From: Peter Zijlstra <peterz@infradead.org>
To: Borislav Petkov <bp@alien8.de>
Cc: David Woodhouse <dwmw2@infradead.org>, X86 ML <x86@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
tim.c.chen@linux.intel.com, pjt@google.com, jikos@kernel.org,
gregkh@linux-foundation.org, dave.hansen@intel.com,
riel@redhat.com, luto@amacapital.net,
torvalds@linux-foundation.org, ak@linux.intel.com,
keescook@google.com
Subject: Re: [PATCH v2 1/2] x86/retpoline: Simplify vmexit_fill_RSB()
Date: Mon, 29 Jan 2018 18:13:19 +0100 [thread overview]
Message-ID: <20180129171319.GG2228@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20180126200725.rueqb2m6b4w47eu3@pd.tnic>
On Fri, Jan 26, 2018 at 09:07:25PM +0100, Borislav Petkov wrote:
> +.macro FILL_RETURN_BUFFER nr:req ftr:req
> #ifdef CONFIG_RETPOLINE
> + ALTERNATIVE "", "call __clear_rsb", \ftr
> #endif
> .endm
>
> @@ -206,15 +174,10 @@ extern char __indirect_thunk_end[];
> static inline void vmexit_fill_RSB(void)
> {
> #ifdef CONFIG_RETPOLINE
> + alternative_input("",
> + "call __fill_rsb",
> + X86_FEATURE_RETPOLINE,
> + ASM_NO_INPUT_CLOBBER("memory"));
> #endif
> }
>
> @@ -19,6 +20,37 @@ ENDPROC(__x86_indirect_thunk_\reg)
> .endm
>
> /*
> + * Google experimented with loop-unrolling and this turned out to be
> + * the optimal version — two calls, each with their own speculation
> + * trap should their return address end up getting used, in a loop.
> + */
> +.macro BOINK_RSB nr:req sp:req
> + push %_ASM_AX
> + mov $(\nr / 2), %_ASM_AX
> + .align 16
> +771:
> + call 772f
> +773: /* speculation trap */
> + pause
> + lfence
> + jmp 773b
> + .align 16
> +772:
> + call 774f
> +775: /* speculation trap */
> + pause
> + lfence
> + jmp 775b
> + .align 16
> +774:
> + dec %_ASM_AX
> + jnz 771b
> + add $((BITS_PER_LONG/8) * \nr), \sp
> + pop %_ASM_AX
> +.endm
> +
> +
> +/*
> * Despite being an assembler file we can't just use .irp here
> * because __KSYM_DEPS__ only uses the C preprocessor and would
> * only see one instance of "__x86_indirect_thunk_\reg" rather
> @@ -46,3 +78,15 @@ GENERATE_THUNK(r13)
> GENERATE_THUNK(r14)
> GENERATE_THUNK(r15)
> #endif
> +
> +ENTRY(__fill_rsb)
> + BOINK_RSB RSB_FILL_LOOPS, %_ASM_SP
> + ret
> +END(__fill_rsb)
> +EXPORT_SYMBOL_GPL(__fill_rsb)
> +
> +ENTRY(__clear_rsb)
> + BOINK_RSB RSB_CLEAR_LOOPS, %_ASM_SP
> + ret
> +END(__clear_rsb)
> +EXPORT_SYMBOL_GPL(__clear_rsb)
One thing I feel this ought to mention (in the Changelog probably) is
that it looses one RET for SKL+. That is, where we used to have 16
'safe' RETs before this, we now have 15.
next prev parent reply other threads:[~2018-01-29 17:13 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-26 12:11 [PATCH 0/4] x86: Some cleanups Borislav Petkov
2018-01-26 12:11 ` [PATCH 1/4] x86/alternative: Print unadorned pointers Borislav Petkov
2018-01-26 15:02 ` [tip:x86/pti] " tip-bot for Borislav Petkov
2018-01-26 12:11 ` [PATCH 2/4] x86/nospec: Fix header guards names Borislav Petkov
2018-01-26 15:03 ` [tip:x86/pti] " tip-bot for Borislav Petkov
2018-01-26 12:11 ` [PATCH 3/4] x86/retpoline: Simplify vmexit_fill_RSB() Borislav Petkov
2018-01-26 12:33 ` David Woodhouse
2018-01-26 13:24 ` Borislav Petkov
2018-01-26 16:24 ` David Woodhouse
2018-01-26 16:47 ` Borislav Petkov
2018-01-26 20:06 ` Borislav Petkov
2018-01-26 20:07 ` [PATCH v2 1/2] " Borislav Petkov
2018-01-27 4:20 ` Konrad Rzeszutek Wilk
2018-01-27 9:01 ` Borislav Petkov
2018-01-27 14:04 ` Konrad Rzeszutek Wilk
2018-01-29 17:13 ` Peter Zijlstra [this message]
2018-01-26 20:08 ` [PATCH 2/2] x86/speculation: Simplify indirect_branch_prediction_barrier() Borislav Petkov
2018-01-27 12:32 ` David Woodhouse
2018-01-27 13:21 ` Borislav Petkov
2018-02-06 19:44 ` David Woodhouse
2018-02-06 23:25 ` Josh Poimboeuf
2018-02-06 23:31 ` David Woodhouse
2018-02-06 23:49 ` Josh Poimboeuf
2018-01-26 12:11 ` [PATCH 4/4] x86/bugs: Drop one "mitigation" from dmesg Borislav Petkov
2018-01-26 13:35 ` Greg KH
2018-01-26 15:03 ` [tip:x86/pti] " tip-bot for Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180129171319.GG2228@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dwmw2@infradead.org \
--cc=gregkh@linux-foundation.org \
--cc=jikos@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=pjt@google.com \
--cc=riel@redhat.com \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.