDIRECT_SAFE); > > >>> Following on from the (re)discovery that X86_FEATURE_RETPOLINE is a poor > > >>> name given what it *actually* does, can I recommend s/SAFE/OK/ here? > > >> Or simply X86_FEATURE_USE_INDIRECT_BRANCH. > > >> > > >>> This flag really is "do I want indirect branches or not", which - as > > >>> noted here - is more than just a judgement of whether indirect branches > > >>> are "safe". > > > X86_FEATURE_USE_INDIRECT_BRANCH sounds good. It's a bit long but does > > > describe it better. > > > > Works for me.  Definitely an improvement over SAFE. > > USE_INDIRECT_BRANCH is now irking me: "use indirect branch for what? > when? why?" I don't think feature bits in general tries to answer when & why. And it shouldn't be the case, otherwise we will need multi-line names. IMO, it should just tell what the feature means. But, I am not too hung up on name, I am fine with X86_FEATURE_INDIRECT_OK or anything similar.