Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3465616pxb;
        Mon, 18 Oct 2021 16:10:08 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzwaYhHMwLebJgWaqUOy7g20usEswlufMD0B9ZboLk4++1dVnsOgdgEe7QRLIbujQ0NNgML
X-Received: by 2002:a17:902:f1c2:b0:13f:a29f:b512 with SMTP id e2-20020a170902f1c200b0013fa29fb512mr16354765plc.61.1634598608044;
        Mon, 18 Oct 2021 16:10:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1634598608; cv=none;
        d=google.com; s=arc-20160816;
        b=mAyyshDDTjoFfwGSBfy31ILZu2LwrmQ0848+Q4nANbK+yr1AedLIAPBox3ZedmwzG0
         nsKBN4xWlYXlvSVS4YRw5Mr96b1NqVPWe1UqSeUOLbeh9E1U2aBlYqTExJPVP2W9NiYJ
         DtSZBK3/rn9QMAe8pbDh22Dc2ycZq712H0UEmrorgH9AeEDwehFcbsPVh3Iu5pr0V0AB
         ACU7hkOvkYLn/sSnoFUv8WvGrL9Pg4dNLzG9T30zEh9foIOyI8q2Zy5vwWhBB3RDqzQK
         U3aUnbULTn2xb4FA6sf2Q2Iq2aeP+VRQu2NQPYP4bXdVxHHsdQmZNt19VXh/UPV/E+sg
         98nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:reply-to:cc:from:to
         :dkim-signature:date;
        bh=p9xeULJfISzpOHWDGuqzA/KQVTVWoZqXIhPeJUdzFgQ=;
        b=qX0dcXEcZ/uNdIVdBlJGQ4JLDt1KLC6UIxuF6P9UcdvjI9wNp+Dt+iq5Z8owlNojgW
         0E35GfS2rydnfs/bA1iErrb59RLAznw97phJl7oirFCxMsbNwzuzoElFiBdvOQDHQ06F
         JB9pLhyGKVmkQD3mcSxWUXCqh1dIV0UoQPJWzRCXhb/tsEZxgihKNoo+ruhDob6DYYUC
         Ugto5Wsya9qrEsdgWeWdDQFRPOlkdUOScDusztq9IzKfDQXxL7fwB9bhge+jNF/7gE+l
         5T+q3L1AUDdgFKw5trAadpyKiuOWjF+OtHW3Iv+l51/aysdzgs6zhl93szYUq8Kq4qZC
         7qUw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@pm.me header.s=protonmail header.b=U0BzjdHX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=pm.me
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e24si1134082pjr.129.2021.10.18.16.09.29;
        Mon, 18 Oct 2021 16:10:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@pm.me header.s=protonmail header.b=U0BzjdHX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=pm.me
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231296AbhJRXIy (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Mon, 18 Oct 2021 19:08:54 -0400
Received: from mail-0301.mail-europe.com ([188.165.51.139]:45318 "EHLO
        mail-0301.mail-europe.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229524AbhJRXIy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Oct 2021 19:08:54 -0400
Date:   Mon, 18 Oct 2021 23:06:35 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail;
        t=1634598399; bh=p9xeULJfISzpOHWDGuqzA/KQVTVWoZqXIhPeJUdzFgQ=;
        h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
        b=U0BzjdHXt8PMLKtE1Y36b/f8FBXwRZ5NYpQm2HolgpOVqAyCFitAQ7zZnpo8Lo8Ke
         5ix9Ho8pZkYx5R/0vYJmj+Wq92Hg4Gu1OF1m3lAa9DUyRxTGzHgtQrGQfVj5Y4gL9U
         sfnRT6BZXvsMvJ04OD4AfG0Oq5bc5+ARCaxu7TZEmMYwz1BF6N48k6ldWHIQqM1q0J
         FnT2ptICEwx2r9khC+buviR7LXaH0DWHn/koP1/dlGoqNRZapy1BoN1ckzoLCUt7ub
         klHtNoPWXNaRJwhfmvTAHxBQL7Y9fxlzQarqAbY1qiCDJD1jbSq60oH7XlxTYqPr29
         R3+HhT8ZzzyYg==
To:     Peter Zijlstra <peterz@infradead.org>
From:   Alexander Lobakin <alobakin@pm.me>
Cc:     Alexander Lobakin <alobakin@pm.me>, Borislav Petkov <bp@alien8.de>,
        x86@kernel.org, jpoimboe@redhat.com, andrew.cooper3@citrix.com,
        linux-kernel@vger.kernel.org, alexei.starovoitov@gmail.com,
        ndesaulniers@google.com
Reply-To: Alexander Lobakin <alobakin@pm.me>
Subject: Re: [PATCH 4/9] x86/alternative: Implement .retpoline_sites support
Message-ID: <20211018225905.86034-1-alobakin@pm.me>
In-Reply-To: <20211015165635.GH174703@worktop.programming.kicks-ass.net>
References: <20211013122217.304265366@infradead.org> <20211013123645.002402102@infradead.org> <YWmPCF+g+sF4+ieh@zn.tnic> <20211015165635.GH174703@worktop.programming.kicks-ass.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
        autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
        mailout.protonmail.ch
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Peter Zijlstra <peterz@infradead.org>
Date: Fri, 15 Oct 2021 18:56:35 +0200

