Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp3521194pxb; Sun, 26 Sep 2021 18:14:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxjCvxoZxxLm6hTxjvQ1sg81LuXxvO27h+n62IBPQqvY9HZ4Z3gFYXsQO1g4QxDDOeWtxVu X-Received: by 2002:a17:906:54c3:: with SMTP id c3mr724649ejp.536.1632705292552; Sun, 26 Sep 2021 18:14:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632705292; cv=none; d=google.com; s=arc-20160816; b=xQBPFy2Nnzn1nVVAGrQvx6D3Ms7Hn2WM2Sr9aQzKvn1CnPey9EoSy+N5v3UbROCDDs Gyp2aGguUAVPaOJa+Gy9J6uBo8tBJ7vIwS/o3p3lsxUlFUKoJFg9lvCPYCTiwYyLUOkE yCwapoVgWZ543qdMX951MKhmt1NXlHOD3qCtfutBvksKWwtL3pB2nglDjDAfse3ubed1 rD/X6LTqxywooZx87j+1mmAa8o4/hLEh6yftpsZ8imBgL0+Ypm2y021sOuDOVP+nND5Q AAsdSxuDk9fvXZ2ovQcGRPU3xfpFHbPmH3yc1Z25/xwUJ3UFa/Av63m/L6atTw/tLDAa rI3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=SwUZQSwvFiiaHzAlCxUx5ycnOt85uAFxG673bmWpNHY=; b=wqAxgpF1frmQFNev/eTWlfOpCq/oUSIxK4yIdMJpuC0DDYjZol7D767ha+EiGy8lq2 s7aowJnVQKZMkzMGp00nQVSKQxwvYozr/8D2u7uEpkuBQgRrL+o8/f4czAa8JD5W5ChT 9M1oKj//gKCDVtV/dKeRVHSZ8/0VgsSnDkrFGan2JvpSZowd5oSH7TrDnTaRV2m2VWPV 7sDVXZVPVjMZ6RnShyk0hucwLLcWnPwdt4gvpTYR88x2NAcTCWAy/uw4v5tVvgUPN+gH PR0ob52c0Mg72FL69p9d+dDa6R0n3dxF0uSBxSJ6xIT3t0t4UkYK2ft6J9dYt5nI1uZ/ /fqA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d3si17105119ejt.22.2021.09.26.18.14.28; Sun, 26 Sep 2021 18:14:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232299AbhI0BMa (ORCPT + 99 others); Sun, 26 Sep 2021 21:12:30 -0400 Received: from out30-44.freemail.mail.aliyun.com ([115.124.30.44]:50997 "EHLO out30-44.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231907AbhI0BMa (ORCPT ); Sun, 26 Sep 2021 21:12:30 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R941e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04357;MF=laijs@linux.alibaba.com;NM=1;PH=DS;RN=11;SR=0;TI=SMTPD_---0UpfZeZ3_1632705049; Received: from C02XQCBJJG5H.local(mailfrom:laijs@linux.alibaba.com fp:SMTPD_---0UpfZeZ3_1632705049) by smtp.aliyun-inc.com(127.0.0.1); Mon, 27 Sep 2021 09:10:50 +0800 Subject: Re: [PATCH V2 01/41] x86/entry: Fix swapgs fence To: Thomas Gleixner , Lai Jiangshan , linux-kernel@vger.kernel.org Cc: Josh Poimboeuf , "Chang S . Bae" , Sasha Levin , Andy Lutomirski , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" References: <20210926150838.197719-1-jiangshanlai@gmail.com> <20210926150838.197719-2-jiangshanlai@gmail.com> <87r1dbawzq.ffs@tglx> From: Lai Jiangshan Message-ID: <9312a767-f1d3-d283-80a9-e6b3854252e1@linux.alibaba.com> Date: Mon, 27 Sep 2021 09:10:49 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <87r1dbawzq.ffs@tglx> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021/9/27 04:43, Thomas Gleixner wrote: > Lai, > > On Sun, Sep 26 2021 at 23:07, Lai Jiangshan wrote: >> --- a/arch/x86/entry/entry_64.S >> +++ b/arch/x86/entry/entry_64.S >> @@ -898,17 +898,12 @@ SYM_CODE_START_LOCAL(paranoid_entry) >> rdmsr >> testl %edx, %edx >> jns .Lparanoid_entry_swapgs >> + FENCE_SWAPGS_KERNEL_ENTRY > > Good catch. > >> ret >> >> .Lparanoid_entry_swapgs: >> swapgs >> - >> - /* >> - * The above SAVE_AND_SWITCH_TO_KERNEL_CR3 macro doesn't do an >> - * unconditional CR3 write, even in the PTI case. So do an lfence >> - * to prevent GS speculation, regardless of whether PTI is enabled. >> - */ >> - FENCE_SWAPGS_KERNEL_ENTRY >> + FENCE_SWAPGS_USER_ENTRY > > This change is wrong. > > In the paranoid entry path even if user GS base is set then the entry > does not necessarily come from user space so there is no guarantee that > there was a CR3 write on PTI enabled systems before the SWAPGS. > > FENCE_SWAPGS_USER_ENTRY does not emit a LFENCE when PTI is enabled, so > both the comment and FENCE_SWAPGS_KERNEL_ENTRY which emits LFENCE on > affected CPUs unconditionaly are correct. Though the comment could do > with some polishing to make this entirely clear. I didn't notice FENCE_SWAPGS_USER_ENTRY depends on PTI. I will add FENCE_SWAPGS_KERNEL_ENTRY only on the kernel path. Thanks Lai