x86/IBRS: Remove support for IBRS_ENABLED_USER mode

This mode was added based on our understanding of IBRS_ATT (IBRS
All The Time) described in early versions of Intel documentation.
We assumed that while "basic" IBRS protects kernel from using
predictions created by userland, IBRS_ATT will provide similar
defence between usermode tasks.

This understanding was incorrect.

Instead, IBRS_ATT (also referred to as "Enhanced IBRS") allows the
kernel to write IBRS MSR once, during boot, and never have to write
it again. This is in contrast to basic IBRS where every change of
protection mode required an MSR write, which is somewhat expensive.

Enhanced IBRS is not available on existing processors. Until it
becomes available we remove IBRS_ENABLED_USER.

While doing this also add a test in ibrs_enabled_write() that will
only process input if the mode will actually change.

Orabug: 27448280

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h
index 85fe1105f9e16984e8fa2f52b6979e036e0c3a39..97bdadcecfec5420bf6e73f1ccac057b3a195676 100644 (file)
--- a/arch/x86/include/asm/spec_ctrl.h
+++ b/arch/x86/include/asm/spec_ctrl.h
@@ -202,14 +202,6 @@ ALTERNATIVE __stringify(__ASM_STUFF_RSB), "", X86_FEATURE_SMEP
 .endm
 
 #else
-enum {
-       IBRS_DISABLED,
-       /* in host kernel, disabled in guest and userland */
-       IBRS_ENABLED,
-       /* in host kernel and host userland, disabled in guest */
-       IBRS_ENABLED_USER,
-       IBRS_MAX = IBRS_ENABLED_USER,
-};
 
 /* indicate usage of IBRS to control execution speculation */
 extern int use_ibrs;

diff --git a/arch/x86/kernel/cpu/spec_ctrl.c b/arch/x86/kernel/cpu/spec_ctrl.c
index 2de6c9ea61227264a3d48f1957f7f83dbd7740dc..fab5d6d8fdf5c0a6f49053038b6b4417eceea7d4 100644 (file)
--- a/arch/x86/kernel/cpu/spec_ctrl.c
+++ b/arch/x86/kernel/cpu/spec_ctrl.c
@@ -59,34 +59,26 @@ static ssize_t ibrs_enabled_write(struct file *file,
         if (kstrtouint(buf, 0, &enable))
                 return -EINVAL;
 
-        if (enable > IBRS_MAX)
+       /* Only 0 and 1 are allowed */
+       if (enable > 1)
                 return -EINVAL;
 
+       if (!!enable != !!ibrs_disabled)
+               return count;
+
        mutex_lock(&spec_ctrl_mutex);
 
-       if (enable == IBRS_DISABLED) {
-               /* disable IBRS usage */
+       if (!enable) {
                set_ibrs_disabled();
                if (use_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
                        spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_DISABLE_IBRS);
-       } else if (enable == IBRS_ENABLED) {
-               /* enable IBRS usage in kernel */
+       } else {
                clear_ibrs_disabled();
                if (use_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
                        set_ibrs_inuse();
                else
                        /* Platform don't support IBRS */
-                       enable = IBRS_DISABLED;
-       } else if (enable == IBRS_ENABLED_USER) {
-               /* enable IBRS usage in both userspace and kernel */
-               clear_ibrs_disabled();
-               /* don't change IBRS value once we set it to always on */
-               clear_ibrs_inuse();
-               if (use_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
-                       spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_ENABLE_IBRS);
-               else
-                       /* Platform don't support IBRS */
-                       enable = IBRS_DISABLED;
+                       enable = 0;
        }
 
        sysctl_ibrs_enabled = enable;