From mboxrd@z Thu Jan  1 00:00:00 1970
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933497AbeALLP3 (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Fri, 12 Jan 2018 06:15:29 -0500
Received: from Galois.linutronix.de ([146.0.238.70]:33917 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933279AbeALLP2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 12 Jan 2018 06:15:28 -0500
Date: Fri, 12 Jan 2018 12:15:12 +0100 (CET)
From: Thomas Gleixner <tglx@linutronix.de>
To: David Woodhouse <dwmw@amazon.co.uk>
cc: Andi Kleen <ak@linux.intel.com>, Paul Turner <pjt@google.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Greg Kroah-Hartman <gregkh@linux-foundation.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Kees Cook <keescook@google.com>,
        Rik van Riel <riel@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Jiri Kosina <jikos@kernel.org>, gnomes@lxorguk.ukuu.org.uk,
        x86@kernel.org, thomas.lendacky@amd.com,
        Josh Poimboeuf <jpoimboe@redhat.com>
Subject: Re: [PATCH v8.1 12/12] x86/retpoline: Fill return stack buffer on
 vmexit
In-Reply-To: <1515755487-8524-1-git-send-email-dwmw@amazon.co.uk>
Message-ID: <alpine.DEB.2.20.1801121212440.1910@nanos>
References: <20180111235117.GO6718@tassilo.jf.intel.com> <1515755487-8524-1-git-send-email-dwmw@amazon.co.uk>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Fri, 12 Jan 2018, David Woodhouse wrote:

> In accordance with the Intel and AMD documentation, we need to overwrite
> all entries in the RSB on exiting a guest, to prevent malicious branch
> target predictions from affecting the host kernel. This is needed both
> for retpoline and for IBRS.
> 
> [ak: numbers again for the RSB stuffing labels]
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
> I love the smell of bikeshed paint in the morning. But to be fair, this
> one was actually an issue which might possibly have bitten in the future.
> 
> Can we please stop arguing about asm labels now though? Let's get this
> stuff done, and we can set about the oh-so-important task of persuading
> Linus to eliminate all numeric labels and rely on human-readable labels
> with %= and \@ to make them unique, some time after the dust settles.

Fair enough. I surely like the below way more than the sloppy hackery from
Andi which completely removed any form of documentation.

> +#define __FILL_RETURN_BUFFER(reg, nr, sp)	\
> +	mov	$(nr/2), reg;			\
> +771:						\
> +	call	772f;				\
> +773:	/* speculation trap */			\
> +	pause;					\
> +	jmp	773b;				\
> +772:						\
> +	call	774f;				\
> +775:	/* speculation trap */			\
> +	pause;					\
> +	jmp	775b;				\
> +774:						\
> +	dec	reg;				\
> +	jnz	771b;				\
> +	add	$(BITS_PER_LONG/8) * nr, sp;
> +