Re: [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure

From: Henrique de Moraes Holschuh
Date: Wed Jan 24 2018 - 05:49:59 EST

Next message: linxiulei: "[PATCH v3] perf/core: Fix installing cgroup event into cpu"
Previous message: tip-bot for Peter Zijlstra: "[tip:locking/urgent] futex: Fix OWNER_DEAD fixup"
In reply to: Peter Zijlstra: "Re: [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure"
Next in thread: David Woodhouse: "Re: [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 24 Jan 2018, David Woodhouse wrote:
> I'm kind of tempted to turn it into a whitelist just by adding 1 to the
> microcode revision in each table entry. Sure, that N+1 might be another
> microcode build that also has issues but never saw the light of day...

Watch out for the (AFAIK) still not properly documented where it should
be (i.e. the microcode chapter of the Intel SDM) weirdness in Skylake+
microcode revision. Actually, this is related to SGX, so anything that
has SGX.

When it has SGX inside, Intel will release microcode only with even
revision numbers, but the processor may report it as odd (and will do so
by subtracting 1, so microcode 0xb0 is the same as microcode 0xaf) when
the update is loaded by the processor itself from FIT (as opposed as
being loaded by WRMSR from BIOS/UEFI/OS).

So, you could see N-1 from within Linux if we did not update the
microcode, and fail to trigger a whitelist (or mistrigger a blacklist).

--
Henrique Holschuh

Next message: linxiulei: "[PATCH v3] perf/core: Fix installing cgroup event into cpu"
Previous message: tip-bot for Peter Zijlstra: "[tip:locking/urgent] futex: Fix OWNER_DEAD fixup"
In reply to: Peter Zijlstra: "Re: [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure"
Next in thread: David Woodhouse: "Re: [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]