From: Alexandre Chartre <alexandre.chartre@oracle.com>
To: Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@redhat.com>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
jthierry@redhat.com, tglx@linutronix.de
Subject: Re: [PATCH V2 9/9] x86/speculation: Remove all ANNOTATE_NOSPEC_ALTERNATIVE directives
Date: Thu, 9 Apr 2020 10:18:56 +0200 [thread overview]
Message-ID: <da6efbb5-2610-6721-77ca-9833d13b9398@oracle.com> (raw)
In-Reply-To: <20200408213508.GA4496@worktop.programming.kicks-ass.net>
On 4/8/20 11:35 PM, Peter Zijlstra wrote:
> On Tue, Apr 07, 2020 at 07:27:39PM +0200, Peter Zijlstra wrote:
>> On Tue, Apr 07, 2020 at 11:28:38AM -0500, Josh Poimboeuf wrote:
>>> Again, we should warn on stack changes inside alternatives, and then
>>> look at converting RSB and retpolines to use static branches so they
>>> have deterministic stacks.
>>
>> I don't think we need static brancher, we should just out-of-line the
>> whole thing.
>>
>> Let me sort this CFI error Thomas is getting and then I'll attempt a
>> patch along the lines I outlined in earlier emails.
>
> Something like so.. seems to build and boot.
>
> ---
> From: Peter Zijlstra (Intel) <peterz@infradead.org>
> Subject: x86: Out-of-line retpoline
>
> Since GCC generated code already uses out-of-line retpolines and objtool
> has trouble with retpolines in alternatives, out-of-line them entirely.
>
> This will enable objtool (once it's been taught a few more tricks) to
> generate valid ORC data for the out-of-line copies, which means we can
> correctly and reliably unwind through a retpoline.
>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
> arch/x86/crypto/aesni-intel_asm.S | 4 +--
> arch/x86/crypto/camellia-aesni-avx-asm_64.S | 2 +-
> arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 2 +-
> arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 26 ++++++++---------
> arch/x86/entry/entry_32.S | 6 ++--
> arch/x86/entry/entry_64.S | 2 +-
> arch/x86/include/asm/asm-prototypes.h | 8 ++++--
> arch/x86/include/asm/nospec-branch.h | 42 ++++------------------------
> arch/x86/kernel/ftrace_32.S | 2 +-
> arch/x86/kernel/ftrace_64.S | 4 +--
> arch/x86/lib/checksum_32.S | 4 +--
> arch/x86/lib/retpoline.S | 27 +++++++++++++++---
> arch/x86/platform/efi/efi_stub_64.S | 2 +-
> 13 files changed, 62 insertions(+), 69 deletions(-)
>
...
> /*
> * JMP_NOSPEC and CALL_NOSPEC macros can be used instead of a simple
> * indirect jmp/call which may be susceptible to the Spectre variant 2
> @@ -111,10 +83,9 @@
> */
> .macro JMP_NOSPEC reg:req
> #ifdef CONFIG_RETPOLINE
> - ANNOTATE_NOSPEC_ALTERNATIVE
> - ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; jmp *\reg), \
> - __stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE, \
> - __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *\reg), X86_FEATURE_RETPOLINE_AMD
> + ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; jmp *%\reg), \
> + __stringify(jmp __x86_retpoline_\()\reg), X86_FEATURE_RETPOLINE, \
> + __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *%\reg), X86_FEATURE_RETPOLINE_AMD
> #else
> jmp *\reg
> #endif
> @@ -122,10 +93,9 @@
>
> .macro CALL_NOSPEC reg:req
> #ifdef CONFIG_RETPOLINE
> - ANNOTATE_NOSPEC_ALTERNATIVE
> - ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; call *\reg), \
> - __stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\
> - __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; call *\reg), X86_FEATURE_RETPOLINE_AMD
> + ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; call *%\reg), \
> + __stringify(call __x86_retpoline_\()\reg), X86_FEATURE_RETPOLINE,\
> + __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; call *%\reg), X86_FEATURE_RETPOLINE_AMD
For X86_FEATURE_RETPOLINE_AMD, the call won't be aligned like the others,
it will be after the lfence instruction so ORC data won't be at the same
place. I am adding some code in objtool to check that alternatives don't
change the stack, but I should actually be checking if all alternatives
have the same unwind instructions at the same place.
