| Message ID | 20221104213651.141057-1-kim.phillips@amd.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | x86/speculation: Support Automatic IBRS | expand |
On 11/4/22 14:36, Kim Phillips wrote: > The AMD Zen4 core supports a new feature called Automatic IBRS. > (Indirect Branch Restricted Speculation). > > Enable Automatic IBRS by default if the CPU feature is present. > It typically provides greater performance over the incumbent > generic retpolines mitigation. Could you also share some information on how this differs from EIBRS and why it needs to exist in parallel to EBIRS?
On 11/4/22 5:06 PM, Dave Hansen wrote: > On 11/4/22 14:36, Kim Phillips wrote: >> The AMD Zen4 core supports a new feature called Automatic IBRS. >> (Indirect Branch Restricted Speculation). >> >> Enable Automatic IBRS by default if the CPU feature is present. >> It typically provides greater performance over the incumbent >> generic retpolines mitigation. > > Could you also share some information on how this differs from EIBRS and Some differences are: 1. Unlike EIBRS, AutoIBRS needs STIBP always-on 2. Unlike EIBRS, AutoIBRS doesn't need to clear the RSB on VMEXIT 3. Unlike EIBRS, no AutoIBRS processors are vulnerable to RETBLEED 4. Unlike EIBRS, AutoIBRS doesn't need 4. eIBRS also considers user/supervisor as well as host/guest modes when determining its 'predictor mode', whereas AutoIBRS only affects CPL0. 5. eIBRS also groups CPL0/1/2 together, vs. just CPL0 for AutoIBRS. > why it needs to exist in parallel to EBIRS? If by 'in parallel' you mean why do these patches not tack AutoIBRS onto the SPECTRE_V2_EIBRS enum, there's no big reason, other than now that I've tried to implement it that way, the number of changes to bugs.c goes from 34 lines changed to 58, mostly due to exceptions caused by items such as #3 above, and ignoring EIBRS_RETPOLINE and EIBRS_LFENCE. I've posted the diff to the 2/3 patch thread, please take a look: https://lkml.org/lkml/2022/11/7/1462 https://lore.kernel.org/lkml/20221104213651.141057-1-kim.phillips@amd.com/T/#m78ef9bf6a38db8348e0adde3f5ac8b4953200b41 Thanks, Kim
The AMD Zen4 core supports a new feature called Automatic IBRS. (Indirect Branch Restricted Speculation). Enable Automatic IBRS by default if the CPU feature is present. It typically provides greater performance over the incumbent generic retpolines mitigation. Patch 1 adds support for the CPUID_8000_0021_EAX leaf that has the bit that identifies X86_FEATURE_AUTOIBRS. Patch 2 adds support for Auto IBRS. Patch 3 makes the Auto IBRS feature available for VM guests. Signed-off-by: Kim Phillips <kim.phillips@amd.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Joao Martins <joao.m.martins@oracle.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Sean Christopherson <seanjc@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: David Woodhouse <dwmw@amazon.co.uk> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Juergen Gross <jgross@suse.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Tony Luck <tony.luck@intel.com> Cc: Babu Moger <Babu.Moger@amd.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: kvm@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Kim Phillips (3): x86/cpufeatures: Add support for cpuid leaf 80000021/EAX (FeatureExt2Eax) x86/speculation: Support Automatic IBRS x86/speculation: Support Automatic IBRS under virtualization .../admin-guide/kernel-parameters.txt | 1 + arch/x86/include/asm/cpufeature.h | 7 ++-- arch/x86/include/asm/cpufeatures.h | 5 ++- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/include/asm/nospec-branch.h | 1 + arch/x86/include/asm/required-features.h | 3 +- arch/x86/kernel/cpu/bugs.c | 34 +++++++++++++++++-- arch/x86/kernel/cpu/common.c | 3 ++ arch/x86/kvm/cpuid.c | 5 ++- arch/x86/kvm/reverse_cpuid.h | 1 + arch/x86/kvm/svm/svm.c | 3 ++ arch/x86/kvm/x86.c | 3 ++ 13 files changed, 62 insertions(+), 9 deletions(-)