x86/speculation: Prepare for per task indirect branch speculation control
To avoid the overhead of STIBP always on, it's necessary to allow per task control of STIBP. Add a new task flag TIF_SPEC_IB and evaluate it during context switch if SMT is active and flag evaluation is enabled by the speculation control code. Add the conditional evaluation to x86_virt_spec_ctrl() as well so the guest/host switch works properly. This has no effect because TIF_SPEC_IB cannot be set yet and the static key which controls evaluation is off. Preparatory patch for adding the control code. [ tglx: Simplify the context switch logic and make the TIF evaluation depend on SMP=y and on the static key controlling the conditional update. Rename it to TIF_SPEC_IB because it controls both STIBP and IBPB ] Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: David Woodhouse <dwmw@amazon.co.uk> Cc: Andi Kleen <ak@linux.intel.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Casey Schaufler <casey.schaufler@intel.com> Cc: Asit Mallick <asit.k.mallick@intel.com> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Jon Masters <jcm@redhat.com> Cc: Waiman Long <longman9394@gmail.com> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: Dave Stewart <david.c.stewart@intel.com> Cc: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181125185005.176917199@linutronix.de
This commit is contained in:
		
							parent
							
								
									fa1202ef22
								
							
						
					
					
						commit
						5bfbe3ad58
					
				| @ -41,9 +41,10 @@ | ||||
| 
 | ||||
| #define MSR_IA32_SPEC_CTRL		0x00000048 /* Speculation Control */ | ||||
| #define SPEC_CTRL_IBRS			(1 << 0)   /* Indirect Branch Restricted Speculation */ | ||||
| #define SPEC_CTRL_STIBP			(1 << 1)   /* Single Thread Indirect Branch Predictors */ | ||||
| #define SPEC_CTRL_STIBP_SHIFT		1	   /* Single Thread Indirect Branch Predictor (STIBP) bit */ | ||||
| #define SPEC_CTRL_STIBP			(1 << SPEC_CTRL_STIBP_SHIFT)	/* STIBP mask */ | ||||
| #define SPEC_CTRL_SSBD_SHIFT		2	   /* Speculative Store Bypass Disable bit */ | ||||
| #define SPEC_CTRL_SSBD			(1 << SPEC_CTRL_SSBD_SHIFT)   /* Speculative Store Bypass Disable */ | ||||
| #define SPEC_CTRL_SSBD			(1 << SPEC_CTRL_SSBD_SHIFT)	/* Speculative Store Bypass Disable */ | ||||
| 
 | ||||
| #define MSR_IA32_PRED_CMD		0x00000049 /* Prediction Command */ | ||||
| #define PRED_CMD_IBPB			(1 << 0)   /* Indirect Branch Prediction Barrier */ | ||||
|  | ||||
| @ -53,12 +53,24 @@ static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn) | ||||
| 	return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); | ||||
| } | ||||
| 
 | ||||
| static inline u64 stibp_tif_to_spec_ctrl(u64 tifn) | ||||
| { | ||||
| 	BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); | ||||
| 	return (tifn & _TIF_SPEC_IB) >> (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); | ||||
| } | ||||
| 
 | ||||
| static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl) | ||||
| { | ||||
| 	BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT); | ||||
| 	return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); | ||||
| } | ||||
| 
 | ||||
| static inline unsigned long stibp_spec_ctrl_to_tif(u64 spec_ctrl) | ||||
| { | ||||
| 	BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); | ||||
| 	return (spec_ctrl & SPEC_CTRL_STIBP) << (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); | ||||
| } | ||||
| 
 | ||||
| static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn) | ||||
| { | ||||
| 	return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL; | ||||
|  | ||||
