From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <mingo.kernel.org@gmail.com>
Received: from mail-wr0-x235.google.com ([2a00:1450:400c:c0c::235])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80)
	(envelope-from <mingo.kernel.org@gmail.com>)
	id 1fE7RU-0001Ui-Pt
	for speck@linutronix.de; Thu, 03 May 2018 08:10:12 +0200
Received: by mail-wr0-x235.google.com with SMTP id 94-v6so14900507wrf.5
        for <speck@linutronix.de>; Wed, 02 May 2018 23:10:12 -0700 (PDT)
Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213])
        by smtp.gmail.com with ESMTPSA id
 c27-v6sm17296804wrg.75.2018.05.02.23.10.06        for <speck@linutronix.de>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 02 May 2018 23:10:06 -0700 (PDT)
Sender: Ingo Molnar <mingo.kernel.org@gmail.com>
Date: Thu, 3 May 2018 08:10:04 +0200
From: Ingo Molnar <mingo@kernel.org>
Subject: [MODERATED] Re: [patch V11 00/16] SSB 0
Message-ID: <20180503061004.yalw5atl7gf7fryt@gmail.com>
References: <20180502215102.192655950@linutronix.de>
 <c6a25d39-633c-75ac-3699-8be5f6c89ff1@linux.intel.com>
MIME-Version: 1.0
In-Reply-To: <c6a25d39-633c-75ac-3699-8be5f6c89ff1@linux.intel.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>


* speck for Tim Chen <speck@linutronix.de> wrote:


> On 05/02/2018 02:51 PM, speck for Thomas Gleixner wrote:
> > Changes since V10:
> > 
> >   - Addressed Ingos review feedback
> > 
> >   - Picked up Reviewed-bys
> > 
> > Delta patch below. Bundle is coming in separate mail. Git repo branches are
> > updated as well. The master branch contains also the fix for the lost IBRS
> > issue Tim was seeing.
> > 
> > If there are no further issues and nitpicks, I'm going to make the
> > changes immutable and changes need to go incremental on top.
> > 
> > Thanks,
> > 
> > 	tglx
> > 
> > 
> 
> I notice that this code ignores the current process's TIF_RDS setting
> in the prctl case:
> 
> #define firmware_restrict_branch_speculation_end()                      \
> do {                                                                    \
>         u64 val = x86_get_default_spec_ctrl();                          \
>                                                                         \
>         alternative_msr_write(MSR_IA32_SPEC_CTRL, val,                  \
>                               X86_FEATURE_USE_IBRS_FW);                 \
>         preempt_enable();                                               \
> } while (0)
> 
> x86_get_default_spec_ctrl will return x86_spec_ctrl_base, which
> will result in x86_spec_ctrl_base written to the MSR
> in the prctl case for Intel CPU.  That incorrectly ignores current
> process's TIF_RDS setting and the RDS bit will not be set.
> 
> Instead, the following value should have been written to the MSR
> for Intel CPU:
> x86_spec_ctrl_base | rds_tif_to_spec_ctrl(current_thread_info()->flags)

I wanted to suggest to do testing on affected and non-affected CPUs, both AMD and 
Intel, because the runtime TIF and MSR indexing logic looks sufficiently complex 
to me for it to be possibly wrong in some of the scenarios.

Thanks,

	Ingo