[RFC PATCH 0/4] Retpoline / IBRS_ALL
From: David Woodhouse
Date: Tue Feb 06 2018 - 19:06:32 EST
Using retpoline ensures the kernel is safe because it doesn't contain
any indirect branches, but firmware still can â and we make calls into
firmware at runtime. Where the IBRS microcode support is available, use
that before calling into firmware.
While doing that, I noticed that we were calling C functions without
telling the compiler about the call-clobbered registers. Stop that.
This also contains the always_inline fix for the performance problem
introduced by retpoline in KVM code, and finally adds IBRS_ALL support
for future CPUs, where we can disable the retpoline but still want to
use IBPB on context switch etc. I'll repeat the comment from that commit
here, for clarity:
This does not actually *set* the IBRS bit in the SPEC_CTRL register,
because Intel's documentation is wrong. Not wrong in the sense of
"does not accurately describe Intel's planned future hardware", but
more in the sense that if Intel make hardware like that, then they
are Doing It Wrongâ.
With IBRS_ALL advertised in IA32_ARCH_CAPABILITIES, the IBRS bit in
the MSR should do *nothing*. The safe mode where the CPU honours the
tags in the BTB/RSB should be enabled *unconditionally*.
David Woodhouse (4):
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
KVM: x86: Reduce retpoline performance impact in slot_handle_level_range()
x86/speculation: Use IBRS if available before calling into firmware
x86/speculation: Support "Enhanced IBRS" on future CPUs
arch/x86/include/asm/apm.h | 6 ++++++
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/efi.h | 13 +++++++++++--
arch/x86/include/asm/nospec-branch.h | 34 +++++++++++++++++++++++++++++-----
arch/x86/include/asm/processor.h | 3 ---
arch/x86/kernel/cpu/bugs.c | 29 ++++++++++++++++++++++-------
arch/x86/kvm/mmu.c | 10 +++++-----
drivers/watchdog/hpwdt.c | 3 +++
8 files changed, 77 insertions(+), 22 deletions(-)
--
2.7.4