Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp234834pxb; Thu, 2 Sep 2021 03:02:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxd7yLMtYBCG5p0HUC3m7ApwqueUhCaJ+rizHSDOd6acGs9kkCXih5gBO8YB0B3+CHVB/1m X-Received: by 2002:a02:3b1b:: with SMTP id c27mr2109663jaa.103.1630576938149; Thu, 02 Sep 2021 03:02:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630576938; cv=none; d=google.com; s=arc-20160816; b=I7W8Njrix986+cciVBqIr9W+ptXZo3n4+Gly6Z5EcEzZzlcKa18+zj5Ecx6Zqc3Sex RE2BZGVJIWMv7hn/K/L6FAI5cEbzQkRUNqNGX6B7qIx4sMKjDYLvMnbAFj5jHrRXFHFR /9yNawrEs0gTpzt9QxaFi8BXxhm/0BCcZSvyvnFXGrBMSW+YKbpbVypcmO8cbghXnNqL RG252vi0470FCgQF1dEelTFHn5PvJOmJG0WfDvKdK1sTREpLyr7OfzYMb+/As2m6KpFW cumySXB6IWN1jmvB37qmeIDiAIXTcY7tYlSL4QakI4nOUbDoJD7s053teML/eCg1430Y P/pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=JnunSlEJCIdP9P5c2OtXs84291lvtlHS2UqsTjDRA/w=; b=EE34ccaFdhpeu2RS8sodMTtZ38Pc0xe6HuHFv39gk0DxjRJQHXWpQmnqkYdI2gxa4A hbv02TV2OHX1KdzvrPdkTlLyYhiJ2UBC4yS4jctM9b4iRDIcJGCuMYBiwpSshSnK4j1l GqIn4WU9S8iG+WBKn07mIFLpudlT7R8bzbdr0TFfJn0j5ZgITYw8TqYVsmiEas5SxU11 BRXfb+lmRAupGe1VWwMs1meftlGCd24uxAZFq0YC9ubjEZYRWFJfU+bE+uu1jp9xGLoG +6q2hlQz+3rh29n7clDt0R0+eM3B+RXX3wfBgHLvni2jXyNijhQyvz2jhdEMVu9/pbG+ IYSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=rmWPG8vx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n5si1979677jat.10.2021.09.02.03.02.06; Thu, 02 Sep 2021 03:02:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=rmWPG8vx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245473AbhIBJ1U (ORCPT + 99 others); Thu, 2 Sep 2021 05:27:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245456AbhIBJ1T (ORCPT ); Thu, 2 Sep 2021 05:27:19 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83717C061575 for ; Thu, 2 Sep 2021 02:26:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=JnunSlEJCIdP9P5c2OtXs84291lvtlHS2UqsTjDRA/w=; b=rmWPG8vxCsZeHaqWF4TMPPOVRD qv4QQGU8EcWHGge1jClcrbKp10BEMs1DxkG7uQcTBAqWQMZYGtjcJ/MNiVj5x4VKW7gHTvSyueEZf qwpHsAVZNhAVKEM30ZDauHUes4EOjhr311oPmY35PKjSCIwRXhVdONNZGntyV6i4kuXptruc+KmXk MC6HgTSr62RJ7AfI2bAecUj75W748Bow5vBHDPGq1l2F5c4q9dmIVLZyX7kzaiNM+TydLyk93YJW9 jTm0HgfNolrp/EnFT6vs31QAUBFJQ2jW22Lq7tYDdtl8xO3dYk1bY6uecHQYFHJc/OvC2yt0CXCNm SmP7n46Q==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1mLiyQ-003KJN-79; Thu, 02 Sep 2021 09:25:35 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id AEAEE3001C7; Thu, 2 Sep 2021 11:25:29 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 9535E209D9DBB; Thu, 2 Sep 2021 11:25:29 +0200 (CEST) Date: Thu, 2 Sep 2021 11:25:29 +0200 From: Peter Zijlstra To: Lai Jiangshan Cc: linux-kernel@vger.kernel.org, Lai Jiangshan , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" Subject: Re: [PATCH 09/24] x86/traps: Add fence_swapgs_{user,kernel}_entry() Message-ID: References: <20210831175025.27570-1-jiangshanlai@gmail.com> <20210831175025.27570-10-jiangshanlai@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210831175025.27570-10-jiangshanlai@gmail.