Received: by 10.223.176.46 with SMTP id f43csp3989099wra;
        Tue, 23 Jan 2018 02:24:47 -0800 (PST)
X-Google-Smtp-Source: AH8x227i1/ddvr7mGGqNBPPepxF57O6NsW807QKxH755nM0gKVIL3mBE3gw/r9RGbSs+mpwVLKuF
X-Received: by 10.101.85.195 with SMTP id k3mr8599192pgs.191.1516703087107;
        Tue, 23 Jan 2018 02:24:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516703087; cv=none;
        d=google.com; s=arc-20160816;
        b=BgIISdqWN2Jb26mjfaWMumFSFRc/pyukVYb8xGA9TMWDTN+aSkrorjAQMXdtwYPItm
         29XSKMsyC5wfaekI4v29BJo/XlVXcU7m/L5Twd0IuiBqVs95ULlTFYm/IYPxx9s3d4tK
         SpRqAfAbOtI0HN1sgTKtRMTtzC7i3MwU++YdGyF8VXEvEf+gyL/ZDPd/buk4sEeVivo0
         QWrLp8S+kHZjjtWwjRIuSEIrBM//DfMFMBQ7D0T6F1Vq5OZjbGl375uiitIn8CW9NMbh
         ixfbO01Cfkv7y0lrMg/9/SmntysuAV7TQA0yub9vUafWx5+2XHowAMzjj0dBnuZVR/kM
         RrSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-transfer-encoding:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature
         :arc-authentication-results;
        bh=7B71ckLQmAvLLGYXbn5WpHP8vd1FliZ1o8R89py343A=;
        b=QlRsnH73Z9n+byk/S9CxqtW3V9qH3WSUmo9yYN+1oYtBfNdW0pAv9JNN2VlkoizoOW
         LjZ/Iiep/zAnoieWa/Af5nE8Sx+Vkul8x2zFph1NkRiZrrNMqfHxU9Sh+b+vLBb1qYma
         7D598otc1ANFVSRB+4kMHKHOtcvZEKrWpUBBgEiLWSyDrvqHCYfO4pztEhdhrXpl+rqS
         RDTHnRPzP+VwHKi5BlKyJBx6D2TqF1EF9GXCSjPcopnjJsAZ2o9eJ2CraXMBUJo3gea9
         C+6NiOTCXKjIT9WsXO3yvpdCVC5JahleLqCa7WzmNa97J6+XIUjVN/ncfzmRNmfpT9Cf
         7Wqw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=rgCv1N6r;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k78si1242031pfk.142.2018.01.23.02.24.32;
        Tue, 23 Jan 2018 02:24:47 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=rgCv1N6r;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751359AbeAWKXj (ORCPT <rfc822;lans.zhang2008@gmail.com>
        + 99 others); Tue, 23 Jan 2018 05:23:39 -0500
Received: from mail-wm0-f51.google.com ([74.125.82.51]:43846 "EHLO
        mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751154AbeAWKXh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 23 Jan 2018 05:23:37 -0500
Received: by mail-wm0-f51.google.com with SMTP id g1so755603wmg.2;
        Tue, 23 Jan 2018 02:23:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:content-transfer-encoding:in-reply-to
         :user-agent;
        bh=7B71ckLQmAvLLGYXbn5WpHP8vd1FliZ1o8R89py343A=;
        b=rgCv1N6rvncmCEVyZnbuDvV5HT8gP9BxNsTeUFlKOnsT8r3GBPOPilgGLJKj0+hl1k
         HNT2siLFmzpH7OsdcgrwtLauofGgHhqBywPyw0CzdE1eHmCKOQWEg9nOElFhA/lcRC3L
         je7bqL+G3KBgimrXuk7y2US1CblH5nsVFY0/NkVY1X+jke2c/w07wHbS8BwZegXqnaFM
         Iy8M7YHPgaJssd9W7PSfSCt4WFhFiqLZdWZ3KzU7LJ0pDoduQT/A/IefSdd9/gygDXdy
         owEhxp8UBKuMh2Zt04S93O7ffdPWSOD3rZsBeJFkFz4S72PVMgpP+FMfCy0o67jcWqUs
         2O7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:date:from:to:cc:subject:message-id
         :references:mime-version:content-disposition
         :content-transfer-encoding:in-reply-to:user-agent;
        bh=7B71ckLQmAvLLGYXbn5WpHP8vd1FliZ1o8R89py343A=;
        b=H1v4owxQnrOPDIEiBGFObbHlnmijnuBeDy4WPFF1oV89JiVx+bFrxRmJNNXsczZ9rx
         LEEHUYCFrXDA44IFCJBFT+EQoKX7IIQFhFe8Ewdoc0GGBWQFJPHwjYzz4GeKC78vvIMa
         BLPXDjEglK1VD+A43VzDtbqZ/NmYUZh8Hml6i6RmTePjoCptKdIpyF1TjqMvfCCZU6GF
         v+Z6hg3WM0ghywfvRrg92dGcnyzWZAnKfVutecQ2fcqI+IWuJmozG9Ir1P4yrcyQWqsF
         Ljm8Yy56JzX9ghqMb5cKNuboPrEJwa22JCkwulRzDchnLL7SPm0AJq4ntbGkb3apxOEm
         qS6A==
X-Gm-Message-State: AKwxytewK2curVgLT5oKmRciyKJBZjeJrGZ2mOXyDZ4mALYBFX9hk3qx
        3ImEzMDXu7lBc0WtP3Hmlso=
X-Received: by 10.28.146.141 with SMTP id u135mr1380510wmd.26.1516703015923;
        Tue, 23 Jan 2018 02:23:35 -0800 (PST)
Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213])
        by smtp.gmail.com with ESMTPSA id b25sm36133wrb.52.2018.01.23.02.23.20
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 23 Jan 2018 02:23:21 -0800 (PST)
Date:   Tue, 23 Jan 2018 11:23:18 +0100
From:   Ingo Molnar <mingo@kernel.org>
To:     David Woodhouse <dwmw2@infradead.org>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        KarimAllah Ahmed <karahmed@amazon.de>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Andi Kleen <ak@linux.intel.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        Arjan van de Ven <arjan@linux.intel.com>,
        Ashok Raj <ashok.raj@intel.com>,
        Asit Mallick <asit.k.mallick@intel.com>,
        Borislav Petkov <bp@suse.de>,
        Dan Williams <dan.j.williams@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
        Joerg Roedel <joro@8bytes.org>,
        Jun Nakajima <jun.nakajima@intel.com>,
        Laura Abbott <labbott@redhat.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        KVM list <kvm@vger.kernel.org>,
        the arch/x86 maintainers <x86@kernel.org>,
        Arjan Van De Ven <arjan.van.de.ven@intel.com>
Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict
 Indirect Branch Speculation
Message-ID: <20180123102318.airsvcl5uckguo2z@gmail.com>
References: <1516476182-5153-10-git-send-email-karahmed@amazon.de>
 <CA+55aFxUEPHc7JRQG3zmxEsfmfJOiJa1QqFBKCBNb5Tt5vfiSg@mail.gmail.com>
 <1516566497.9814.78.camel@infradead.org>
 <CA+55aFwOkH8RH12Dzs=hT3e7eS3Ckz9Ed6x_-9a0zs1cw9zbKA@mail.gmail.com>
 <1516572013.9814.109.camel@infradead.org>
 <CA+55aFwoxXmY0u84iPT-RP8DoG+Qb8t-mh2r8RLhKVAH3jm6qg@mail.gmail.com>
 <1516638426.9521.20.camel@infradead.org>
 <20180123072930.soz25cyky3u4hpgv@gmail.com>
 <20180123075358.nztpyxympwfkyi2a@gmail.com>
 <1516699832.9521.123.camel@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1516699832.9521.123.camel@infradead.org>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


