| From foo@baz Wed Mar 9 04:10:24 PM CET 2022 |
| From: "Peter Zijlstra (Intel)" <peterz@infradead.org> |
| Date: Wed, 16 Feb 2022 20:57:00 +0100 |
| Subject: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| |
| From: "Peter Zijlstra (Intel)" <peterz@infradead.org> |
| |
| commit d45476d9832409371537013ebdd8dc1a7781f97a upstream. |
| |
| The RETPOLINE_AMD name is unfortunate since it isn't necessarily |
| AMD only, in fact Hygon also uses it. Furthermore it will likely be |
| sufficient for some Intel processors. Therefore rename the thing to |
| RETPOLINE_LFENCE to better describe what it is. |
| |
| Add the spectre_v2=retpoline,lfence option as an alias to |
| spectre_v2=retpoline,amd to preserve existing setups. However, the output |
| of /sys/devices/system/cpu/vulnerabilities/spectre_v2 will be changed. |
| |
| [ bp: Fix typos, massage. ] |
| |
| Co-developed-by: Josh Poimboeuf <jpoimboe@redhat.com> |
| Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> |
| Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> |
| Signed-off-by: Borislav Petkov <bp@suse.de> |
| Reviewed-by: Thomas Gleixner <tglx@linutronix.de> |
| [fllinden@amazon.com: backported to 4.19] |
| Signed-off-by: Frank van der Linden <fllinden@amazon.com> |
| [bwh: Backported to 4.9: adjust context] |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/x86/include/asm/cpufeatures.h | 2 +- |
| arch/x86/include/asm/nospec-branch.h | 12 ++++++------ |
| arch/x86/kernel/cpu/bugs.c | 29 ++++++++++++++++++----------- |
| tools/arch/x86/include/asm/cpufeatures.h | 2 +- |
| 4 files changed, 26 insertions(+), 19 deletions(-) |
| |
| --- a/arch/x86/include/asm/cpufeatures.h |
| +++ b/arch/x86/include/asm/cpufeatures.h |
| @@ -195,7 +195,7 @@ |
| #define X86_FEATURE_FENCE_SWAPGS_USER ( 7*32+10) /* "" LFENCE in user entry SWAPGS path */ |
| #define X86_FEATURE_FENCE_SWAPGS_KERNEL ( 7*32+11) /* "" LFENCE in kernel entry SWAPGS path */ |
| #define X86_FEATURE_RETPOLINE ( 7*32+12) /* "" Generic Retpoline mitigation for Spectre variant 2 */ |
| -#define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */ |
| +#define X86_FEATURE_RETPOLINE_LFENCE ( 7*32+13) /* "" Use LFENCE for Spectre variant 2 */ |
| |
| #define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */ |
| #define X86_FEATURE_SSBD ( 7*32+17) /* Speculative Store Bypass Disable */ |
| --- a/arch/x86/include/asm/nospec-branch.h |
| +++ b/arch/x86/include/asm/nospec-branch.h |
| @@ -119,7 +119,7 @@ |
| ANNOTATE_NOSPEC_ALTERNATIVE |
| ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; jmp *\reg), \ |
| __stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE, \ |
| - __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *\reg), X86_FEATURE_RETPOLINE_AMD |
| + __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *\reg), X86_FEATURE_RETPOLINE_LFENCE |
| #else |
| jmp *\reg |
| #endif |
| @@ -130,7 +130,7 @@ |
| ANNOTATE_NOSPEC_ALTERNATIVE |
| ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; call *\reg), \ |
| __stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\ |
| - __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; call *\reg), X86_FEATURE_RETPOLINE_AMD |
| + __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; call *\reg), X86_FEATURE_RETPOLINE_LFENCE |
| #else |
| call *\reg |
| #endif |
| @@ -181,7 +181,7 @@ |
| "lfence;\n" \ |
| ANNOTATE_RETPOLINE_SAFE \ |
| "call *%[thunk_target]\n", \ |
| - X86_FEATURE_RETPOLINE_AMD) |
| + X86_FEATURE_RETPOLINE_LFENCE) |
| # define THUNK_TARGET(addr) [thunk_target] "r" (addr) |
| |
| #else /* CONFIG_X86_32 */ |
| @@ -211,7 +211,7 @@ |
| "lfence;\n" \ |
| ANNOTATE_RETPOLINE_SAFE \ |
| "call *%[thunk_target]\n", \ |
| - X86_FEATURE_RETPOLINE_AMD) |
| + X86_FEATURE_RETPOLINE_LFENCE) |
| |
| # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) |
| #endif |
| @@ -223,8 +223,8 @@ |
| /* The Spectre V2 mitigation variants */ |
| enum spectre_v2_mitigation { |
| SPECTRE_V2_NONE, |
| - SPECTRE_V2_RETPOLINE_GENERIC, |
| - SPECTRE_V2_RETPOLINE_AMD, |
| + SPECTRE_V2_RETPOLINE, |
