Re: [PATCH v2 4/8] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Konrad Rzeszutek Wilk <konrad@kernel.org>
To: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Andy Lutomirski <luto@kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Dave Hansen <dave.hansen@intel.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Andi Kleen <ak@linux.intel.com>,
	Arjan Van De Ven <arjan.van.de.ven@intel.com>,
	David Woodhouse <dwmw@amazon.co.uk>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 4/8] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
Date: Sat, 6 Jan 2018 16:25:19 -0500	[thread overview]
Message-ID: <20180106212519.GA18459@x230.dumpdata.com> (raw)
In-Reply-To: <0de2d41c-368c-685f-ac52-cf7ce440ac60@linux.intel.com>

On Sat, Jan 06, 2018 at 10:10:59AM -0800, Tim Chen wrote:
> 
> 
> On 01/06/2018 12:54 AM, Greg KH wrote:
> > On Fri, Jan 05, 2018 at 06:12:19PM -0800, Tim Chen wrote:
> >> From: Tim Chen <tim.c.chen@linux.intel.com>
> >> From: Andrea Arcangeli <aarcange@redhat.com>
> >>
> >> There are 2 ways to control IBRS
> >>
> >> 1. At boot time
> >>     noibrs kernel boot parameter will disable IBRS usage
> >>
> >> Otherwise if the above parameters are not specified, the system
> >> will enable ibrs and ibpb usage if the cpu supports it.
> >>
> >> 2. At run time
> >>     echo 0 > /sys/kernel/debug/x86/ibrs_enabled will turn off IBRS
> >>     echo 1 > /sys/kernel/debug/x86/ibrs_enabled will turn on IBRS in kernel
> >>     echo 2 > /sys/kernel/debug/x86/ibrs_enabled will turn on IBRS in both userspace and kernel
> >>

This is going to create headaches in the future.

That is future CPUs there will be no need for this MSR nor retpoline as
the CPUs will observe correctness when switching .. rings/vm-exits/etc
and I would assume that 'ibrs_enabled' will return 0.

And that will make folks scared and run to support/Intel with
complaints.

Furthmore with the 'retpoline' work you can disable IBRS and instead use
'retpoline's as mitigation - and again the 'ibrs_enabled' is now zero.
Cue in horde of customers calling support.

Would it be better to have an global /sys/../spectre_resistent instead
of these 'well, check if the repoline sysfs is enabled, or if that is
not, then look at the cpuid flags'.

It would be good to have this future proof.

