From 6356581e07921f134124f909e17cdfc52acac139 Mon Sep 17 00:00:00 2001 From: Boris Ostrovsky Date: Tue, 23 Jan 2018 11:02:41 -0500 Subject: [PATCH] x86/IBRS: Remove support for IBRS_ENABLED_USER mode This mode was added based on our understanding of IBRS_ATT (IBRS All The Time) described in early versions of Intel documentation. We assumed that while "basic" IBRS protects kernel from using predictions created by userland, IBRS_ATT will provide similar defence between usermode tasks. This understanding was incorrect. Instead, IBRS_ATT (also referred to as "Enhanced IBRS") allows the kernel to write IBRS MSR once, during boot, and never have to write it again. This is in contrast to basic IBRS where every change of protection mode required an MSR write, which is somewhat expensive. Enhanced IBRS is not available on existing processors. Until it becomes available we remove IBRS_ENABLED_USER. While doing this also add a test in ibrs_enabled_write() that will only process input if the mode will actually change. Orabug: 27448280 Signed-off-by: Boris Ostrovsky Reviewed-by: Krish Sadhukhan Reviewed-by: Konrad Rzeszutek Wilk Signed-off-by: Konrad Rzeszutek Wilk --- arch/x86/include/asm/spec_ctrl.h | 8 -------- arch/x86/kernel/cpu/spec_ctrl.c | 24 ++++++++---------------- 2 files changed, 8 insertions(+), 24 deletions(-) diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h index 85fe1105f9e1..97bdadcecfec 100644 --- a/arch/x86/include/asm/spec_ctrl.h +++ b/arch/x86/include/asm/spec_ctrl.h @@ -202,14 +202,6 @@ ALTERNATIVE __stringify(__ASM_STUFF_RSB), "", X86_FEATURE_SMEP .endm #else -enum { - IBRS_DISABLED, - /* in host kernel, disabled in guest and userland */ - IBRS_ENABLED, - /* in host kernel and host userland, disabled in guest */ - IBRS_ENABLED_USER, - IBRS_MAX = IBRS_ENABLED_USER, -}; /* indicate usage of IBRS to control execution speculation */ extern int use_ibrs; diff --git a/arch/x86/kernel/cpu/spec_ctrl.c b/arch/x86/kernel/cpu/spec_ctrl.c index 2de6c9ea6122..fab5d6d8fdf5 100644 --- a/arch/x86/kernel/cpu/spec_ctrl.c +++ b/arch/x86/kernel/cpu/spec_ctrl.c @@ -59,34 +59,26 @@ static ssize_t ibrs_enabled_write(struct file *file, if (kstrtouint(buf, 0, &enable)) return -EINVAL; - if (enable > IBRS_MAX) + /* Only 0 and 1 are allowed */ + if (enable > 1) return -EINVAL; + if (!!enable != !!ibrs_disabled) + return count; + mutex_lock(&spec_ctrl_mutex); - if (enable == IBRS_DISABLED) { - /* disable IBRS usage */ + if (!enable) { set_ibrs_disabled(); if (use_ibrs & SPEC_CTRL_IBRS_SUPPORTED) spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_DISABLE_IBRS); - } else if (enable == IBRS_ENABLED) { - /* enable IBRS usage in kernel */ + } else { clear_ibrs_disabled(); if (use_ibrs & SPEC_CTRL_IBRS_SUPPORTED) set_ibrs_inuse(); else /* Platform don't support IBRS */ - enable = IBRS_DISABLED; - } else if (enable == IBRS_ENABLED_USER) { - /* enable IBRS usage in both userspace and kernel */ - clear_ibrs_disabled(); - /* don't change IBRS value once we set it to always on */ - clear_ibrs_inuse(); - if (use_ibrs & SPEC_CTRL_IBRS_SUPPORTED) - spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_ENABLE_IBRS); - else - /* Platform don't support IBRS */ - enable = IBRS_DISABLED; + enable = 0; } sysctl_ibrs_enabled = enable; -- 2.50.1