Received: by 10.223.176.46 with SMTP id f43csp2702593wra;
        Thu, 25 Jan 2018 13:55:23 -0800 (PST)
X-Google-Smtp-Source: AH8x227evGJeksb+kwMT6JXYTadgU3B1kqyFZGP61XCThs4RB9i9V4si4aYsHHcmcQ/IZX/PnvX5
X-Received: by 10.99.54.76 with SMTP id d73mr14097939pga.202.1516917323827;
        Thu, 25 Jan 2018 13:55:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516917323; cv=none;
        d=google.com; s=arc-20160816;
        b=IlGX0vIO2DF/hx+WAasnRe6/8x9TbtFAwBmpy99FLfzKXfJzqfIhMJPuu+6m+Ukl3b
         3DP7PU/UQecn/wwPN7ZiVsr+WpW8sZ3lLD2SvGUMs0fYqE4tEeeP/X4QFP2hwzR5i1IA
         vCkJANuNxBuLiAufBkvyKghbwFCjSA2P32EQSBN5svDiZV7JzOeZRr9l/s0jdqoCD2n4
         egpnU+BVa52Ihk0z6nNMOxp7fgmjSPG9wHxy92/jsCHV/l1BmkOTC8VySypHPe/iyfiZ
         gTMvV+7nPbKYV+8+KzJwQUNkxxS6VKWrJ4blbYAq5c4J1plSnBahM23X3J/PNyXqFlgR
         ID0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=0o8qIDeHzM6vQGhYM+j9uhc2qh9oAdRlTxLTG7WJ71c=;
        b=k4dF8A11JQAWpdAs/KDjY/EX8UGCucuPK4MdO0FPN37M2gGJCbJkp+VMlrOIKQnI4m
         2AHzrJ+c3KUi9ANyR6iR37ehGW/CYUVLXmDfAdMFmzj7V2Grwb68uF7v5dN9b2LwE0gr
         KEEXKHCtF4bb2G6m09bbo7KKtb9lHniNEpL8dCfrx46lA6PF5A4Qa1Fg3SWjbZaJWFNe
         DU9VI1UI/LoV1aWtmZCqwuxlc3JR1JAhHLXPVLDKnVfOcRAVfG1di+PkqZPsityGWC5q
         +YILHvYk8eE6m9EYzFGFSRPIjNgDVGQUK20ZYjx0SBTURP2ztsaHKsQBKBnXCxNNwpsk
         lAiQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=BOF3WTSk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l11si2067238pgr.492.2018.01.25.13.55.09;
        Thu, 25 Jan 2018 13:55:23 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=BOF3WTSk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751500AbeAYVx4 (ORCPT <rfc822;daisukeokaopensource@gmail.com>
        + 99 others); Thu, 25 Jan 2018 16:53:56 -0500
Received: from mail-ot0-f180.google.com ([74.125.82.180]:44944 "EHLO
        mail-ot0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751174AbeAYVxz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 25 Jan 2018 16:53:55 -0500
Received: by mail-ot0-f180.google.com with SMTP id t20so8280987ote.11
        for <linux-kernel@vger.kernel.org>; Thu, 25 Jan 2018 13:53:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=0o8qIDeHzM6vQGhYM+j9uhc2qh9oAdRlTxLTG7WJ71c=;
        b=BOF3WTSkkkxZV+QI9TlocBRyfSVKXYmtX4bRTgwyYaFbCEQWDnNdntlCZ1W0azvwHR
         3O62Nl4fWQqRUnp0SQEMjBa3OSpR50GVZrCahFC280RwLKCzGdZNLOPjl6cbYz5xcpRT
         ncxg1NwgBs1td+HIqE+kzywIOKHhTDGQaC7QtiyV7BMJvpiKbH1TMnvYESsSCI+dapk+
         M952QfygtcFrG4EuxKwanBou+/6roJKN8tovNEBMN16MkB4u1FNjyTzfquMRs1QxJSBc
         NMgt/CT5sEOSOIOwib31J0njcan62LyXuIS5HG85HEgls8w9E5ptMDTFmGc1M4MED61H
         MQFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=0o8qIDeHzM6vQGhYM+j9uhc2qh9oAdRlTxLTG7WJ71c=;
        b=DBMLzPyIvByvQ5qvLhySBZUygr8vKqPrg/GZkp0LJ3xOVNETPtzVW3bRrO00E49IDU
