Re: [PATCH v2.1] x86/retpoline: Fill return stack buffer on vmexit

From: David Woodhouse
Date: Thu Jan 11 2018 - 11:10:57 EST

Next message: Adam Ford: "Re: [PATCH v5 01/44] dt-bindings: clock: Add new bindings for TI Davinci PLL clocks"
Previous message: Ravikumar Kattekola: "[PATCH 1/1] ARM: dts: dra7: Reduce shut down temperature of non-cpu thermal zones"
In reply to: Josh Poimboeuf: "Re: [PATCH v2.1] x86/retpoline: Fill return stack buffer on vmexit"
Next in thread: Brian Gerst: "Re: [PATCH v2.1] x86/retpoline: Fill return stack buffer on vmexit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2018-01-11 at 09:04 -0600, Josh Poimboeuf wrote:
>
> > How about this one then (with ANNOTATE_NOSPEC_ALTERNATIVE):
> >Â
> > -ÂÂÂÂÂÂÂasm volatile (ALTERNATIVE("",
> > +ÂÂÂÂÂÂÂasm volatile (ALTERNATIVE("jmp " alt_end_marker "f",
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ__stringify(__FILL_RETURN_BUFFER(%0, %1, _%=)),
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂX86_FEATURE_RETPOLINE)
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ: "=r" (dummy), ASM_CALL_CONSTRAINT : : "memory" );
>
> Looks good to me.
>
> Another IRC discussion was that Boris may eventually add a feature to
> the alternatives code to automatically insert such a jump if there are a
> lot of nops.

OK, v3 sent out with that. I've just manually put in a jump round it
(less hackishly than the alt_end_marker one) in the oldinstr for now.

This wants rolling into your objtool fixes:

--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -119,7 +119,8 @@
ÂÂÂ*/
Â.macro FILL_RETURN_BUFFER reg:req nr:req ftr:req
Â#ifdef CONFIG_RETPOLINE
- ALTERNATIVE "jmp .Lskip_rsb_\@", \
+ ANNOTATE_NOSPEC_ALTERNATIVE
+ ALTERNATIVE "jmp .Lskip_rsb_\@", \
Â __stringify(__FILL_RETURN_BUFFER(\reg,\nr,%_ASM_SP,\@)) \
Â \ftr
Â.Lskip_rsb_\@:
@@ -149,6 +150,7 @@
Â# define THUNK_TARGET(addr) [thunk_target] "r" (addr)
Â
Â#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE)
+# define ANNOTATE_NOSPEC_ALTERNATIVE
Â/*
Â * For i386 we use the original ret-equivalent retpoline, because
Â * otherwise we'll run out of registers. We don't care about CET
@@ -201,7 +203,8 @@ static inline void vmexit_fill_RSB(void)
Â#ifdef CONFIG_RETPOLINE
Â unsigned long loops = RSB_CLEAR_LOOPS / 2;
Â
- asm volatile (ALTERNATIVE("jmp .Lskip_rsb_%=",
+ asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE
+ ÂÂÂÂÂÂALTERNATIVE("jmp .Lskip_rsb_%=",
Â ÂÂ__stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1, _%=)),
Â ÂÂX86_FEATURE_RETPOLINE)
Â ÂÂÂÂÂÂ".Lskip_rsb_%=:"

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Adam Ford: "Re: [PATCH v5 01/44] dt-bindings: clock: Add new bindings for TI Davinci PLL clocks"
Previous message: Ravikumar Kattekola: "[PATCH 1/1] ARM: dts: dra7: Reduce shut down temperature of non-cpu thermal zones"
In reply to: Josh Poimboeuf: "Re: [PATCH v2.1] x86/retpoline: Fill return stack buffer on vmexit"
Next in thread: Brian Gerst: "Re: [PATCH v2.1] x86/retpoline: Fill return stack buffer on vmexit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]