Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp3728057pxb; Mon, 27 Sep 2021 00:53:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzkz1EEz9jbGIc1FuvVnYmSfSD4nX6HanrQ0b6gP8gFcslGbkYJDHc24ExxUhrd8bR1qIv6 X-Received: by 2002:a17:906:d182:: with SMTP id c2mr7764965ejz.47.1632729184348; Mon, 27 Sep 2021 00:53:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632729184; cv=none; d=google.com; s=arc-20160816; b=vlm24iUppwNvpItJhvrm0JA16AcBzB0WvD2tIl59+mWWMXowoLR4dXQYdKU2wQTuOc 3b9Jdqkx+hWO1Q0/zoj+Q775SPcfe53VSpptTvME4zwbkTX/O56ynLRSDCKLGfth9Hrc VCJ7em7jlhCG9oPoMk7dShQmUoogfmEYXjiq2e5kNQooO7z6Ve8p5UR/+JN4S4wRJzVA i1g1n0ISXmpHls/1yH7UemxZDtaOMhVyk77jzPusNocU/kMkY2OD8VcdvvhE2oCSb0t0 9dYfUxFOk8J3wbXKwd31RDvZDuDPy8C6kEYP9HAdMq+GJ2J9VM5qNBVVLBiXq1MYxabw CmXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=/+deSq9rOWIvBiQYRPvbHul+z/t+GBYEYh3S8sMe7MA=; b=K9CiqsgahFxbRJ/0luk4iaJhosmMdAVE6J1Te3Gqpomg6/eHWYlF6CLypt2cXoRf0q g4vxhERciLQHY4F+rtcu5xKegeEyF9nUcZT82FxwfYfozzxgEeAdBUmpjD3cpOVCkNXy aC+NHb6AXAvWHFPQv4/au8BMyxvK8XwSoYxkrE19t6iMzc0U2bpo15f/Kluyt1WkeJOp /7zSkvogoQsLF4nLEBZ6UkzQq3MjhDS6APsliXkHE6b9VxCBRzwyckkvpZXaSLzBJL3S 7g9HLt3sskOWdhKkkA7BeJAk5/1cw7Z567LsyGZnfZr+fvR+rjayBi30ecn2A7bXMGQS wYug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=NuZXnrB0; dkim=neutral (no key) header.i=@linutronix.de header.b=egBTZT0C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s5si17199859ejs.270.2021.09.27.00.52.40; Mon, 27 Sep 2021 00:53:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=NuZXnrB0; dkim=neutral (no key) header.i=@linutronix.de header.b=egBTZT0C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233279AbhI0HwD (ORCPT + 99 others); Mon, 27 Sep 2021 03:52:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49932 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233242AbhI0HwC (ORCPT ); Mon, 27 Sep 2021 03:52:02 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF85CC061570 for ; Mon, 27 Sep 2021 00:50:24 -0700 (PDT) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1632729023; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/+deSq9rOWIvBiQYRPvbHul+z/t+GBYEYh3S8sMe7MA=; b=NuZXnrB04EZld3JVdHMv2FapJxcB/Pe8VN0ysQ4RtvDR7fqttfjp71xz0v6f3+dpXkP5mC DUYHgll7JAsUv9P5IzLZqctWSGRRnychVSf2C/W5pk5p6wV0eIA4dhUmLKzoVImwf6cb3/ E8rMIRspWHPCIQ89SZ9jCAY4nLaqt8grx49TeKjbq29Ocd07btIkAmiGOfo3HZNymfXR4q rjn59bEsA4U8gE8saLSm4ZAHozfnvlfNDCNqPdj7aId/FMliYhRv+tRb7zeFJ+pxBwpbnr soHOskplSA9ZHgxnvlwRJkzNISzCvmMFKSQtjIt8QoxwsSRu6inzIPrQkpHqTw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1632729023; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/+deSq9rOWIvBiQYRPvbHul+z/t+GBYEYh3S8sMe7MA=; b=egBTZT0Co7Hoeow4NStj6BJh/1IVxt0zKxH3jVlt41tEPOrEQ8DQC5etsZwG+TQ/0dZT0v zD5aRDyXxUT+BNCA== To: Lai Jiangshan , Lai Jiangshan , linux-kernel@vger.kernel.org Cc: Josh Poimboeuf , "Chang S . Bae" , Sasha Levin , Andy Lutomirski , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" Subject: Re: [PATCH V2 01/41] x86/entry: Fix swapgs fence In-Reply-To: <445de475-c223-be11-325f-fa6679e45cb0@linux.alibaba.com> References: <20210926150838.197719-1-jiangshanlai@gmail.com> <20210926150838.197719-2-jiangshanlai@gmail.com> <87r1dbawzq.ffs@tglx> <9312a767-f1d3-d283-80a9-e6b3854252e1@linux.alibaba.com> <445de475-c223-be11-325f-fa6679e45cb0@linux.alibaba.com> Date: Mon, 27 Sep 2021 09:50:22 +0200 Message-ID: <875yumbgox.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Lai, On Mon, Sep 27 2021 at 11:27, Lai Jiangshan wrote: > On 2021/9/27 09:10, Lai Jiangshan wrote: > > The commit c75890700455 ("x86/entry/64: Remove unneeded kernel CR3 switching") > ( https://lore.kernel.org/all/20200419144049.1906-2-laijs@linux.alibaba.com/ ) > also made it wrong. Duh, did not spot that either. > When the SWITCH_TO_KERNEL_CR3 in the path is removed, FENCE_SWAPGS_USER_ENTRY > should also be changed to FENCE_SWAPGS_KERNEL_ENTRY. (Or just jmp to > .Lerror_entry_done_lfence which has FENCE_SWAPGS_KERNEL_ENTRY already.) Yes. > And FENCE_SWAPGS_USER_ENTRY could be documented with "it should be followed with > serializing operations such as SWITCH_TO_KERNEL_CR3". It does not matter whether the serializing is before or after. The problem is: if (from_user) swapgs(); can take the wrong path speculatively which means the speculation is then based on the wrong GS. We have these sequences in the non paranoid entries: if (from_user) { pti_switch_cr3(); swapgs(); } if (from_user) { swapgs(); pti_switch_cr3(); } and with mitigation these become: if (from_user) { pti_switch_cr3(); swapgs(); lfence_if_not_pti(); } else { lfence(); } if (from_user) { swapgs(); lfence_if_not_pti(); pti_switch_cr3(); } else { lfence(); } When PTI is enabled then the CR3 write is sufficient because it's fully serializing. If PTI is off the LFENCE is required. On which side the CR3 write is before or after SWAPGS does not matter. > Or we can add a SWAPGS_AND_SWITCH_TO_KERNEL_CR3 to combine them. No. We really don't want to go there. Thanks, tglx