From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Alexandre Chartre <alexandre.chartre@oracle.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Peter Zijlstra <peterz@infradead.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sean Christopherson <seanjc@google.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Nikolay Borisov <nik.borisov@suse.com>,
KP Singh <kpsingh@kernel.org>, Waiman Long <longman@redhat.com>,
Borislav Petkov <bp@alien8.de>
Subject: Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed
Date: Thu, 11 Apr 2024 17:15:22 -0700 [thread overview]
Message-ID: <20240412001522.3zp2mzked4ksglkl@desk> (raw)
In-Reply-To: <97befd7c1e008797734dee05181c49056ff6de57.1712813475.git.jpoimboe@kernel.org>
On Wed, Apr 10, 2024 at 10:40:49PM -0700, Josh Poimboeuf wrote:
> Syscall hardening (i.e., converting the syscall indirect branch to a
> series of direct branches) may cause performance regressions in certain
> scenarios. Only use the syscall hardening when indirect branches are
> considered unsafe.
>
> Fixes: 1e3ad78334a6 ("x86/syscall: Don't force use of indirect calls for system calls")
> Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
> ---
> arch/x86/entry/common.c | 30 +++++++++++++++++++++++++---
> arch/x86/entry/syscall_32.c | 11 +---------
> arch/x86/entry/syscall_64.c | 8 +-------
> arch/x86/entry/syscall_x32.c | 7 ++++++-
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/include/asm/syscall.h | 8 +++++++-
> arch/x86/kernel/cpu/bugs.c | 32 +++++++++++++++++++++++++++++-
> 7 files changed, 74 insertions(+), 23 deletions(-)
>
> diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
> index 6de50b80702e..80d432d2fe44 100644
> --- a/arch/x86/entry/common.c
> +++ b/arch/x86/entry/common.c
> @@ -39,6 +39,28 @@
>
> #ifdef CONFIG_X86_64
>
> +/*
> + * Do either a direct or an indirect call, depending on whether indirect calls
> + * are considered safe.
> + */
> +#define __do_syscall(table, func_direct, nr, regs) \
> +({ \
> + unsigned long __rax, __rdi, __rsi; \
> + \
> + asm_inline volatile( \
> + ALTERNATIVE("call " __stringify(func_direct) "\n\t", \
> + ANNOTATE_RETPOLINE_SAFE \
> + "call *%[func_ptr]\n\t", \
This will likely not insert the lfence before the indirect call in
spectre_v2=eibrs,lfence mode. As X86_FEATURE_INDIRECT_SAFE is not
cleared when eIBRS is enabled, this will not be converted to direct
call.
[...]
> @@ -1720,6 +1744,7 @@ static void __init spectre_v2_select_mitigation(void)
>
> case SPECTRE_V2_CMD_RETPOLINE_LFENCE:
> pr_err(SPECTRE_V2_LFENCE_MSG);
> + setup_clear_cpu_cap(X86_FEATURE_INDIRECT_SAFE);
I don't know if it intentional, this seems to be the duplicate of
X86_FEATURE_INDIRECT_SAFE clear later in SPECTRE_V2_LFENCE mode. Also it
seems a bit odd to do this here in SPECTRE_V2_CMD handling.
> mode = SPECTRE_V2_LFENCE;
> break;
>
> @@ -1772,11 +1797,16 @@ static void __init spectre_v2_select_mitigation(void)
> break;
>
> case SPECTRE_V2_LFENCE:
> + setup_clear_cpu_cap(X86_FEATURE_INDIRECT_SAFE);
> + fallthrough;
> case SPECTRE_V2_EIBRS_LFENCE:
> setup_force_cpu_cap(X86_FEATURE_RETPOLINE_LFENCE);
> - fallthrough;
> + setup_force_cpu_cap(X86_FEATURE_RETPOLINE);
> + break;
>
> case SPECTRE_V2_RETPOLINE:
> + setup_clear_cpu_cap(X86_FEATURE_INDIRECT_SAFE);
> + fallthrough;
> case SPECTRE_V2_EIBRS_RETPOLINE:
> setup_force_cpu_cap(X86_FEATURE_RETPOLINE);
> break;
next prev parent reply other threads:[~2024-04-12 0:15 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 5:40 [PATCH 0/7] x86/bugs: BHI fixes / improvements Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 1/7] x86/bugs: BHI documentation fixes Josh Poimboeuf
2024-04-11 6:21 ` Nikolay Borisov
2024-04-11 8:40 ` [tip: x86/urgent] x86/bugs: Fix BHI documentation tip-bot2 for Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 2/7] x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf
2024-04-11 6:22 ` Nikolay Borisov
2024-04-11 7:32 ` [PATCH 2b/7] x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Ingo Molnar
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Ingo Molnar
2024-04-11 8:40 ` [tip: x86/urgent] x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES tip-bot2 for Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 3/7] x86/bugs: Fix BHI handling of RRSBA Josh Poimboeuf
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-11 10:02 ` [PATCH 3/7] " Andrew Cooper
2024-04-11 15:34 ` Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 4/7] x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 5/7] x86/bugs: Only harden syscalls when needed Josh Poimboeuf
2024-04-11 6:20 ` Nikolay Borisov
2024-04-11 15:08 ` Josh Poimboeuf
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-11 10:06 ` [PATCH 5/7] " Andrew Cooper
2024-04-11 15:38 ` Josh Poimboeuf
2024-04-12 10:24 ` Andrew Cooper
2024-04-12 0:15 ` Pawan Gupta [this message]
2024-04-12 3:57 ` Josh Poimboeuf
2024-04-12 4:17 ` Josh Poimboeuf
2024-04-12 5:20 ` Josh Poimboeuf
2024-04-12 10:36 ` Andrew Cooper
2024-04-12 20:24 ` Josh Poimboeuf
2024-04-12 5:27 ` Pawan Gupta
2024-04-12 10:07 ` Ingo Molnar
2024-04-12 6:28 ` Pawan Gupta
2024-04-12 6:37 ` Pawan Gupta
2024-04-11 5:40 ` [PATCH 6/7] x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf
2024-04-11 6:23 ` Nikolay Borisov
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-12 10:12 ` tip-bot2 for Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 7/7] x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf
2024-04-11 7:48 ` Ingo Molnar
2024-04-11 8:18 ` Ingo Molnar
2024-04-17 5:35 ` Reinette Chatre
2024-04-11 15:24 ` Josh Poimboeuf
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-12 10:12 ` tip-bot2 for Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240412001522.3zp2mzked4ksglkl@desk \
--to=pawan.kumar.gupta@linux.intel.com \
--cc=alexandre.chartre@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jpoimboe@kernel.org \
--cc=konrad.wilk@oracle.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=nik.borisov@suse.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.