Re: [PATCH v8.1 12/12] x86/retpoline: Fill return stack buffer on vmexit
From: Thomas Gleixner
Date: Fri Jan 12 2018 - 06:15:33 EST
On Fri, 12 Jan 2018, David Woodhouse wrote:
> In accordance with the Intel and AMD documentation, we need to overwrite
> all entries in the RSB on exiting a guest, to prevent malicious branch
> target predictions from affecting the host kernel. This is needed both
> for retpoline and for IBRS.
>
> [ak: numbers again for the RSB stuffing labels]
> Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx>
> Tested-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> ---
> I love the smell of bikeshed paint in the morning. But to be fair, this
> one was actually an issue which might possibly have bitten in the future.
>
> Can we please stop arguing about asm labels now though? Let's get this
> stuff done, and we can set about the oh-so-important task of persuading
> Linus to eliminate all numeric labels and rely on human-readable labels
> with %= and \@ to make them unique, some time after the dust settles.
Fair enough. I surely like the below way more than the sloppy hackery from
Andi which completely removed any form of documentation.
> +#define __FILL_RETURN_BUFFER(reg, nr, sp) \
> + mov $(nr/2), reg; \
> +771: \
> + call 772f; \
> +773: /* speculation trap */ \
> + pause; \
> + jmp 773b; \
> +772: \
> + call 774f; \
> +775: /* speculation trap */ \
> + pause; \
> + jmp 775b; \
> +774: \
> + dec reg; \
> + jnz 771b; \
> + add $(BITS_PER_LONG/8) * nr, sp;
> +