Other than that, my only question would be any impact on performances.
Retpoline code was added with trying to limit performance impact.
Here, JMP_NOSPEC has now an additional (long) jump, and CALL_NOSPEC
is doing a long call instead of a near call. But I have no idea if this
has a visible impact.
alex.
next prev parent reply other threads:[~2020-04-09 8:24 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 7:31 [PATCH V2 0/9] objtool changes to remove all ANNOTATE_NOSPEC_ALTERNATIVE Alexandre Chartre
2020-04-07 7:31 ` [PATCH V2 1/9] objtool: Introduce HINT_RET_OFFSET Alexandre Chartre
2020-04-07 12:53 ` Peter Zijlstra
2020-04-07 13:17 ` Alexandre Chartre
2020-04-07 7:31 ` [PATCH V2 2/9] objtool: UNWIND_HINT_RET_OFFSET should not check registers Alexandre Chartre
2020-05-01 18:22 ` [tip: objtool/core] " tip-bot2 for Alexandre Chartre
2020-04-07 7:31 ` [PATCH V2 3/9] objtool: is_fentry_call() crashes if call has no destination Alexandre Chartre
2020-04-07 7:31 ` [PATCH V2 4/9] objtool: Allow branches within the same alternative Alexandre Chartre
2020-04-07 7:31 ` [PATCH V2 5/9] objtool: Add support for intra-function calls Alexandre Chartre
2020-04-07 13:07 ` Peter Zijlstra
2020-04-07 13:28 ` Alexandre Chartre
2020-04-08 14:06 ` Alexandre Chartre
2020-04-08 14:19 ` Julien Thierry
2020-04-08 16:03 ` Alexandre Chartre
2020-04-08 16:04 ` Julien Thierry
2020-04-08 17:06 ` Alexandre Chartre
2020-04-08 17:07 ` Julien Thierry
2020-04-07 7:31 ` [PATCH V2 6/9] x86/speculation: Change __FILL_RETURN_BUFFER to work with objtool Alexandre Chartre
2020-04-07 13:27 ` Josh Poimboeuf
2020-04-07 7:31 ` [PATCH V2 7/9] x86/speculation: Annotate intra-function calls Alexandre Chartre
2020-04-07 7:31 ` [PATCH V2 8/9] x86/speculation: Add unwind hint to trampoline return Alexandre Chartre
2020-04-07 7:31 ` [PATCH V2 9/9] x86/speculation: Remove all ANNOTATE_NOSPEC_ALTERNATIVE directives Alexandre Chartre
2020-04-07 13:28 ` Peter Zijlstra
2020-04-07 13:34 ` Josh Poimboeuf
2020-04-07 14:32 ` Alexandre Chartre
2020-04-07 16:18 ` Alexandre Chartre
2020-04-07 16:28 ` Josh Poimboeuf
2020-04-07 17:01 ` Alexandre Chartre
2020-04-07 17:26 ` Peter Zijlstra
2020-04-07 17:27 ` Peter Zijlstra
2020-04-08 21:35 ` Peter Zijlstra
2020-04-09 8:18 ` Alexandre Chartre [this message]
2020-04-09 10:34 ` Peter Zijlstra
2020-04-09 10:40 ` Peter Zijlstra
2020-04-07 16:41 ` Peter Zijlstra
2020-04-07 17:04 ` Alexandre Chartre
2020-04-07 13:52 ` Peter Zijlstra
2020-04-07 13:59 ` Peter Zijlstra
2020-04-07 13:35 ` [PATCH V2 0/9] objtool changes to remove all ANNOTATE_NOSPEC_ALTERNATIVE Josh Poimboeuf
2020-04-07 14:02 ` Alexandre Chartre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=da6efbb5-2610-6721-77ca-9833d13b9398@oracle.com \
--to=alexandre.chartre@oracle.com \
--cc=jpoimboe@redhat.com \
--cc=jthierry@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).