All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Zijlstra <peterz@infradead.org>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Dave Hansen <dave.hansen@intel.com>,
	Ashok Raj <ashok.raj@intel.com>,
	linux-kernel@vger.kernel.org,
	Thomas Gleixner <tglx@linutronix.de>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Andy Lutomirski <luto@kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Greg KH <gregkh@linuxfoundation.org>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Andi Kleen <ak@linux.intel.com>,
	Arjan Van De Ven <arjan.van.de.ven@intel.com>,
	Dan Williams <dan.j.williams@intel.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Jun Nakajima <jun.nakajima@intel.com>,
	Asit Mallick <asit.k.mallick@intel.com>
Subject: Re: [PATCH 3/5] x86/ibrs: Add direct access support for MSR_IA32_SPEC_CTRL
Date: Mon, 15 Jan 2018 14:45:00 +0100	[thread overview]
Message-ID: <20180115134500.GB2228@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <1515751748.22302.421.camel@infradead.org>

On Fri, Jan 12, 2018 at 10:09:08AM +0000, David Woodhouse wrote:
> static_cpu_has() + asm-goto is NOT SUFFICIENT.
> 
> It's still *possible* for a missed optimisation in GCC to still leave
> us with a conditional branch around the wrmsr, letting the CPU
> speculate around it too.

OK, so GCC would have to be bloody retarded to mess this up; but would
something like the below work for you?

The usage is like:

  if (static_branch_unlikely(key)) {
	arch_static_assert();
	stuff();
  }

And then objtool will fail things if the first instruction into that
branch is not immediately after a NOP/JMP patch site (on either the NOP
or the JMP+disp side of things).

---
diff --git a/arch/x86/include/asm/jump_label.h b/arch/x86/include/asm/jump_label.h
index 8c0de4282659..6a1a893145ca 100644
--- a/arch/x86/include/asm/jump_label.h
+++ b/arch/x86/include/asm/jump_label.h
@@ -62,6 +62,15 @@ static __always_inline bool arch_static_branch_jump(struct static_key *key, bool
 	return true;
 }
 
+static __always_inline void arch_static_assert(void)
+{
+	asm volatile ("1:\n\t"
+		      ".pushsection .discard.jump_assert, \"aw\" \n\t"
+		      _ASM_ALIGN  "\n\t"
+		      _ASM_PTR "1b \n\t"
+		      ".popsection \n\t");
+}
+
 #ifdef CONFIG_X86_64
 typedef u64 jump_label_t;
 #else
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index f40d46e24bcc..657bfc706bb6 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -687,8 +687,17 @@ static int handle_jump_alt(struct objtool_file *file,
 			   struct instruction *orig_insn,
 			   struct instruction **new_insn)
 {
-	if (orig_insn->type == INSN_NOP)
+	struct instruction *next_insn = list_next_entry(orig_insn, list);
+
+	if (orig_insn->type == INSN_NOP) {
+		/*
+		 * If orig_insn is a NOP, then new_insn is the branch target
+		 * for when it would've been a JMP.
+		 */
+		next_insn->br_static = true;
+		(*new_insn)->br_static = true;
 		return 0;
+	}
 
 	if (orig_insn->type != INSN_JUMP_UNCONDITIONAL) {
 		WARN_FUNC("unsupported instruction at jump label",
@@ -696,7 +705,16 @@ static int handle_jump_alt(struct objtool_file *file,
 		return -1;
 	}
 
-	*new_insn = list_next_entry(orig_insn, list);
+	/*
+	 * Otherwise, orig_insn is a JMP and it will have orig_insn->jump_dest.
+	 * In this case we'll effectively NOP the alt by pointing new_insn at
+	 * next_insn.
+	 */
+	orig_insn->jump_dest->br_static = true;
+	next_insn->br_static = true;
+
+	*new_insn = next_insn;
+
 	return 0;
 }
 
@@ -1067,6 +1085,50 @@ static int read_unwind_hints(struct objtool_file *file)
 	return 0;
 }
 
