Re: [PATCH v3 2/3] x86/retpoline: Use better sequences for NOSPEC_CALL/JMP

[Woodhouse, David]

On Tue, 2018-01-09 at 18:28 -0800, Andi Kleen wrote:
> From: Andi Kleen <ak@xxxxxxxxxxxxxxx>
> 
> [This fixes a boot failure in the earlier patches
> so may want to be moved earlier to keep git bisect
> happy]
>
> With the latest tip x86/pti I get oopses when booting
> a 64bit VM in qemu with RETPOLINE/gcc7 and PTI enabled.
> Something is wrong with the ALTERNATIVE_2 sequence
> used in NOSPEC_JMP
> 
> Linus suggested a better sequence that is shorter
> and simpler and avoids the problem.


This is just masking a problem which has now been fixed properly
elsewhere â by removing the NOPs from the start of the underlying
RETPOLINE_JMP sequence, *and* by fixing the alternatives mechanism not
to get confused when the altinstr sequence starts with a NOP.

I'm not really convinced by the alternative. It's actually *longer*,
because the lfence can no longer be tucked away in the space that the
full retpoline implementation would have taken. You've prepended a
three-byte 'nop' to the full retpoline.

And I'm not really sure it's simpler either. We go from "do <this>, or
<this> or <this>", with each alternative being a complete and
equivalent way to branch to the register, to a more complex matrix
based on two conditions.

On the whole, given that the actual bug is fixed already, I am inclined
to dismiss this â albeit carefully, since it was partly Linus'
suggestion â as bikeshedding.

Attachment: smime.p7s
Description: S/MIME cryptographic signature