From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Josh Poimboeuf <jpoimboe@kernel.org>, x86@kernel.org
Cc: linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Alexandre Chartre <alexandre.chartre@oracle.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Peter Zijlstra <peterz@infradead.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sean Christopherson <seanjc@google.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Nikolay Borisov <nik.borisov@suse.com>,
KP Singh <kpsingh@kernel.org>, Waiman Long <longman@redhat.com>,
Borislav Petkov <bp@alien8.de>
Subject: Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed
Date: Thu, 11 Apr 2024 11:06:37 +0100 [thread overview]
Message-ID: <90405c43-daca-48e4-b424-d66d6bf4dd87@citrix.com> (raw)
In-Reply-To: <97befd7c1e008797734dee05181c49056ff6de57.1712813475.git.jpoimboe@kernel.org>
On 11/04/2024 6:40 am, Josh Poimboeuf wrote:
> diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
> index 6de50b80702e..80d432d2fe44 100644
> --- a/arch/x86/entry/common.c
> +++ b/arch/x86/entry/common.c
> @@ -39,6 +39,28 @@
>
> #ifdef CONFIG_X86_64
>
> +/*
> + * Do either a direct or an indirect call, depending on whether indirect calls
> + * are considered safe.
> + */
> +#define __do_syscall(table, func_direct, nr, regs) \
> +({ \
> + unsigned long __rax, __rdi, __rsi; \
> + \
> + asm_inline volatile( \
> + ALTERNATIVE("call " __stringify(func_direct) "\n\t", \
> + ANNOTATE_RETPOLINE_SAFE \
> + "call *%[func_ptr]\n\t", \
This wants to be a plain maybe-thunk'd indirect call, and without the
ANNOTATE_RETPOLINE_SAFE.
Or you're going to get into cases where some combinations of command
line options do unexpected things e.g. retpolining everything except the
syscall dispatch.
~Andrew
next prev parent reply other threads:[~2024-04-11 10:06 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 5:40 [PATCH 0/7] x86/bugs: BHI fixes / improvements Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 1/7] x86/bugs: BHI documentation fixes Josh Poimboeuf
2024-04-11 6:21 ` Nikolay Borisov
2024-04-11 8:40 ` [tip: x86/urgent] x86/bugs: Fix BHI documentation tip-bot2 for Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 2/7] x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf
2024-04-11 6:22 ` Nikolay Borisov
2024-04-11 7:32 ` [PATCH 2b/7] x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Ingo Molnar
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Ingo Molnar
2024-04-11 8:40 ` [tip: x86/urgent] x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES tip-bot2 for Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 3/7] x86/bugs: Fix BHI handling of RRSBA Josh Poimboeuf
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-11 10:02 ` [PATCH 3/7] " Andrew Cooper
2024-04-11 15:34 ` Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 4/7] x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 5/7] x86/bugs: Only harden syscalls when needed Josh Poimboeuf
2024-04-11 6:20 ` Nikolay Borisov
2024-04-11 15:08 ` Josh Poimboeuf
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-11 10:06 ` Andrew Cooper [this message]
2024-04-11 15:38 ` [PATCH 5/7] " Josh Poimboeuf
2024-04-12 10:24 ` Andrew Cooper
2024-04-12 0:15 ` Pawan Gupta
2024-04-12 3:57 ` Josh Poimboeuf
2024-04-12 4:17 ` Josh Poimboeuf
2024-04-12 5:20 ` Josh Poimboeuf
2024-04-12 10:36 ` Andrew Cooper
2024-04-12 20:24 ` Josh Poimboeuf
2024-04-12 5:27 ` Pawan Gupta
2024-04-12 10:07 ` Ingo Molnar
2024-04-12 6:28 ` Pawan Gupta
2024-04-12 6:37 ` Pawan Gupta
2024-04-11 5:40 ` [PATCH 6/7] x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf
2024-04-11 6:23 ` Nikolay Borisov
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-12 10:12 ` tip-bot2 for Josh Poimboeuf
2024-04-11 5:40 ` [PATCH 7/7] x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf
2024-04-11 7:48 ` Ingo Molnar
2024-04-11 8:18 ` Ingo Molnar
2024-04-17 5:35 ` Reinette Chatre
2024-04-11 15:24 ` Josh Poimboeuf
2024-04-11 8:40 ` [tip: x86/urgent] " tip-bot2 for Josh Poimboeuf
2024-04-12 10:12 ` tip-bot2 for Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=90405c43-daca-48e4-b424-d66d6bf4dd87@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=alexandre.chartre@oracle.com \
--cc=bp@alien8.de \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jpoimboe@kernel.org \
--cc=konrad.wilk@oracle.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=nik.borisov@suse.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.