| @ -83,6 +83,7 @@ struct thread_info { | ||||
| #define TIF_SYSCALL_EMU		6	/* syscall emulation active */ | ||||
| #define TIF_SYSCALL_AUDIT	7	/* syscall auditing active */ | ||||
| #define TIF_SECCOMP		8	/* secure computing */ | ||||
| #define TIF_SPEC_IB		9	/* Indirect branch speculation mitigation */ | ||||
| #define TIF_USER_RETURN_NOTIFY	11	/* notify kernel of userspace return */ | ||||
| #define TIF_UPROBE		12	/* breakpointed or singlestepping */ | ||||
| #define TIF_PATCH_PENDING	13	/* pending live patching update */ | ||||
| @ -110,6 +111,7 @@ struct thread_info { | ||||
| #define _TIF_SYSCALL_EMU	(1 << TIF_SYSCALL_EMU) | ||||
| #define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT) | ||||
| #define _TIF_SECCOMP		(1 << TIF_SECCOMP) | ||||
| #define _TIF_SPEC_IB		(1 << TIF_SPEC_IB) | ||||
| #define _TIF_USER_RETURN_NOTIFY	(1 << TIF_USER_RETURN_NOTIFY) | ||||
| #define _TIF_UPROBE		(1 << TIF_UPROBE) | ||||
| #define _TIF_PATCH_PENDING	(1 << TIF_PATCH_PENDING) | ||||
| @ -146,7 +148,8 @@ struct thread_info { | ||||
| 
 | ||||
| /* flags to check in __switch_to() */ | ||||
| #define _TIF_WORK_CTXSW							\ | ||||
| 	(_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD) | ||||
| 	(_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP|		\ | ||||
| 	 _TIF_SSBD|_TIF_SPEC_IB) | ||||
| 
 | ||||
| #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY) | ||||
| #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW) | ||||
|  | ||||
| @ -148,6 +148,10 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) | ||||
| 		    static_cpu_has(X86_FEATURE_AMD_SSBD)) | ||||
| 			hostval |= ssbd_tif_to_spec_ctrl(ti->flags); | ||||
| 
 | ||||
| 		/* Conditional STIBP enabled? */ | ||||
| 		if (static_branch_unlikely(&switch_to_cond_stibp)) | ||||
| 			hostval |= stibp_tif_to_spec_ctrl(ti->flags); | ||||
| 
 | ||||
| 		if (hostval != guestval) { | ||||
| 			msrval = setguest ? guestval : hostval; | ||||
| 			wrmsrl(MSR_IA32_SPEC_CTRL, msrval); | ||||
|  | ||||
| @ -404,11 +404,17 @@ static __always_inline void amd_set_ssb_virt_state(unsigned long tifn) | ||||
| static __always_inline void __speculation_ctrl_update(unsigned long tifp, | ||||
| 						      unsigned long tifn) | ||||
| { | ||||
| 	unsigned long tif_diff = tifp ^ tifn; | ||||
| 	u64 msr = x86_spec_ctrl_base; | ||||
| 	bool updmsr = false; | ||||
| 
 | ||||
| 	/* If TIF_SSBD is different, select the proper mitigation method */ | ||||
| 	if ((tifp ^ tifn) & _TIF_SSBD) { | ||||
| 	/*
 | ||||
| 	 * If TIF_SSBD is different, select the proper mitigation | ||||
| 	 * method. Note that if SSBD mitigation is disabled or permanentely | ||||
| 	 * enabled this branch can't be taken because nothing can set | ||||
| 	 * TIF_SSBD. | ||||
| 	 */ | ||||
| 	if (tif_diff & _TIF_SSBD) { | ||||
| 		if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) { | ||||
| 			amd_set_ssb_virt_state(tifn); | ||||
| 		} else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) { | ||||
| @ -420,6 +426,16 @@ static __always_inline void __speculation_ctrl_update(unsigned long tifp, | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	/*
 | ||||
| 	 * Only evaluate TIF_SPEC_IB if conditional STIBP is enabled, | ||||
| 	 * otherwise avoid the MSR write. | ||||
| 	 */ | ||||
| 	if (IS_ENABLED(CONFIG_SMP) && | ||||
| 	    static_branch_unlikely(&switch_to_cond_stibp)) { | ||||
| 		updmsr |= !!(tif_diff & _TIF_SPEC_IB); | ||||
| 		msr |= stibp_tif_to_spec_ctrl(tifn); | ||||
| 	} | ||||
| 
 | ||||
| 	if (updmsr) | ||||
| 		wrmsrl(MSR_IA32_SPEC_CTRL, msr); | ||||
| } | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user