Received: by 10.223.176.46 with SMTP id f43csp4273656wra; Tue, 23 Jan 2018 07:02:23 -0800 (PST) X-Google-Smtp-Source: AH8x227ijCvyJHwlGoatTwUNeuCthDr/MELZu3dy/Kx06lPWuNxywExz5unzbNgj1MHt376PAMrM X-Received: by 2002:a17:902:7003:: with SMTP id y3-v6mr5890465plk.449.1516719743876; Tue, 23 Jan 2018 07:02:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516719743; cv=none; d=google.com; s=arc-20160816; b=Gb8pYCWJZWEYnK1v777RmuN/ZoaWffA+9rFmIJYbyu3ja5a2jBCeQ5leYCFoP55vc6 eSWKgOn9kKe0j7TRGQmEzzbYD/2AENmeUQk/98ZKAvNdsSM1XY8sgFzlRuvD3NmC5KOp x5vzF1ZkHBl/xkiF4bUDmrYUyEUAOpU58P6Aa9nPQjL4mWKnpxhrNgRpcfWOBMruLSFp GZWSdmYy+4ngREsyKb/K3V9FKHrk/g6eCJtfIrM2pZI0TncQs5G9CewhoCq8JLocNlq5 mE+lwwxI8RS20NujVN5N1nqki70Lvt3C2jjnI2ssGr41W9bzRzDi++Cy1PigCvmwYaJ0 m/bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:cc:references:to:subject:arc-authentication-results; bh=2XlVAl35HHlXSnkckXGY4xndEaF+HrKWgOE0MctnN+E=; b=QEAV9B28gvr5lKMunMs8mk0XvTxRv+/ki9VrqmsjDyNqtrOjsQbNo3aIwhe5xyWZhY HpNrm0pR0NA1DJlP+i8i10JhXKEvOtqkNdPq5134zhqwL1TaelyTn9NMZOJAR422qXIH 0XOWpTHfO7MpM2dv1Y6mHffERgmszeB+GGS5c9kl3DluwHb3yFnz4IHrOBtKnkA/LbVC THjLEfYf5ReBo/QqdtkPkV33dNzn4VPPyhv9S0/4ld11BT7vKYthiXEkXmKn482WRm+H MxapOMavuQ+OKi0kvgqQvqd638cvncnvKunm6eYO2HSVWYWJlPp8igp4a3c9n9WjZFr2 z0Xw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h4-v6si4806419plt.483.2018.01.23.07.02.05; Tue, 23 Jan 2018 07:02:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752128AbeAWPBf (ORCPT + 99 others); Tue, 23 Jan 2018 10:01:35 -0500 Received: from mga11.intel.com ([192.55.52.93]:17010 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752044AbeAWPBd (ORCPT ); Tue, 23 Jan 2018 10:01:33 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Jan 2018 07:01:33 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,401,1511856000"; d="scan'208";a="197972022" Received: from kddoan-mobl1.amr.corp.intel.com (HELO [10.254.66.34]) ([10.254.66.34]) by fmsmga005.fm.intel.com with ESMTP; 23 Jan 2018 07:01:31 -0800 Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation To: Ingo Molnar , David Woodhouse References: <1516476182-5153-1-git-send-email-karahmed@amazon.de> <1516476182-5153-10-git-send-email-karahmed@amazon.de> <1516566497.9814.78.camel@infradead.org> <1516572013.9814.109.camel@infradead.org> <1516638426.9521.20.camel@infradead.org> <20180123072930.soz25cyky3u4hpgv@gmail.com> <20180123075358.nztpyxympwfkyi2a@gmail.com> <20180123092756.iznzepwnolsviof7@gmail.com> Cc: Linus Torvalds , KarimAllah Ahmed , Linux Kernel Mailing List , Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Thomas Gleixner , Tim Chen , Tom Lendacky , KVM list , the arch/x86 maintainers , Arjan Van De Ven From: Dave Hansen Message-ID: Date: Tue, 23 Jan 2018 07:01:31 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <20180123092756.iznzepwnolsviof7@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/23/2018 01:27 AM, Ingo Molnar wrote: > > - All asynchronous contexts (IRQs, NMIs, etc.) stuff the RSB before IRET. (The > tracking could probably made IRQ and maybe even NMI safe, but the worst-case > nesting scenarios make my head ache.) This all sounds totally workable to me. We talked about using ftrace itself to track call depth, but it would be unusable in production, of course. This seems workable, though. You're also totally right about the zero overhead on most kernels with it turned off when we don't need RSB underflow protection (basically pre-Skylake). I also agree that the safe thing to do is to just stuff before iret. I bet we can get a ftrace-driven RSB tracker working precisely enough even with NMIs, but it's way simpler to just stuff and be done with it for now.