+static int read_jump_assertions(struct objtool_file *file)
+{
+	struct section *sec, *relasec;
+	struct instruction *insn;
+	struct rela *rela;
+	int i;
+
+	sec = find_section_by_name(file->elf, ".discard.jump_assert");
+	if (!sec)
+		return 0;
+
+	relasec = sec->rela;
+	if (!relasec) {
+		WARN("missing .rela.discard.jump_assert section");
+		return -1;
+	}
+
+	if (sec->len % sizeof(unsigned long)) {
+		WARN("jump_assert size mismatch: %d %ld", sec->len, sizeof(unsigned long));
+		return -1;
+	}
+
+	for (i = 0; i < sec->len / sizeof(unsigned long); i++) {
+		rela = find_rela_by_dest(sec, i * sizeof(unsigned long));
+		if (!rela) {
+			WARN("can't find rela for jump_assert[%d]", i);
+			return -1;
+		}
+
+		insn = find_insn(file, rela->sym->sec, rela->addend);
+		if (!insn) {
+			WARN("can't find insn for jump_assert[%d]", i);
+			return -1;
+		}
+
+		if (!insn->br_static) {
+			WARN_FUNC("static assert FAIL", insn->sec, insn->offset);
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
 static int decode_sections(struct objtool_file *file)
 {
 	int ret;
@@ -1105,6 +1167,10 @@ static int decode_sections(struct objtool_file *file)
 	if (ret)
 		return ret;
 
+	ret = read_jump_assertions(file);
+	if (ret)
+		return ret;
+
 	return 0;
 }
 
diff --git a/tools/objtool/check.h b/tools/objtool/check.h
index dbadb304a410..12e0a3cf0350 100644
--- a/tools/objtool/check.h
+++ b/tools/objtool/check.h
@@ -45,6 +46,7 @@ struct instruction {
 	unsigned char type;
 	unsigned long immediate;
 	bool alt_group, visited, dead_end, ignore, hint, save, restore, ignore_alts;
+	bool br_static;
 	struct symbol *call_dest;
 	struct instruction *jump_dest;
 	struct list_head alts;

  reply	other threads:[~2018-01-15 13:45 UTC|newest]