Hi,

Gave it a spin with Clang/LLVM, and

> On Fri, Oct 15, 2021 at 04:24:08PM +0200, Borislav Petkov wrote:
> > On Wed, Oct 13, 2021 at 02:22:21PM +0200, Peter Zijlstra wrote:
> > > +static int patch_retpoline(void *addr, struct insn *insn, u8 *bytes)
> > > +{
> > > +=09void (*target)(void);
> > > +=09int reg, i =3D 0;
> > > +
> > > +=09if (cpu_feature_enabled(X86_FEATURE_RETPOLINE))
> > > +=09=09return -1;
> > > +
> > > +=09target =3D addr + insn->length + insn->immediate.value;
> > > +=09reg =3D (target - &__x86_indirect_thunk_rax) /
> > > +=09      (&__x86_indirect_thunk_rcx - &__x86_indirect_thunk_rax);

this triggers

> > I guess you should compute those values once so that it doesn't have to
> > do them for each function invocation. And it does them here when I look
> > at the asm it generates.
>
> Takes away the simplicity of the thing. It can't know these values at
> compile time (due to external symbols etc..) although I suppose LTO
> might be able to fix that.
>
> Other than that, the above is the trivial form of reverse indexing an
> array.
>
> > > +
> > > +=09if (WARN_ON_ONCE(reg & ~0xf))
> > > +=09=09return -1;

this:

WARN in patch_retpoline:408: addr pcibios_scan_specific_bus+0x196/0x200, op=
 0xe8, reg 0xb88ca
WARN in patch_retpoline:408: addr xen_pv_teardown_msi_irqs+0x8d/0x120, op 0=
xe8, reg 0xb88ca
WARN in patch_retpoline:408: addr __mptcp_sockopt_sync+0x7e/0x200, op 0xe8,=
 reg 0xb88ca
[...]
(thousands of them, but op =3D=3D 0xe8 && reg =3D=3D 0xb88ca are always the=
 same)

I know this reg calculation is about to be replaced, but anyway ;)

> > Sanity-checking the alignment of those thunks?
>
> Nah, the target address of the instruction; if that's not a retpoline
> thunk (for whatever raisin) then the computation will not result in a
> valid reg and we should bail.
>
> > > +
> > > +=09i =3D emit_indirect(insn->opcode.bytes[0], reg, bytes);
> > > +=09if (i < 0)
> > > +=09=09return i;
> > > +
> > > +=09for (; i < insn->length;)
> > > +=09=09bytes[i++] =3D BYTES_NOP1;
> >
> > Why not:
> >
> >         nop_len =3D insn->length - i;
> >         if (nop_len) {
> >                 memcpy(&bytes[i], x86_nops[nop_len], nop_len);
> >                 i +=3D nop_len;
> >         }
> >
> > and then you save yourself the optimize_nops() call because it'll take
> > the right-sized NOP directly.
>
> That's not immediately safe; if for some reason or other the original
> instrucion is 15 bytes long, and we generated 2 bytes, then we need 13
> nop bytes, the above will then do an out-of-bound array access (due to
> the nops array only doing 8 byte nops at max).
>
> I wanted this code to be simple and obvious.

Thanks,
Al