Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752490AbeAFSfq (ORCPT + 1 other); Sat, 6 Jan 2018 13:35:46 -0500 Received: from mail-pl0-f68.google.com ([209.85.160.68]:35163 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750940AbeAFSfo (ORCPT ); Sat, 6 Jan 2018 13:35:44 -0500 X-Google-Smtp-Source: ACJfBouf4y4WXKC1muzuU+dm8onJ1+ilFdq/DBWQrYhZ6xVSjo1M+/ksZ758Om7MHPbFC7JxzdfFTQ== Date: Sat, 6 Jan 2018 10:35:41 -0800 From: Eric Biggers To: David Woodhouse Cc: Andi Kleen , Paul Turner , LKML , Linus Torvalds , Greg Kroah-Hartman , Tim Chen , Dave Hansen , tglx@linutronix.de, Kees Cook , Rik van Riel , Peter Zijlstra , Andy Lutomirski , Jiri Kosina , gnomes@lxorguk.ukuu.org.uk Subject: Re: [PATCH v5 02/12] x86/retpoline: Add initial retpoline support Message-ID: <20180106183541.GA8258@zzz.localdomain> References: <1515239374-23361-1-git-send-email-dwmw@amazon.co.uk> <1515239374-23361-3-git-send-email-dwmw@amazon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1515239374-23361-3-git-send-email-dwmw@amazon.co.uk> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Sat, Jan 06, 2018 at 11:49:24AM +0000, David Woodhouse wrote: > +/* > + * NOSPEC_JMP and NOSPEC_CALL macros can be used instead of a simple > + * indirect jmp/call which may be susceptible to the Spectre variant 2 > + * attack. > + */ Can be, or must be? > +.macro NOSPEC_JMP reg:req > +#ifdef CONFIG_RETPOLINE > + ALTERNATIVE_2 __stringify(jmp *\reg), \ > + __stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE, \ > + __stringify(lfence; jmp *\reg), X86_FEATURE_RETPOLINE_AMD > +#else > + jmp *\reg > +#endif > +.endm > + > +.macro NOSPEC_CALL reg:req > +#ifdef CONFIG_RETPOLINE > + ALTERNATIVE_2 __stringify(call *\reg), \ > + __stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\ > + __stringify(lfence; call *\reg), X86_FEATURE_RETPOLINE_AMD > +#else > + call *\reg > +#endif > +.endm Would it make any sense to name these INDIRECT_JMP and INDIRECT_CALL instead? NOSPEC_ seems to describe how it needs to be implemented on some CPUs, as opposed to what the user wants to do (make an indirect jump or call). Eric