Received: by 10.223.176.46 with SMTP id f43csp3989099wra; Tue, 23 Jan 2018 02:24:47 -0800 (PST) X-Google-Smtp-Source: AH8x227i1/ddvr7mGGqNBPPepxF57O6NsW807QKxH755nM0gKVIL3mBE3gw/r9RGbSs+mpwVLKuF X-Received: by 10.101.85.195 with SMTP id k3mr8599192pgs.191.1516703087107; Tue, 23 Jan 2018 02:24:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516703087; cv=none; d=google.com; s=arc-20160816; b=BgIISdqWN2Jb26mjfaWMumFSFRc/pyukVYb8xGA9TMWDTN+aSkrorjAQMXdtwYPItm 29XSKMsyC5wfaekI4v29BJo/XlVXcU7m/L5Twd0IuiBqVs95ULlTFYm/IYPxx9s3d4tK SpRqAfAbOtI0HN1sgTKtRMTtzC7i3MwU++YdGyF8VXEvEf+gyL/ZDPd/buk4sEeVivo0 QWrLp8S+kHZjjtWwjRIuSEIrBM//DfMFMBQ7D0T6F1Vq5OZjbGl375uiitIn8CW9NMbh ixfbO01Cfkv7y0lrMg/9/SmntysuAV7TQA0yub9vUafWx5+2XHowAMzjj0dBnuZVR/kM RrSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=7B71ckLQmAvLLGYXbn5WpHP8vd1FliZ1o8R89py343A=; b=QlRsnH73Z9n+byk/S9CxqtW3V9qH3WSUmo9yYN+1oYtBfNdW0pAv9JNN2VlkoizoOW LjZ/Iiep/zAnoieWa/Af5nE8Sx+Vkul8x2zFph1NkRiZrrNMqfHxU9Sh+b+vLBb1qYma 7D598otc1ANFVSRB+4kMHKHOtcvZEKrWpUBBgEiLWSyDrvqHCYfO4pztEhdhrXpl+rqS RDTHnRPzP+VwHKi5BlKyJBx6D2TqF1EF9GXCSjPcopnjJsAZ2o9eJ2CraXMBUJo3gea9 C+6NiOTCXKjIT9WsXO3yvpdCVC5JahleLqCa7WzmNa97J6+XIUjVN/ncfzmRNmfpT9Cf 7Wqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=rgCv1N6r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k78si1242031pfk.142.2018.01.23.02.24.32; Tue, 23 Jan 2018 02:24:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=rgCv1N6r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751359AbeAWKXj (ORCPT + 99 others); Tue, 23 Jan 2018 05:23:39 -0500 Received: from mail-wm0-f51.google.com ([74.125.82.51]:43846 "EHLO mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751154AbeAWKXh (ORCPT ); Tue, 23 Jan 2018 05:23:37 -0500 Received: by mail-wm0-f51.google.com with SMTP id g1so755603wmg.2; Tue, 23 Jan 2018 02:23:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=7B71ckLQmAvLLGYXbn5WpHP8vd1FliZ1o8R89py343A=; b=rgCv1N6rvncmCEVyZnbuDvV5HT8gP9BxNsTeUFlKOnsT8r3GBPOPilgGLJKj0+hl1k HNT2siLFmzpH7OsdcgrwtLauofGgHhqBywPyw0CzdE1eHmCKOQWEg9nOElFhA/lcRC3L je7bqL+G3KBgimrXuk7y2US1CblH5nsVFY0/NkVY1X+jke2c/w07wHbS8BwZegXqnaFM Iy8M7YHPgaJssd9W7PSfSCt4WFhFiqLZdWZ3KzU7LJ0pDoduQT/A/IefSdd9/gygDXdy owEhxp8UBKuMh2Zt04S93O7ffdPWSOD3rZsBeJFkFz4S72PVMgpP+FMfCy0o67jcWqUs 2O7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=7B71ckLQmAvLLGYXbn5WpHP8vd1FliZ1o8R89py343A=; b=H1v4owxQnrOPDIEiBGFObbHlnmijnuBeDy4WPFF1oV89JiVx+bFrxRmJNNXsczZ9rx LEEHUYCFrXDA44IFCJBFT+EQoKX7IIQFhFe8Ewdoc0GGBWQFJPHwjYzz4GeKC78vvIMa BLPXDjEglK1VD+A43VzDtbqZ/NmYUZh8Hml6i6RmTePjoCptKdIpyF1TjqMvfCCZU6GF v+Z6hg3WM0ghywfvRrg92dGcnyzWZAnKfVutecQ2fcqI+IWuJmozG9Ir1P4yrcyQWqsF Ljm8Yy56JzX9ghqMb5cKNuboPrEJwa22JCkwulRzDchnLL7SPm0AJq4ntbGkb3apxOEm qS6A== X-Gm-Message-State: AKwxytewK2curVgLT5oKmRciyKJBZjeJrGZ2mOXyDZ4mALYBFX9hk3qx 3ImEzMDXu7lBc0WtP3Hmlso= X-Received: by 10.28.146.141 with SMTP id u135mr1380510wmd.26.1516703015923; Tue, 23 Jan 2018 02:23:35 -0800 (PST) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id b25sm36133wrb.52.2018.01.23.02.23.20 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 23 Jan 2018 02:23:21 -0800 (PST) Date: Tue, 23 Jan 2018 11:23:18 +0100 From: Ingo Molnar To: David Woodhouse Cc: Linus Torvalds , KarimAllah Ahmed , Linux Kernel Mailing List , Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , Radim =?utf-8?B?S3LEjW3DocWZ?= , Thomas Gleixner , Tim Chen , Tom Lendacky , KVM list , the arch/x86 maintainers , Arjan Van De Ven Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation Message-ID: <20180123102318.airsvcl5uckguo2z@gmail.com> References: <1516476182-5153-10-git-send-email-karahmed@amazon.de> <1516566497.9814.78.camel@infradead.org> <1516572013.9814.109.camel@infradead.org> <1516638426.9521.20.camel@infradead.org> <20180123072930.soz25cyky3u4hpgv@gmail.com> <20180123075358.nztpyxympwfkyi2a@gmail.com> <1516699832.9521.123.camel@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1516699832.9521.123.camel@infradead.org> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * David Woodhouse wrote: > > On SkyLake this would add an overhead of maybe 2-3 cycles per function call and? > > obviously all this code and data would be very cache hot. Given that the average? > > number of function calls per system call is around a dozen, this would be _much_? > > faster than any microcode/MSR based approach. > > That's kind of neat, except you don't want it at the top of the > function; you want it at the bottom. > > If you could hijack the *return* site, then you could check for > underflow and stuff the RSB right there. But in __fentry__ there's not > a lot you can do other than complain that something bad is going to > happen in the future. You know that a string of 16+ rets is going to > happen, but you've got no gadget in *there* to deal with it when it > does. No, it can be done with the existing CALL instrumentation callback that CONFIG_DYNAMIC_FTRACE=y provides, by pushing a RET trampoline on the stack from the CALL trampoline - see my previous email. > HJ did have patches to turn 'ret' into a form of retpoline, which I > don't think ever even got performance-tested. Return instrumentation is possible as well, but there are two major drawbacks: - GCC support for it is not as widely available and return instrumentation is less tested in Linux kernel contexts - a major point of my suggestion is that CONFIG_DYNAMIC_FTRACE=y is already enabled in distros here and today, so the runtime overhead to non-SkyLake CPUs would be literally zero, while still allowing to fix the RSB vulnerability on SkyLake. Thanks, Ingo