x86/retbleed: Add X86_FEATURE_CALL_DEPTH

Intel SKL CPUs fall back to other predictors when the RSB underflows. The
only microcode mitigation is IBRS which is insanely expensive. It comes
with performance drops of up to 30% depending on the workload.

A way less expensive, but nevertheless horrible mitigation is to track the
call depth in software and overeagerly fill the RSB when returns underflow
the software counter.

Provide a configuration symbol and a CPU misfeature bit.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220915111147.056176424@infradead.org

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index e368fc0daa4acffd63af66e08287b8a0d7fca0e7..6ae7fa4b8eb7d35991b1f9ac93d7aecc08ba110e 100644 (file)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2523,6 +2523,25 @@ config CPU_UNRET_ENTRY
        help
          Compile the kernel with support for the retbleed=unret mitigation.
 
+config CALL_DEPTH_TRACKING
+       bool "Mitigate RSB underflow with call depth tracking"
+       depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS
+       select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
+       select CALL_THUNKS
+       default y
+       help
+         Compile the kernel with call depth tracking to mitigate the Intel
+         SKL Return-Speculation-Buffer (RSB) underflow issue. The
+         mitigation is off by default and needs to be enabled on the
+         kernel command line via the retbleed=stuff option. For
+         non-affected systems the overhead of this option is marginal as
+         the call depth tracking is using run-time generated call thunks
+         in a compiler generated padding area and call patching. This
+         increases text size by ~5%. For non affected systems this space
+         is unused. On affected SKL systems this results in a significant
+         performance gain over the IBRS mitigation.
+
+
 config CPU_IBPB_ENTRY
        bool "Enable IBPB on kernel entry"
        depends on CPU_SUP_AMD && X86_64

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index b71f4f2ecdd571a44a808e443118278ea30cbe04..aefd0816a333f0a22ff75f4cc961b9d00e24bc6a 100644 (file)
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -304,6 +304,7 @@
 #define X86_FEATURE_UNRET              (11*32+15) /* "" AMD BTB untrain return */
 #define X86_FEATURE_USE_IBPB_FW                (11*32+16) /* "" Use IBPB during runtime firmware calls */
 #define X86_FEATURE_RSB_VMEXIT_LITE    (11*32+17) /* "" Fill RSB on VM exit when EIBRS is enabled */
+#define X86_FEATURE_CALL_DEPTH         (11*32+18) /* "" Call depth tracking for RSB stuffing */
 
 /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
 #define X86_FEATURE_AVX_VNNI           (12*32+ 4) /* AVX VNNI instructions */

diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index 33d2cd04d2544791b1363f8d7578a7d45b7fc749..bbb03b25263e730541c753b2c0274ca66cf8209d 100644 (file)
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -69,6 +69,12 @@
 # define DISABLE_UNRET         (1 << (X86_FEATURE_UNRET & 31))
 #endif
 
+#ifdef CONFIG_CALL_DEPTH_TRACKING
+# define DISABLE_CALL_DEPTH_TRACKING   0
+#else
+# define DISABLE_CALL_DEPTH_TRACKING   (1 << (X86_FEATURE_CALL_DEPTH & 31))
+#endif
+
 #ifdef CONFIG_INTEL_IOMMU_SVM
 # define DISABLE_ENQCMD                0
 #else
@@ -101,7 +107,8 @@
 #define DISABLED_MASK8 (DISABLE_TDX_GUEST)
 #define DISABLED_MASK9 (DISABLE_SGX)
 #define DISABLED_MASK10        0
-#define DISABLED_MASK11        (DISABLE_RETPOLINE|DISABLE_RETHUNK|DISABLE_UNRET)
+#define DISABLED_MASK11        (DISABLE_RETPOLINE|DISABLE_RETHUNK|DISABLE_UNRET| \
+                        DISABLE_CALL_DEPTH_TRACKING)
 #define DISABLED_MASK12        0
 #define DISABLED_MASK13        0
 #define DISABLED_MASK14        0