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 01, 2021 at 01:50:10AM +0800, Lai Jiangshan wrote: > +/* > + * Mitigate Spectre v1 for conditional swapgs code paths. > + * > + * fence_swapgs_user_entry is used in the user entry swapgs code path, to > + * prevent a speculative swapgs when coming from kernel space. > + * > + * fence_swapgs_kernel_entry is used in the kernel entry non-swapgs code path, > + * to prevent the swapgs from getting speculatively skipped when coming from > + * user space. > + */ > +static __always_inline void fence_swapgs_user_entry(void) > +{ > + alternative("", "lfence", X86_FEATURE_FENCE_SWAPGS_USER); > +} > + > +static __always_inline void fence_swapgs_kernel_entry(void) > +{ > + alternative("", "lfence", X86_FEATURE_FENCE_SWAPGS_KERNEL); > +} I think slightly larger primitives might make more sense; that is include the swapgs in these function and drop the fence_ prefix. Something a bit like... --- a/arch/x86/entry/traps.c +++ b/arch/x86/entry/traps.c @@ -853,20 +853,22 @@ static __always_inline void ist_restore_ /* * Mitigate Spectre v1 for conditional swapgs code paths. * - * fence_swapgs_user_entry is used in the user entry swapgs code path, to - * prevent a speculative swapgs when coming from kernel space. + * swapgs_user_entry is used in the user entry swapgs code path, to prevent a + * speculative swapgs when coming from kernel space. * - * fence_swapgs_kernel_entry is used in the kernel entry non-swapgs code path, - * to prevent the swapgs from getting speculatively skipped when coming from - * user space. + * swapgs_kernel_entry is used in the kernel entry non-swapgs code path, to + * prevent the swapgs from getting speculatively skipped when coming from user + * space. */ -static __always_inline void fence_swapgs_user_entry(void) +static __always_inline void swapgs_user_entry(void) { + native_swapgs(); alternative("", "lfence", X86_FEATURE_FENCE_SWAPGS_USER); } -static __always_inline void fence_swapgs_kernel_entry(void) +static __always_inline void swapgs_kernel_entry(void) { + native_swapgs(); alternative("", "lfence", X86_FEATURE_FENCE_SWAPGS_KERNEL); } @@ -896,8 +898,7 @@ struct pt_regs *do_error_entry(struct pt * We entered from user mode. * Switch to kernel gsbase and CR3. */ - native_swapgs(); - fence_swapgs_user_entry(); + swapgs_user_entry(); switch_to_kernel_cr3(); /* Put pt_regs onto the task stack. */ @@ -917,8 +918,7 @@ struct pt_regs *do_error_entry(struct pt * We came from an IRET to user mode, so we have user * gsbase and CR3. Switch to kernel gsbase and CR3: */ - native_swapgs(); - fence_swapgs_user_entry(); + swapgs_user_entry(); switch_to_kernel_cr3(); /* @@ -936,8 +936,7 @@ struct pt_regs *do_error_entry(struct pt * handler with kernel gsbase. */ if (eregs->ip == (unsigned long)asm_load_gs_index_gs_change) { - native_swapgs(); - fence_swapgs_user_entry(); + swapgs_user_entry(); } else { fence_swapgs_kernel_entry(); } @@ -1017,14 +1016,12 @@ static __always_inline unsigned long ist if ((long)gsbase < 0) return 1; - native_swapgs(); - /* * The above ist_switch_to_kernel_cr3() doesn't do an unconditional * CR3 write, even in the PTI case. So do an lfence to prevent GS * speculation, regardless of whether PTI is enabled. */ - fence_swapgs_kernel_entry(); + swapgs_kernel_entry(); /* SWAPGS required on exit */ return 0; @@ -1089,7 +1086,7 @@ void paranoid_exit(struct ist_regs *ist) } if (!ist->gsbase) - native_swapgs(); + swapgs_user_entry(); } #endif