Thread overview: 81+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-12  1:32 [PATCH 0/5] Add support for IBRS & IBPB KVM support Ashok Raj
2018-01-12  1:32 ` [PATCH 1/5] x86/ibrs: Introduce native_rdmsrl, and native_wrmsrl Ashok Raj
2018-01-12  1:41   ` Andy Lutomirski
2018-01-12  1:52     ` Raj, Ashok
2018-01-12  2:20       ` Andy Lutomirski
2018-01-12  3:01         ` Raj, Ashok
2018-01-12  5:03           ` Dave Hansen
2018-01-12 16:28             ` Josh Poimboeuf
2018-01-12 16:28             ` Woodhouse, David
2018-01-13  6:20             ` Andy Lutomirski
2018-01-13 13:52               ` Van De Ven, Arjan
2018-01-13 15:20                 ` Andy Lutomirski
2018-01-13  6:19           ` Andy Lutomirski
2018-01-12  7:54   ` Greg KH
2018-01-12 12:28   ` Borislav Petkov
2018-01-12  1:32 ` [PATCH 2/5] x86/ibrs: Add new helper macros to save/restore MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12  1:32 ` [PATCH 3/5] x86/ibrs: Add direct access support for MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12  1:58   ` Dave Hansen
2018-01-12  3:14     ` Raj, Ashok
2018-01-12  9:51     ` Peter Zijlstra
2018-01-12 10:09       ` David Woodhouse
2018-01-15 13:45         ` Peter Zijlstra [this message]
2018-01-15 13:59           ` David Woodhouse
2018-01-15 14:45             ` Peter Zijlstra
2018-01-12  1:32 ` [PATCH 4/5] x86/svm: Direct access to MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12  7:23   ` David Woodhouse
2018-01-12  9:58     ` Peter Zijlstra
2018-01-12 10:13       ` David Woodhouse
2018-01-12 12:38   ` Paolo Bonzini
2018-01-12 15:14   ` Tom Lendacky
2018-01-12  1:32 ` [PATCH 5/5] x86/feature: Detect the x86 feature Indirect Branch Prediction Barrier Ashok Raj
2018-01-12 10:08   ` Peter Zijlstra
2018-01-12 12:32   ` Borislav Petkov
2018-01-12 12:39     ` Woodhouse, David
2018-01-12 15:21       ` Tom Lendacky
2018-01-12 15:31   ` Tom Lendacky
2018-01-12 15:36     ` Woodhouse, David
2018-01-12 17:06       ` Tom Lendacky
2018-02-01 21:59 [PATCH v6 0/5] KVM: Expose speculation control feature to guests KarimAllah Ahmed
2018-02-01 21:59 ` KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 1/5] KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KarimAllah Ahmed
2018-02-02 17:37   ` Jim Mattson
2018-02-03 22:50   ` [tip:x86/pti] KVM/x86: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 2/5] KVM: x86: Add IBPB support KarimAllah Ahmed
2018-02-02 17:49   ` Konrad Rzeszutek Wilk
2018-02-02 18:02     ` David Woodhouse
2018-02-02 18:02       ` David Woodhouse
2018-02-02 19:56       ` Konrad Rzeszutek Wilk
2018-02-02 20:16         ` David Woodhouse
2018-02-02 20:16           ` David Woodhouse
2018-02-02 20:28           ` Konrad Rzeszutek Wilk
2018-02-02 20:31             ` David Woodhouse
2018-02-02 20:31               ` David Woodhouse
2018-02-02 20:52               ` Konrad Rzeszutek Wilk
2018-02-02 20:52             ` Alan Cox
2018-02-05 19:22               ` Paolo Bonzini
2018-02-05 19:24             ` Paolo Bonzini
2018-02-03 22:50   ` [tip:x86/pti] KVM/x86: " tip-bot for Ashok Raj
2018-02-16  3:44   ` [PATCH v6 2/5] KVM: x86: " Jim Mattson
2018-02-16  4:22     ` Andi Kleen
2018-05-03  1:27   ` Wanpeng Li
2018-05-03  9:19     ` Paolo Bonzini
2018-05-03 12:01       ` Wanpeng Li
2018-05-03 12:46       ` Tian, Kevin
2018-02-01 21:59 ` [PATCH v6 3/5] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KarimAllah Ahmed
2018-02-02 10:53   ` Darren Kenny
2018-02-02 17:35     ` Jim Mattson
2018-02-02 17:51   ` Konrad Rzeszutek Wilk
2018-02-03 22:51   ` [tip:x86/pti] KVM/VMX: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL KarimAllah Ahmed
2018-02-02 11:03   ` Darren Kenny
2018-02-02 11:27   ` David Woodhouse
2018-02-02 11:27     ` David Woodhouse
2018-02-02 17:53   ` Konrad Rzeszutek Wilk
2018-02-02 18:05     ` David Woodhouse
2018-02-02 18:19       ` Konrad Rzeszutek Wilk
2018-02-02 17:57   ` Jim Mattson
2018-02-03 22:51   ` [tip:x86/pti] KVM/VMX: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 5/5] KVM: SVM: " KarimAllah Ahmed
2018-02-02 11:06   ` Darren Kenny
2018-02-02 18:02   ` Konrad Rzeszutek Wilk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180115134500.GB2228@hirez.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=aarcange@redhat.com \
    --cc=ak@linux.intel.com \
    --cc=arjan.van.de.ven@intel.com \
    --cc=ashok.raj@intel.com \
    --cc=asit.k.mallick@intel.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@intel.com \
    --cc=dwmw2@infradead.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=jun.nakajima@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=tim.c.chen@linux.intel.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.