Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1315383imm; Wed, 17 Oct 2018 17:56:58 -0700 (PDT) X-Google-Smtp-Source: ACcGV62IjuLVd6CeSuovrrGHJGdwjjhzJzkvcZ3AR7j4YEp8P3A3BvkRgKRKrwZjjoaIlSsTBWuM X-Received: by 2002:a63:7b47:: with SMTP id k7-v6mr75442pgn.385.1539824218285; Wed, 17 Oct 2018 17:56:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539824218; cv=none; d=google.com; s=arc-20160816; b=BEj+r6glNSlDZS+xkTonvLkfvy2TzEvoI9jixrGlWPcjJv5yvD+SxSX5EdkQ3n2qxv RbeI6zrqqsyzltEzcKaDGQMwIpoyf57MH8L1wueMTcov5xgVWKETOGegRAD0oVsERy9L fMEWaNd+zpW3QrtKstc6Le7eikDtDTtFi4z/ojThfiNemLJXgkGtfNi4/Tm8Jv6mDMxh VAKjDeOUIlySZV4RuZ+wtOO2X/bdr773hAriVkAcJWyJoDepMLPPpi8WehbWovT3wjnP 0DcC3su+bYZWVWTBBhMtWK+0G7qp3dG91S/SwJsBRIcGuXJ1h21UWaYPfIpaowKQfZ+D 3BAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=SrbYByehgLSf1K5R6p6zcUL1U3/qaaNC0O91DyKu2TU=; b=Pt4G1Z5WqdU8EchLC+/JZWtBtfEx3w3hYqJi41tRFIg0y277/6oQKidkbzC33RvNTA HNGB9z9YEVzFVE4851cqllTzCVrXn1ac5jO1zljmBHdNnNPAuWBjWLc+S69SGOWoIZbk Zefr+OlS9agqKFN+AQH49KHz5vdJPBKZlVU1TliGaeM87wLJ4vhURB9FxhB71rnl+tUs lJxnMwZGLMWQxr6C91wm1xaXV7c60y3dwY/t1k44J1ogCq5WPxFbne/VrUjrtX3HGh1y DhCJSLk2KyIl+Rz2d7Th6Wvt+/IUInaRvj6UW8zaVWQLyHon5iGizoSiAueqFN7lFmIz DgHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t26-v6si3056650pgl.273.2018.10.17.17.56.41; Wed, 17 Oct 2018 17:56:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727474AbeJRIyg (ORCPT + 99 others); Thu, 18 Oct 2018 04:54:36 -0400 Received: from ex13-edg-ou-001.vmware.com ([208.91.0.189]:46860 "EHLO EX13-EDG-OU-001.vmware.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726943AbeJRIyf (ORCPT ); Thu, 18 Oct 2018 04:54:35 -0400 Received: from sc9-mailhost3.vmware.com (10.113.161.73) by EX13-EDG-OU-001.vmware.com (10.113.208.155) with Microsoft SMTP Server id 15.0.1156.6; Wed, 17 Oct 2018 17:55:42 -0700 Received: from sc2-haas01-esx0118.eng.vmware.com (sc2-haas01-esx0118.eng.vmware.com [10.172.44.118]) by sc9-mailhost3.vmware.com (Postfix) with ESMTP id 6F09A4088A; Wed, 17 Oct 2018 17:56:09 -0700 (PDT) From: Nadav Amit To: Ingo Molnar CC: Andy Lutomirski , Peter Zijlstra , "H . Peter Anvin " , Thomas Gleixner , , Nadav Amit , , Borislav Petkov , David Woodhouse , Nadav Amit Subject: [RFC PATCH 5/5] x86: relpoline: disabling interface Date: Wed, 17 Oct 2018 17:54:20 -0700 Message-ID: <20181018005420.82993-6-namit@vmware.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181018005420.82993-1-namit@vmware.com> References: <20181018005420.82993-1-namit@vmware.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: None (EX13-EDG-OU-001.vmware.com: namit@vmware.com does not designate permitted sender hosts) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In certain cases it is beneficial not to use indirect branch promotion. One such case is seccomp, which may hold multiple filters and different ones for different processes. The interface indicates to the macro not to add a relpoline to the the indirect branch. Signed-off-by: Nadav Amit --- arch/x86/include/asm/nospec-branch.h | 25 +++++++++++++++++++++++++ kernel/seccomp.c | 2 ++ 2 files changed, 27 insertions(+) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 360caad7a890..8b10e8165069 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -246,7 +246,21 @@ .endr .endm +.L_DISABLE_INDIRECT_BRANCH_OPT = 0 + +.macro disable_indirect_branch_opt +_DISABLE_INDIRECT_BRANCH_OPT = 1 +.endm + +.macro enable_indirect_branch_opt +_DISABLE_INDIRECT_BRANCH_OPT = 0 +.endm + .macro call v:vararg +.ifc _DISABLE_INDIRECT_BRANCH_OPT, "1" + # The pseudo-prefix is just to avoid expanding the macro + {disp8} call \v +.else retpoline = 0 .irp reg_it,ARCH_REG_NAMES .ifc "\v", "__x86_indirect_thunk_\reg_it" @@ -257,6 +271,7 @@ .if retpoline == 0 {disp8} call \v .endif +.endif .endm #else /* __ASSEMBLY__ */ @@ -409,6 +424,16 @@ struct relpoline_entry { extern const void *indirect_thunks[16]; extern const void *save_relpoline_funcs[16]; +static inline void enable_relpolines(void) +{ + asm volatile("enable_indirect_branch_opt"); +} + +static inline void disable_relpolines(void) +{ + asm volatile("disable_indirect_branch_opt"); +} + /* The Intel SPEC CTRL MSR base value cache */ extern u64 x86_spec_ctrl_base; diff --git a/kernel/seccomp.c b/kernel/seccomp.c index fd023ac24e10..c3fbeddfa8fa 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -207,6 +207,7 @@ static u32 seccomp_run_filters(const struct seccomp_data *sd, * All filters in the list are evaluated and the lowest BPF return * value always takes priority (ignoring the DATA). */ + disable_relpolines(); for (; f; f = f->prev) { u32 cur_ret = BPF_PROG_RUN(f->prog, sd); @@ -215,6 +216,7 @@ static u32 seccomp_run_filters(const struct seccomp_data *sd, *match = f; } } + enable_relpolines(); return ret; } #endif /* CONFIG_SECCOMP_FILTER */ -- 2.17.1