Getting confused with all the threads, will repost this review to the
lkml version...
On Mon, Feb 20, 2023 at 04:07:30AM -0800, Josh Poimboeuf wrote:
> On Mon, Feb 20, 2023 at 11:39:30AM +0100, KP Singh wrote:
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -1132,6 +1132,19 @@ static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)
> > mode == SPECTRE_V2_EIBRS_LFENCE;
> > }
> >
> > +static inline bool spectre_v2_user_no_stibp(enum spectre_v2_mitigation mode)
> > +{
> > + /* When IBRS or enhanced IBRS is enabled, STIBP is not needed.
> > + *
> > + * However, With KERNEL_IBRS, the IBRS bit is cleared on return
> > + * to user and the user-mode code needs to be able to enable protection
> > + * from cross-thread training, either by always enabling STIBP or
> > + * by enabling it via prctl.
> > + */
> > + return (spectre_v2_in_ibrs_mode(mode) &&
> > + !cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS));
> > +}
>
> The comments and code confused me, they both seem to imply some
> distinction between IBRS and KERNEL_IBRS, but in the kernel those are
> functionally the same thing. e.g., the kernel doesn't have a user IBRS
> mode.
>
> And, unless I'm missing some subtlety here, it seems to be a convoluted
> way of saying that eIBRS doesn't need STIBP in user space.
>
> It would be simpler to just call it spectre_v2_in_eibrs_mode().
>
> static inline bool spectre_v2_in_eibrs_mode(enum spectre_v2_mitigation mode)
> {
> return mode == SPECTRE_V2_EIBRS ||
> mode == SPECTRE_V2_EIBRS_RETPOLINE ||
> mode == SPECTRE_V2_EIBRS_LFENCE;
> }
>
> And then spectre_v2_in_ibrs_mode() could be changed to call that:
>
> static inline bool spectre_v2_in_eibrs_mode(enum spectre_v2_mitigation mode)
> {
> return spectre_v2_in_eibrs_mode(mode) || mode == SPECTRE_V2_IBRS;
> }
>
> > @@ -1496,6 +1504,7 @@ static void __init spectre_v2_select_mitigation(void)
> > break;
> >
> > case SPECTRE_V2_IBRS:
> > + pr_err("enabling KERNEL_IBRS");
>
> Why?
>
> > setup_force_cpu_cap(X86_FEATURE_KERNEL_IBRS);
> > if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED))
> > pr_warn(SPECTRE_V2_IBRS_PERF_MSG);
> > @@ -2327,7 +2336,7 @@ static ssize_t mmio_stale_data_show_state(char *buf)
> >
> > static char *stibp_state(void)
> > {
> > - if (spectre_v2_in_ibrs_mode(spectre_v2_enabled))
> > + if (spectre_v2_user_no_stibp(spectre_v2_enabled))
> > return "";
>
> This seems like old cruft, can we just remove this check altogether? In
> the eIBRS case, spectre_v2_user_stibp will already have its default of
> SPECTRE_V2_USER_NONE.
>
> --
> Josh
--
Josh
