[PATCH] x86/bugs: wrap X86_FEATURE_RSB_CTXSW with ifdef CONFIG_RETPOLINE

From: Jon Kohler
Date: Fri May 07 2021 - 11:53:56 EST

Next message: Daniel Vetter: "Re: [PULL] topic/iomem-mmap-vs-gup"
Previous message: Michael Walle: "Re: [PATCH 5/6] mtd: spi-nor: core; avoid odd length/address reads on 8D-8D-8D mode"
Next in thread: Dave Hansen: "Re: [PATCH] x86/bugs: wrap X86_FEATURE_RSB_CTXSW with ifdef CONFIG_RETPOLINE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The only place X86_FEATURE_RSB_CTXSW is currently in use is in
arch/x86/entry/entry_{32|64}.S, where its use is wrapped with
ifdef CONFIG_RETPOLINE. If someone uses a system with
X86_FEATURE_IBRS_ENHANCED and compiles without CONFIG_RETPOLINE
but still has spectre v2 set to auto, the kernel log will
print that eIBRS is enabled and that RSB stuffing is enabled;
however, that stuffing would never occur.

To make this behavior more clear, wrap the enablement of
X86_FEATURE_RSB_CTXSW and the resulting log message with ifdef
CONFIG_RETPOLINE, such that it is compiled out along with the
actions it controls.

This way seems more correct at first glance as this was the way
the code was originally written in fdf82a7856b; however, when
enhanced IBRS was added, there was a goto added under
SPECTRE_V2_CMD_AUTO which bypasses going through retpoline_auto,
where X86_FEATURE_RETPOLINE is set.

The other option would be to remove the CONFIG_RETPOLINE from
the code in entry_{32|64}.S, such that it would always be
compiled no matter what, such that these two areas match.

Fixes: 706d51681d6 ("x86/speculation: Support Enhanced IBRS on future CPUs")
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: David Woodhouse <dwmw@xxxxxxxxxxxx>
Cc: Jiri Kosina <jkosina@xxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: Ravi Shankar <ravi.v.shankar@xxxxxxxxx>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@xxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
Signed-off-by: Jon Kohler <jon@xxxxxxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index d41b70fe4918..b72056ee21dd 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -923,6 +923,7 @@ static void __init spectre_v2_select_mitigation(void)
spectre_v2_enabled = mode;
pr_info("%s\n", spectre_v2_strings[mode]);

+#ifdef CONFIG_RETPOLINE
/*
* If spectre v2 protection has been enabled, unconditionally fill
* RSB during a context switch; this protects against two independent
@@ -933,6 +934,9 @@ static void __init spectre_v2_select_mitigation(void)
*/
setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
+#else
+ pr_info("Spectre v2 / SpectreRSB mitigation: kernel not compiled with retpoline, do not fill RSB on context switch\n");
+#endif

/*
* Retpoline means the kernel is safe because it has no indirect
--
2.30.1 (Apple Git-130)

Next message: Daniel Vetter: "Re: [PULL] topic/iomem-mmap-vs-gup"
Previous message: Michael Walle: "Re: [PATCH 5/6] mtd: spi-nor: core; avoid odd length/address reads on 8D-8D-8D mode"
Next in thread: Dave Hansen: "Re: [PATCH] x86/bugs: wrap X86_FEATURE_RSB_CTXSW with ifdef CONFIG_RETPOLINE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]