| + SPECTRE_V2_LFENCE, |
| SPECTRE_V2_IBRS_ENHANCED, |
| }; |
| |
| --- a/arch/x86/kernel/cpu/bugs.c |
| +++ b/arch/x86/kernel/cpu/bugs.c |
| @@ -620,7 +620,7 @@ enum spectre_v2_mitigation_cmd { |
| SPECTRE_V2_CMD_FORCE, |
| SPECTRE_V2_CMD_RETPOLINE, |
| SPECTRE_V2_CMD_RETPOLINE_GENERIC, |
| - SPECTRE_V2_CMD_RETPOLINE_AMD, |
| + SPECTRE_V2_CMD_RETPOLINE_LFENCE, |
| }; |
| |
| enum spectre_v2_user_cmd { |
| @@ -780,8 +780,8 @@ set_mode: |
| |
| static const char * const spectre_v2_strings[] = { |
| [SPECTRE_V2_NONE] = "Vulnerable", |
| - [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", |
| - [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", |
| + [SPECTRE_V2_RETPOLINE] = "Mitigation: Retpolines", |
| + [SPECTRE_V2_LFENCE] = "Mitigation: LFENCE", |
| [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", |
| }; |
| |
| @@ -793,7 +793,8 @@ static const struct { |
| { "off", SPECTRE_V2_CMD_NONE, false }, |
| { "on", SPECTRE_V2_CMD_FORCE, true }, |
| { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, |
| - { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, |
| + { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_LFENCE, false }, |
| + { "retpoline,lfence", SPECTRE_V2_CMD_RETPOLINE_LFENCE, false }, |
| { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, |
| { "auto", SPECTRE_V2_CMD_AUTO, false }, |
| }; |
| @@ -831,13 +832,19 @@ static enum spectre_v2_mitigation_cmd __ |
| } |
| |
| if ((cmd == SPECTRE_V2_CMD_RETPOLINE || |
| - cmd == SPECTRE_V2_CMD_RETPOLINE_AMD || |
| + cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE || |
| cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC) && |
| !IS_ENABLED(CONFIG_RETPOLINE)) { |
| pr_err("%s selected but not compiled in. Switching to AUTO select\n", mitigation_options[i].option); |
| return SPECTRE_V2_CMD_AUTO; |
| } |
| |
| + if ((cmd == SPECTRE_V2_CMD_RETPOLINE_LFENCE) && |
| + !boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { |
| + pr_err("%s selected, but CPU doesn't have a serializing LFENCE. Switching to AUTO select\n", mitigation_options[i].option); |
| + return SPECTRE_V2_CMD_AUTO; |
| + } |
| + |
| spec_v2_print_cond(mitigation_options[i].option, |
| mitigation_options[i].secure); |
| return cmd; |
| @@ -872,9 +879,9 @@ static void __init spectre_v2_select_mit |
| if (IS_ENABLED(CONFIG_RETPOLINE)) |
| goto retpoline_auto; |
| break; |
| - case SPECTRE_V2_CMD_RETPOLINE_AMD: |
| + case SPECTRE_V2_CMD_RETPOLINE_LFENCE: |
| if (IS_ENABLED(CONFIG_RETPOLINE)) |
| - goto retpoline_amd; |
| + goto retpoline_lfence; |
| break; |
| case SPECTRE_V2_CMD_RETPOLINE_GENERIC: |
| if (IS_ENABLED(CONFIG_RETPOLINE)) |
| @@ -890,17 +897,17 @@ static void __init spectre_v2_select_mit |
| |
| retpoline_auto: |
| if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) { |
| - retpoline_amd: |
| + retpoline_lfence: |
| if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { |
| pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n"); |
| goto retpoline_generic; |
| } |
| - mode = SPECTRE_V2_RETPOLINE_AMD; |
| - setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); |
| + mode = SPECTRE_V2_LFENCE; |
| + setup_force_cpu_cap(X86_FEATURE_RETPOLINE_LFENCE); |
| setup_force_cpu_cap(X86_FEATURE_RETPOLINE); |
| } else { |
| retpoline_generic: |
| - mode = SPECTRE_V2_RETPOLINE_GENERIC; |
| + mode = SPECTRE_V2_RETPOLINE; |
| setup_force_cpu_cap(X86_FEATURE_RETPOLINE); |
| } |
| |
| --- a/tools/arch/x86/include/asm/cpufeatures.h |
| +++ b/tools/arch/x86/include/asm/cpufeatures.h |
| @@ -194,7 +194,7 @@ |
| #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ |
| |
| #define X86_FEATURE_RETPOLINE ( 7*32+12) /* "" Generic Retpoline mitigation for Spectre variant 2 */ |
| -#define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */ |
| +#define X86_FEATURE_RETPOLINE_LFENCE ( 7*32+13) /* "" Use LFENCEs for Spectre variant 2 */ |
| |
| #define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */ |
| #define X86_FEATURE_SSBD ( 7*32+17) /* Speculative Store Bypass Disable */ |