Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation

From: David Woodhouse
Date: Tue Jan 23 2018 - 17:54:24 EST

Next message: David Lechner: "[PATCH 0/2] regmap: use debugfs even when no device"
Previous message: David Lechner: "[PATCH 2/2] regmap: use debugfs even when no device"
In reply to: Borislav Petkov: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Next in thread: Andi Kleen: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2018-01-23 at 23:40 +0100, Borislav Petkov wrote:
>
> Btw, this came up today: do we have an idea how to detect objects built
> with gcc which has retpoline support?
>
> The only way I could think of is boot the respective kernel and stare at
> dmesg:
>
> [ÂÂÂ 0.064006] Spectre V2 mitigation: LFENCE not serializing. Switching to generic retpoline
> [ÂÂÂ 0.068003] Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline
>
> and then deduce that it is not a retpoline-enabled compiler:

Right. There *was* a warning during build but we removed that. At the
time, the plan (at least in my head) was to use IBRS instead, if the
retpoline compiler wasn't available. For now we're just going to remain
vulnerable. I'm now wondering if we should reinstate that warning.

> > +retpoline_auto:
> > +ÂÂÂÂÂif (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) {
> > +ÂÂÂÂÂretpoline_amd:
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂif (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂpr_err("LFENCE not serializing. Switching to generic retpoline\n");
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂgoto retpoline_generic;
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂ}
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂmode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD :
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ SPECTRE_V2_RETPOLINE_MINIMAL_AMD;
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂsetup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD);
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂsetup_force_cpu_cap(X86_FEATURE_RETPOLINE);
> > +ÂÂÂÂÂ} else {
> > +ÂÂÂÂÂretpoline_generic:
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂmode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC :
> > +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ SPECTRE_V2_RETPOLINE_MINIMAL;
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> but that might not always be an option.
>
> And it probably should be a more reliable method which we probably could
> use to detect !retpolined modules too.

Andi actually implemented this, but it ended up being watered down
somewhat.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: David Lechner: "[PATCH 0/2] regmap: use debugfs even when no device"
Previous message: David Lechner: "[PATCH 2/2] regmap: use debugfs even when no device"
In reply to: Borislav Petkov: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Next in thread: Andi Kleen: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]