Received: by 10.223.176.46 with SMTP id f43csp2090100wra; Sun, 21 Jan 2018 11:02:28 -0800 (PST) X-Google-Smtp-Source: AH8x227DBtqnWr2YezSBfmT97groqGE1Dc1frPNkyORGf/TqoihKCJdxW7/ek9JS3//7oyslZx8U X-Received: by 10.99.137.195 with SMTP id v186mr5212708pgd.25.1516561348351; Sun, 21 Jan 2018 11:02:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516561348; cv=none; d=google.com; s=arc-20160816; b=o3qm0CeIASw8pc4rsuFO8gySsHg/xhlhwtBwnoTvyFN8/ogrGU+NlLymM8OA975gXa 2L1gmrfdsUqdcygyFyoEV6irCWSkHjdlPHfpHs6s/N2BpPpD3Ia4iqrbYgTJbEO4FuWW 0xe7E1HscEZgKjVJ4kKOTXwjb3jD2Vj+CPcV/YDJhIZrB3gB+Z/jraeRP+VhLvY9MO6n NSdivfSzu5GZrMWCkQu9bv1xaS009UbGleBoKLLdPWDNbroMAirVVKJi0aa0PW3VCqzb 3I35I74XUCuno4/1FqXVXxQCv02bcBX8K7fq9rGl9AHd7yGD5BaxTkF6m8LTmQHwOZXl mZIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=GtChl+uJelOPtzGSlDarqTOcYsKHaPb5xnJUZdKS+6o=; b=BuFME4B99rLV1jPIZPEUqouHd6AnMpQYyrqXkBt8rSE9BMae+b41AdySIDRzJ5zpS8 Rgz/DwhjLSHYiho3q7xAC0hGv37TvQQP419phw9or5K+gDl9GW6GUxRv0d/iUugrMDPh bgFBtcCHtMKmH/fYgKh0+9hjWZ8vzDUoJMfGU2BUvj6HGvp+RhWsfyD4k2hg86TSa/do Gu79vrEGeLOE6fnT5V8WV1slvOugiSfu6te59uN1Sa+FpZPY1FqLjGd1XKJDiNkctTF7 0Cyy6umVsLQFK8/6xPuQQutq/QqEbsFyFsIgkYfd2uPRdr7hfDAbH80WsqPODVAw013c /yuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o5si13971746pfj.368.2018.01.21.11.02.14; Sun, 21 Jan 2018 11:02:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751284AbeAUTBu (ORCPT + 99 others); Sun, 21 Jan 2018 14:01:50 -0500 Received: from mail.skyhub.de ([5.9.137.197]:51486 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751125AbeAUTBt (ORCPT ); Sun, 21 Jan 2018 14:01:49 -0500 X-Virus-Scanned: Nedap ESD1 at mail.skyhub.de Received: from mail.skyhub.de ([127.0.0.1]) by localhost (blast.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id f4bMNmZyzbC7; Sun, 21 Jan 2018 20:01:48 +0100 (CET) Received: from pd.tnic (p200300EC2BEE1B001C757E499366AA02.dip0.t-ipconnect.de [IPv6:2003:ec:2bee:1b00:1c75:7e49:9366:aa02]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id EE8401EC00FF; Sun, 21 Jan 2018 20:01:47 +0100 (CET) Date: Sun, 21 Jan 2018 20:01:45 +0100 From: Borislav Petkov To: KarimAllah Ahmed Cc: David Woodhouse , arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org Subject: Re: [PATCH v2 5/8] x86/speculation: Add basic support for IBPB Message-ID: <20180121190145.uuk3xizxejckth5s@pd.tnic> References: <1516528149-9370-1-git-send-email-dwmw@amazon.co.uk> <1516528149-9370-6-git-send-email-dwmw@amazon.co.uk> <20180121180621.ufmc5m7nr6v4tjvc@pd.tnic> <31c52131-5f7a-8af0-3092-5fc9e322a734@amazon.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <31c52131-5f7a-8af0-3092-5fc9e322a734@amazon.com> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jan 21, 2018 at 07:29:43PM +0100, KarimAllah Ahmed wrote: > Because static_cpu_has is an indirect branch which will cause speculation > and > we have to avoid that. How so? The JMP_NOSPEC macro protects against JMP jumps but the static_cpu_has() macros all add JMPs with an immediate offset from the next instruction and I wouldn't call them indirect JMPs as there are no registers to speculate on there. IOW, before alternatives, the patch site of static_cpu_has() looks like this: # 151 "./arch/x86/include/asm/cpufeature.h" 1 1: jmp 6f and that 6f label is: 6: testb $1,boot_cpu_data+50(%rip) #, MEM[(const char *)&boot_cpu_data + 50B] jnz .L707 # jmp .L706 # i.e., we basically do if (boot_cpu_has(..)). If the feature is not present, same patch site turns into: 4: jmp .L706 # 5: after patching. Which is a label after the whole thing. That is not an indrect jump through a register either. If the feature is present, the patch site becomes: NOP - added by the patching # ./arch/x86/include/asm/msr.h:105: asm volatile("1: wrmsr\n" .loc 18 105 0 movl $73, %ecx #, tmp138 movl $1, %eax #, tmp139 xorl %edx, %edx # tmp140 #APP # 105 "./arch/x86/include/asm/msr.h" 1 1: wrmsr 2: so execution runs directly into the MSR write and the JMP is gone. So I don't see indirect branches anywhere... -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.