x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation

If 'noibrs' is used, or the hardware does not have IBRS microcode
we fallback on using 'lfence' on every system call/interrupt/exception/etc.

This can dramatically slow down the performance. As a knob to
measure this provide 'nolfence' which will also disable this
security big hammer.

OraBug: 27472666
Reviewed-by: John Haxby <john.haxby@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 5bce7f616884a44ad440503d12c420b6a547d434..1afb0d9106bdcda8ef79db930b2cb4a1acdd8fa4 100644 (file)
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2357,13 +2357,19 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
        noibrs          [X86]
                        Don't use indirect branch restricted speculation (IBRS)
                        feature when running in secure environment,
-                       to avoid performance overhead.
+                       to avoid performance overhead. Disabling this will fallback
+                       on using lfence.
 
        noibpb          [X86]
                        Don't use indirect branch prediction barrier (IBPB)
                        feature when running in secure environment,
                        to avoid performance overhead.
 
+       nolfence        [X86]
+                       Don't use lfence on every system call/interrupt/exception
+                       if noibrs has been specified. This is used to avoid
+                       performance overhead.
+
        nosmap          [X86]
                        Disable SMAP (Supervisor Mode Access Prevention)
                        even if it is supported by processor.

diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h
index 97bdadcecfec5420bf6e73f1ccac057b3a195676..891a569b55cb6053f5d9ca17092fea153d6ae08d 100644 (file)
--- a/arch/x86/include/asm/spec_ctrl.h
+++ b/arch/x86/include/asm/spec_ctrl.h
@@ -9,7 +9,7 @@
 #define SPEC_CTRL_IBRS_INUSE           (1<<0)  /* OS enables IBRS usage */
 #define SPEC_CTRL_IBRS_SUPPORTED       (1<<1)  /* System supports IBRS */
 #define SPEC_CTRL_IBRS_ADMIN_DISABLED  (1<<2)  /* Admin disables IBRS */
-
+#define SPEC_CTRL_LFENCE_OFF           (1<<3)  /* No lfence */
 #ifdef __ASSEMBLY__
 
 .extern use_ibrs
@@ -133,6 +133,8 @@
        __ASM_ENABLE_IBRS
        jmp     20f
 7:
+       testl  $SPEC_CTRL_LFENCE_OFF, use_ibrs
+       jnz     20f
        lfence
 20:
 .endm
@@ -143,6 +145,8 @@
        __ASM_ENABLE_IBRS_CLOBBER
        jmp     21f
 11:
+       testl  $SPEC_CTRL_LFENCE_OFF, use_ibrs
+       jnz     21f
        lfence
 21:
 .endm
@@ -161,6 +165,8 @@
        jmp 22f
 12:
        movl $SPEC_CTRL_FEATURE_ENABLE_IBRS, \save_reg
+       testl  $SPEC_CTRL_LFENCE_OFF, use_ibrs
+       jnz     22f
        lfence
 22:
 .endm
@@ -178,6 +184,8 @@
        wrmsr
        jmp 23f
 13:
+       testl  $SPEC_CTRL_LFENCE_OFF, use_ibrs
+       jnz     23f
        lfence
 23:
 .endm
@@ -254,6 +262,11 @@ static inline void clear_ibrs_disabled(void)
        set_ibrs_inuse();
 }
 
+static inline void set_lfence_disabled(void)
+{
+       use_ibrs |= SPEC_CTRL_LFENCE_OFF;
+}
+
 /* indicate usage of IBPB to control execution speculation */
 extern int use_ibpb;
 extern u32 sysctl_ibpb_enabled;

diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
index ecf137d898397b1f5c40287a23073bcfeedfa7b4..b54a1cc6e91e49c1fad1e0ed842169089dcdeb01 100644 (file)
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -89,6 +89,11 @@ static void __init spectre_v2_parse_cmdline(void)
                set_ibpb_disabled();
        }
 
+       if (cmdline_find_option_bool(boot_command_line, "nolfence")) {
+               set_lfence_disabled();
+       }
+
+
        if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
                goto disable;