Re: [PATCH 1/7] x86/feature: Detect the x86 feature to control Speculation

[Greg KH <gregkh@linuxfoundation.org>]

On Thu, Jan 04, 2018 at 09:56:42AM -0800, Tim Chen wrote:
> cpuid ax=0x7, return rdx bit 26 to indicate presence of this feature
> IA32_SPEC_CTRL (0x48) and IA32_PRED_CMD (0x49)
> IA32_SPEC_CTRL, bit0 – Indirect Branch Restricted Speculation (IBRS)
> IA32_PRED_CMD,  bit0 – Indirect Branch Prediction Barrier (IBPB)
> 
> If IBRS is set, near returns and near indirect jumps/calls will not
> allow their predicted target address to be controlled by code that
> executed in a less privileged prediction mode before the IBRS mode was
> last written with a value of 1 or on another logical processor so long
> as all RSB entries from the previous less privileged prediction mode
> are overwritten.
> 
> Setting of IBPB ensures that earlier code's behavior does not control later
> indirect branch predictions.  It is used when context switching to new
> untrusted address space.  Unlike IBRS, it is a command MSR and does not retain
> its state.
> 
> * Thus a near indirect jump/call/return may be affected by code in a
> less privileged prediction mode that executed AFTER IBRS mode was last
> written with a value of 1
> 
> * There is no need to clear IBRS before writing it with a value of
> 1. Unconditionally writing it with a value of 1 after the prediction
> mode change is sufficient
> 
> * Note: IBRS is not required in order to isolate branch predictions for
> SMM or SGX enclaves
> 
> * Code executed by a sibling logical processor cannot control indirect
> jump/call/return predicted target when IBRS is set
> 
> * SMEP will prevent supervisor mode using RSB entries filled by user code;
> this can reduce the need for software to overwrite RSB entries
> 
> * IBRS is not guaranteed to differentiate two applications that use
> the same CR3 due to recycling. Software can use an IBPB command when
> recycling a page table base address.
> 
> * VMM software can similarly use an IBPB when recycling a controlling
> VMCS pointer address
> 
> CPU performance could be reduced when running with IBRS set.
> 
> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
> ---
>  arch/x86/include/asm/cpufeatures.h | 1 +
>  arch/x86/include/asm/msr-index.h   | 7 +++++++
>  arch/x86/kernel/cpu/scattered.c    | 1 +
>  3 files changed, 9 insertions(+)
> 
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 86c68cb..431f393 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -209,6 +209,7 @@
>  #define X86_FEATURE_AVX512_4FMAPS	( 7*32+17) /* AVX-512 Multiply Accumulation Single precision */
>  
>  #define X86_FEATURE_MBA			( 7*32+18) /* Memory Bandwidth Allocation */
> +#define X86_FEATURE_SPEC_CTRL		( 7*32+19) /* Control Speculation Control */
>  
>  /* Virtualization flags: Linux defined, word 8 */
>  #define X86_FEATURE_TPR_SHADOW		( 8*32+ 0) /* Intel TPR Shadow */

You should have gotten a build warning with just this patch, please also
update tools/arch/x86/include/asm/cpufeatures.h to fix that.

And why not use a free slot, (7*32+13) or (7*32+12) is free, right?

Or were you just trying to make backports "easier"?  :)

thanks,

greg k-h