* David Woodhouse <dwmw2@infradead.org> wrote:

> > On SkyLake this would add an overhead of maybe 2-3 cycles per function call and?
> > obviously all this code and data would be very cache hot. Given that the average?
> > number of function calls per system call is around a dozen, this would be _much_?
> > faster than any microcode/MSR based approach.
> 
> That's kind of neat, except you don't want it at the top of the
> function; you want it at the bottom.
> 
> If you could hijack the *return* site, then you could check for
> underflow and stuff the RSB right there. But in __fentry__ there's not
> a lot you can do other than complain that something bad is going to
> happen in the future. You know that a string of 16+ rets is going to
> happen, but you've got no gadget in *there* to deal with it when it
> does.

No, it can be done with the existing CALL instrumentation callback that 
CONFIG_DYNAMIC_FTRACE=y provides, by pushing a RET trampoline on the stack from 
the CALL trampoline - see my previous email.

> HJ did have patches to turn 'ret' into a form of retpoline, which I
> don't think ever even got performance-tested.

Return instrumentation is possible as well, but there are two major drawbacks:

 - GCC support for it is not as widely available and return instrumentation is 
   less tested in Linux kernel contexts

 - a major point of my suggestion is that CONFIG_DYNAMIC_FTRACE=y is already 
   enabled in distros here and today, so the runtime overhead to non-SkyLake CPUs 
   would be literally zero, while still allowing to fix the RSB vulnerability on 
   SkyLake.

Thanks,

	Ingo