From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751964AbeANPgL (ORCPT + 1 other); Sun, 14 Jan 2018 10:36:11 -0500 Received: from mail.skyhub.de ([5.9.137.197]:39600 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751215AbeANPgJ (ORCPT ); Sun, 14 Jan 2018 10:36:09 -0500 Date: Sun, 14 Jan 2018 16:35:48 +0100 From: Borislav Petkov To: dwmw@amazon.co.uk Cc: tim.c.chen@linux.intel.com, pjt@google.com, jikos@kernel.org, gregkh@linux-foundation.org, dave.hansen@intel.com, mingo@kernel.org, riel@redhat.com, luto@amacapital.net, torvalds@linux-foundation.org, ak@linux.intel.com, keescook@google.com, jpoimboe@redhat.com, peterz@infradead.org, tglx@linutronix.de, hpa@zytor.com, linux-kernel@vger.kernel.org, linux-tip-commits@vger.kernel.org Subject: Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit Message-ID: <20180114153547.5lq6xermghzbp43t@pd.tnic> References: <1515755487-8524-1-git-send-email-dwmw@amazon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b > Gitweb: https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b > Author: David Woodhouse > AuthorDate: Fri, 12 Jan 2018 11:11:27 +0000 > Committer: Thomas Gleixner > CommitDate: Fri, 12 Jan 2018 12:33:37 +0100 > > x86/retpoline: Fill return stack buffer on vmexit ... > +/* > + * Google experimented with loop-unrolling and this turned out to be > + * the optimal version — two calls, each with their own speculation > + * trap should their return address end up getting used, in a loop. > + */ > +#define __FILL_RETURN_BUFFER(reg, nr, sp) \ > + mov $(nr/2), reg; \ > +771: \ > + call 772f; \ > +773: /* speculation trap */ \ > + pause; \ > + jmp 773b; \ > +772: \ > + call 774f; \ > +775: /* speculation trap */ \ > + pause; \ > + jmp 775b; \ > +774: \ > + dec reg; \ > + jnz 771b; \ > + add $(BITS_PER_LONG/8) * nr, sp; > + Btw, just a minor nit: one could finish the lines with \n\t - the lines preceding labels only with \n - so that the asm output looks readable. Right now it is a single line of instructions. But I can fix that later. --- --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -33,23 +33,23 @@ * trap should their return address end up getting used, in a loop. */ #define __FILL_RETURN_BUFFER(reg, nr, sp) \ - mov $(nr/2), reg; \ -771: \ - call 772f; \ -773: /* speculation trap */ \ - pause; \ - lfence; \ - jmp 773b; \ -772: \ - call 774f; \ -775: /* speculation trap */ \ - pause; \ - lfence; \ - jmp 775b; \ -774: \ - dec reg; \ - jnz 771b; \ - add $(BITS_PER_LONG/8) * nr, sp; + mov $(nr/2), reg\n \ +771:\n\t \ + call 772f\n \ +773:/* speculation trap */\n\t \ + pause\n\t \ + lfence\n\t \ + jmp 773b\n \ +772:\n\t \ + call 774f\n \ +775: /* speculation trap */\n\t \ + pause\n\t \ + lfence\n\t \ + jmp 775b\n \ +774:\n\t \ + dec reg\n\t \ + jnz 771b\n\t \ + add $(BITS_PER_LONG/8) * nr, sp\n #ifdef __ASSEMBLY__ -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.