Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp3390350pxb;
        Sun, 26 Sep 2021 13:48:36 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxNOdh4aZt6UMvuKgE+xvMEFIENnk0swDSuUkb+SaQNrCfi6PNh0zxQAU4pYIf+JGee8kJM
X-Received: by 2002:a62:6d07:0:b0:446:c141:7d2d with SMTP id i7-20020a626d07000000b00446c1417d2dmr19961267pfc.28.1632689316125;
        Sun, 26 Sep 2021 13:48:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1632689316; cv=none;
        d=google.com; s=arc-20160816;
        b=ZLo7qjmMMo2JYweWkhs/9usRZ/Y41uknb1ob0M0cW16ZpowSgAOkIAHDaY8SA15mu1
         4hUPs9gsnCREGfMpiagjf1BXlb97Ji3Y8oNHeGnAk9lvWZbxELXuvF4vnuugPIizXok1
         +Ok5we7bV6k65NwSeV68w1BLJItpPz6iFPKPboKakjAPgOpYBVtDYld+4udt/HQXKVwo
         koP1B5FZ/Ke9yqqdSWjQfEWZmJWJPcaoNbMMM0P3Wt5Or+HEWUxp37g7PoGyl46MHjgD
         PbGlTPIB1DyoAPcCNZ30mlWYZ6qymcFxFKoV+d+7AEmj2+HTGQGcWHjJCxl6j629EyIE
         GIPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=PJ30AYB5dQYASQQ807+byPlQXDuR+aVd2Y6AuvkeBsk=;
        b=tIzyF00ZGhbtwkq4c8XAeFEqtKsFn5Jq5/zksJMsA9NMYaJqpRBlhNa0dS4MCxOvlT
         stYTUawNUhezDLW6yQeMY4/WN6HCCAJIgNXy4BVfWpvyajptEVSyG7p/wm4ToytsXGcs
         w9CbSe9xzVWsuR9yn20Z91khf3p4Rg0l9AIYGcwdOWuqbVtvsZ8udQ9YMMmhRIFGyljN
         A3PYpV7BpZBVbPtYOsqOcIv7zG36FM0Xz/6stwolshvfZecUr9xwyT6r3JlrunehyRlu
         /EBdLEEUMvPl8ByXvmBP0+Nbz4ARRDQ/3kVQVfKjnN0VxeYwYwZy9yXFppXhhYMs4bDx
         UmLg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=c7DZw2UA;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=CWV8pLQo;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ik15si4497831plb.250.2021.09.26.13.48.10;
        Sun, 26 Sep 2021 13:48:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=c7DZw2UA;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=CWV8pLQo;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230061AbhIZUpS (ORCPT <rfc822;lonelydragon1988@gmail.com>
        + 99 others); Sun, 26 Sep 2021 16:45:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45756 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230052AbhIZUpR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 26 Sep 2021 16:45:17 -0400
Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F2D1C061570
        for <linux-kernel@vger.kernel.org>; Sun, 26 Sep 2021 13:43:40 -0700 (PDT)
From:   Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1632689017;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=PJ30AYB5dQYASQQ807+byPlQXDuR+aVd2Y6AuvkeBsk=;
        b=c7DZw2UARw7rviOfPwcG4Rn7hDtw091Q2dmLGp7U39YzC/pdhfE+RRbd8i9pwT2G0zqaUT
        CRQA70dL5bp0McEY+HZQg8za09pBInbrbVp8lFt28Lvz9ZpJMtkcBKGsGgdWcZqaO8L82j
        qTXFleJVeokh+58qBbOHC/nOS/3mD98c+vlR81XiLhETUj3X7DWbwyrJWfD1watJDyn/ec
        xYLR51aEFmI5ok1Wy/dYQKI4kx2NGzMoEwmov1hKxcnjHpnhV1M0QWRlkpgxLCPse0bf+M
        f/2/oGITlgXZzT42Cevf/XZOtb5ro/0ip1DBCB/5XLxrNBE85LHCI1cy0aPSRQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1632689017;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=PJ30AYB5dQYASQQ807+byPlQXDuR+aVd2Y6AuvkeBsk=;
        b=CWV8pLQoXg4kgNQ2jnmRurpE1vPQpH6rfEbcLpw3FDP6D/qds7EajlcMZmVbSJF0ypWOCY
        QAgiIGSNaVGMOrCw==
To:     Lai Jiangshan <jiangshanlai@gmail.com>,
        linux-kernel@vger.kernel.org
Cc:     Lai Jiangshan <laijs@linux.alibaba.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        "Chang S . Bae" <chang.seok.bae@intel.com>,
        Sasha Levin <sashal@kernel.org>,
        Andy Lutomirski <luto@kernel.org>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH V2 01/41] x86/entry: Fix swapgs fence
In-Reply-To: <20210926150838.197719-2-jiangshanlai@gmail.com>
References: <20210926150838.197719-1-jiangshanlai@gmail.com>
 <20210926150838.197719-2-jiangshanlai@gmail.com>
Date:   Sun, 26 Sep 2021 22:43:37 +0200
Message-ID: <87r1dbawzq.ffs@tglx>
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Lai,

On Sun, Sep 26 2021 at 23:07, Lai Jiangshan wrote:
> --- a/arch/x86/entry/entry_64.S
> +++ b/arch/x86/entry/entry_64.S
> @@ -898,17 +898,12 @@ SYM_CODE_START_LOCAL(paranoid_entry)
>  	rdmsr
>  	testl	%edx, %edx
>  	jns	.Lparanoid_entry_swapgs
> +	FENCE_SWAPGS_KERNEL_ENTRY

Good catch.

>  	ret
>  
>  .Lparanoid_entry_swapgs:
>  	swapgs
> -
> -	/*
> -	 * The above SAVE_AND_SWITCH_TO_KERNEL_CR3 macro doesn't do an
> -	 * unconditional CR3 write, even in the PTI case.  So do an lfence
> -	 * to prevent GS speculation, regardless of whether PTI is enabled.
> -	 */
> -	FENCE_SWAPGS_KERNEL_ENTRY
> +	FENCE_SWAPGS_USER_ENTRY

This change is wrong.

In the paranoid entry path even if user GS base is set then the entry
does not necessarily come from user space so there is no guarantee that
there was a CR3 write on PTI enabled systems before the SWAPGS.

FENCE_SWAPGS_USER_ENTRY does not emit a LFENCE when PTI is enabled, so
both the comment and FENCE_SWAPGS_KERNEL_ENTRY which emits LFENCE on
affected CPUs unconditionaly are correct. Though the comment could do
with some polishing to make this entirely clear.

Before adding support for FSGSBASE both the swapgs and non swapgs case
issued the LFENCE unconditionally with FENCE_SWAPGS_KERNEL_ENTRY. The
commit you identified splitted the code pathes and failed to add the
FENCE_SWAPGS_KERNEL_ENTRY into the non-swapgs path.

Thanks,

        tglx