next prev parent reply	other threads:[~2018-01-06 21:25 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-06  2:12 [PATCH v2 0/8] IBRS patch series Tim Chen
2018-01-06  2:12 ` [PATCH v2 1/8] x86/feature: Detect the x86 IBRS feature to control Speculation Tim Chen
2018-01-06 12:56   ` Borislav Petkov
2018-01-07 17:14     ` Tim Chen
2018-01-07 18:31       ` Borislav Petkov
2018-01-09 18:13     ` Dave Hansen
2018-01-09 18:55       ` Borislav Petkov
2018-01-08 16:14   ` Paolo Bonzini
2018-01-09 10:39   ` Paolo Bonzini
2018-01-09 17:53     ` Tim Chen
2018-01-09 17:58       ` Paolo Bonzini
2018-01-09 22:59         ` Tim Chen
2018-01-18 23:28   ` Andy Lutomirski
2018-01-06  2:12 ` [PATCH v2 2/8] x86/enter: MACROS to set/clear IBRS Tim Chen
2018-01-07 12:03   ` Borislav Petkov
2018-01-07 17:12     ` Tim Chen
2018-01-07 18:44       ` Borislav Petkov
2018-01-08 22:24     ` Tim Chen
2018-01-06  2:12 ` [PATCH v2 3/8] x86/enter: Use IBRS on syscall and interrupts Tim Chen
2018-01-07 19:27   ` Borislav Petkov
2018-01-06  2:12 ` [PATCH v2 4/8] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature Tim Chen
2018-01-06  3:12   ` Dave Hansen
2018-01-08 12:47     ` Peter Zijlstra
2018-01-08 16:14       ` Peter Zijlstra
2018-01-08 17:28         ` Tim Chen
2018-01-08 17:42           ` Peter Zijlstra
2018-01-08 19:34             ` Woodhouse, David
2018-01-08 19:52               ` Lu, Hongjiu
2018-01-09 10:40             ` Thomas Gleixner
2018-01-09 17:55               ` Tim Chen
2018-01-09 18:13                 ` David Woodhouse
2018-01-09 20:31                   ` Tim Chen
2018-01-27 13:59         ` Konrad Rzeszutek Wilk
2018-01-27 14:26           ` David Woodhouse
2018-01-06  8:54   ` Greg KH
2018-01-06 18:10     ` Tim Chen
2018-01-06 21:25       ` Konrad Rzeszutek Wilk [this message]
2018-01-07  8:20         ` Greg KH
2018-01-06 14:41   ` Konrad Rzeszutek Wilk
2018-01-06 17:33     ` Dave Hansen
2018-01-06 17:41       ` Van De Ven, Arjan
2018-01-06 19:22         ` Dave Hansen
2018-01-06 19:47           ` Thomas Gleixner
2018-01-06 21:32             ` Konrad Rzeszutek Wilk
2018-01-06 21:34               ` Van De Ven, Arjan
2018-01-06 21:41                 ` Konrad Rzeszutek Wilk
2018-01-06 21:44                   ` Van De Ven, Arjan
2018-01-06 21:39               ` Thomas Gleixner
2018-01-06 21:46                 ` Is: Linus, name for 'spectre' variable. Was:Re: " Konrad Rzeszutek Wilk
2018-01-06 18:23       ` Tim Chen
2018-01-06 18:20     ` Tim Chen
2018-01-08 15:08   ` Peter Zijlstra
2018-01-08 15:29     ` Van De Ven, Arjan
2018-01-08 17:02       ` Tim Chen
2018-01-08 15:11   ` Peter Zijlstra
2018-01-08 15:15   ` Peter Zijlstra
2018-01-08 15:53   ` Peter Zijlstra
2018-01-09  0:29   ` Borislav Petkov
2018-01-09 18:05     ` Tim Chen
2018-01-06  2:12 ` [PATCH v2 5/8] x86/idle: Disable IBRS entering idle and enable it on wakeup Tim Chen
2018-01-06  2:12 ` [PATCH v2 6/8] x86/microcode: Recheck IBRS features on microcode reload Tim Chen
2018-01-06 12:09   ` Woodhouse, David
2018-01-09  0:34   ` Borislav Petkov
2018-01-06  2:12 ` [PATCH v2 7/8] x86: Do not use dynamic IBRS if retpoline is enabled Tim Chen
2018-01-06  2:12 ` [PATCH v2 8/8] x86: Use IBRS for firmware update path Tim Chen
2018-01-06  8:55   ` Greg KH
2018-01-06  8:57   ` Greg KH
2018-01-06  6:43 ` [PATCH v2 0/8] IBRS patch series Tim Chen
2018-01-06 12:00   ` Woodhouse, David
2018-01-06 12:11 ` Woodhouse, David
  -- strict thread matches above, loose matches on Subject: below --
2018-01-08 17:43 [PATCH v2 4/8] x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature Alexey Dobriyan
2018-01-08 18:30 ` Andrea Arcangeli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180106212519.GA18459@x230.dumpdata.com \
    --to=konrad@kernel.org \
    --cc=aarcange@redhat.com \
    --cc=ak@linux.intel.com \
    --cc=arjan.van.de.ven@intel.com \
    --cc=dave.hansen@intel.com \
    --cc=dwmw@amazon.co.uk \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=tim.c.chen@linux.intel.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).