         +PaGMFsMCB76Zqmlu06XHfW3ioB51ZB5+F3hCae/ckEarqUx1v0z3W4C9ITU3YRIzk+s
         AVasGfszEHsOBBRnWH0PrDIKJvmFU3bMhsAmI8XOv552ye9MjV/Qj7zw3NQ7YqKnqGvO
         o5BTRPcy7aIjbleOweNXE9rhrH1oV+2jliUJ7LqI29rYl6YXTfrX6bFUJkp8KLQNqpX5
         JpPTbueiq4oKDa7rCcHww1wRJsh2w/QEKlfogObOfUk01g5xK8Y+ybHuJMfk4ZmVJEUh
         iz6Q==
X-Gm-Message-State: AKwxytcKTeJcnYC05Yq6hqwXL4DVCiajqezMnwqx435DmIDGeXGp5jcS
        pPMxjN843FPaZEJBBW6OY0j75b9AVuCS1Gba+ow=
X-Received: by 10.107.183.78 with SMTP id h75mr14237788iof.201.1516917234393;
 Thu, 25 Jan 2018 13:53:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.59.196 with HTTP; Thu, 25 Jan 2018 13:53:53 -0800 (PST)
In-Reply-To: <CAPcyv4hrkX-1rAJNU+Kzm2KLjgVNdCHs4no8dYQ=qnTZDDcyTw@mail.gmail.com>
References: <503224b776b9513885453756e44bab235221124e.1516644136.git.luto@kernel.org>
 <CA+55aFwcU_hHz+S9ZDphBDRQLw6pMsd+6Yp_=mQA8kTcmTzWcQ@mail.gmail.com>
 <CA+55aFyONQeyHit6LcQz_JM5+C9pr61fcWFSpdn=7K_2mZN+oA@mail.gmail.com>
 <CALCETrVUY9p9jMNhuBgM3mWATsr1Fc_ZWc=bjidBkLw7bq5Vdg@mail.gmail.com>
 <CA+55aFwUn7+WiHxL7PBWxNrGB0--HETqUjdRwxi+DkMvCP_CaA@mail.gmail.com>
 <CALCETrV1JHK1ovjjD1vbs08K1an6tq6nbRoAj9uyrY2GUYJJBA@mail.gmail.com>
 <CA+55aFzTXVRPo7OBPMo2OB26GisY8-dg6NaC8ackVJgS9M0+4w@mail.gmail.com>
 <CALCETrU42C1S3nvSuLuamXtp2-s1xBG3q5cSNVOfGThncHxBZA@mail.gmail.com> <CAPcyv4hrkX-1rAJNU+Kzm2KLjgVNdCHs4no8dYQ=qnTZDDcyTw@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu, 25 Jan 2018 13:53:53 -0800
X-Google-Sender-Auth: _rpnEz8wK5EgMMp8TItLegnYR-I
Message-ID: <CA+55aFwgWqNAyZ3hVYhn_s2JgdVDeyMSRKFxaU=R3jq7GRs6Bg@mail.gmail.com>
Subject: Re: [PATCH] x86/retpoline/entry: Disable the entire SYSCALL64 fast
 path with retpolines on
To:     Dan Williams <dan.j.williams@intel.com>
Cc:     Andy Lutomirski <luto@kernel.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Alan Cox <alan@linux.intel.com>, Jann Horn <jannh@google.com>,
        Samuel Neves <samuel.c.p.neves@gmail.com>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Borislav Petkov <bp@alien8.de>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jan 25, 2018 at 1:39 PM, Dan Williams <dan.j.williams@intel.com> wrote:
>
> If you're rejiggering, can we also put in a mechanism for detecting
> which registers to clear so that userspace can't inject useful values
> into speculation paths?

That actually becomes trivial with just the "no fastpath" patch I sent
out. You can just clear all of them.

Sure, then do_syscall_64() will reload the six first ones, but since
those are the argument registers anyway, and since they are
caller-clobbered, they have very short lifetimes. So it would
effectively not really be an issue.

But yes, SYSCALL_DEFINEx() rejiggery would close even that tiny hole.

                   Linus