Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3906805imw; Mon, 18 Jul 2022 17:12:04 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tJ2YprfWxr1GW+Gsu4CaR6fVatvIReuUmeo3I+gc40DB8T+U2ZGjeG7fAov0ZL/YDyGvZn X-Received: by 2002:a05:6402:194f:b0:43a:298f:f39c with SMTP id f15-20020a056402194f00b0043a298ff39cmr39997343edz.106.1658189523862; Mon, 18 Jul 2022 17:12:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658189523; cv=none; d=google.com; s=arc-20160816; b=W2RGf0CPbx+yc+YFlU8FvDeE+SKj/t14e3jHO8ef9qlEGw1jPNBC8aI8l+Vpvvos79 ySoIXN4Qa5KkxCBxaE3RQ0LLxphVDkJSqPwTCKyMoj2zvNOOhaax2qmepVXECaONh1yD VOL5fCM3zcIoEwCAym64bESIfkUzJeIz1b81NMItViNlhT0FLZiYZ4FRGGtbPW3APGZY XloxGfHIWhIHO9d9jNP3ccisf88nFm2vS+m8NXmNqqPACRFySC2otybTkTg9SVsl7/Qs pu9dQ+bWgQJcGVwtLXC6f1cottLli1DxBf37iHLe4fBe6IM4z44Rkg6fT2SgsKRqeuc8 dS/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=PeoZcQXjPYfGM6NHDdN44xGgOfK7e6P3NcGDah0veFw=; b=SqwUOAL6FIHqfX442ZRj47HsrLBDHx0TlGpWNri1JrbE0E6C0B04iSNFpMGjd/Fi3X XfNiFQUcOz79a0sZeKcp7jmRks8y7INiQsEKmhzlat9pKqTgNv35pvqKF7XeNslji8xi IRQiEx0KiDfAE+3fmqhbCK4YVdFgQajH1QhHC1Qm9oJA4SfzxJcyZWEQ5r2AXtoFEJSH 6KXFqkxyNSX64RjdQYKqW7BSQQN5Cc6kKmzjEqzjQFyMI7YxGkaTcHNwn4Ql/ub3szW6 KbGfiY2CnPitRHTmAXi5O/ltu3avv9Zt5B8W9a5zJ7ism37IY9HXpsHPP85hAnfTZBSu T05Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Tsr6vm5O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f26-20020a50d55a000000b0043743ad1af8si16692028edj.356.2022.07.18.17.11.39; Mon, 18 Jul 2022 17:12:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Tsr6vm5O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233907AbiGRXwd (ORCPT + 99 others); Mon, 18 Jul 2022 19:52:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59146 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231609AbiGRXwc (ORCPT ); Mon, 18 Jul 2022 19:52:32 -0400 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F7BD33422 for ; Mon, 18 Jul 2022 16:52:31 -0700 (PDT) Received: by mail-ej1-x62f.google.com with SMTP id ss3so24152054ejc.11 for ; Mon, 18 Jul 2022 16:52:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PeoZcQXjPYfGM6NHDdN44xGgOfK7e6P3NcGDah0veFw=; b=Tsr6vm5Og8CXWOejNJLfAeeA2UoM6xTxcxAVY74PflXgYE5HetiipEHSqM3JM2GHtB gH0O4RCdoEj01KLyLQyPWvVjLudH9MCNar1Q5Q0Sv3eo/s3Bz4embZVCMm19YzKRsAQH FR2+kNXdGShg3oDupslhJZ+P8B99cCpt6YzJE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PeoZcQXjPYfGM6NHDdN44xGgOfK7e6P3NcGDah0veFw=; b=qljxgvwgusTBxxMYR+FISkm6eEYFNoFZcs1MSE7AhJdksJSDWO9+lIQqO7u6YYVej8 UFkZ3osEMoka1lWykCdtV01rF0LhLVSUfCQPbir38o9Q7NjifkfrxmGQCMRlMtoguzer rHbPX3yyJWw7J+IptcOj5DWPUfg2d1z++NK7nUQrVyonRTOLCBG5HITvYYZ/OoPglmns zMY3yHJ00xxgnpmkVD0jgntdY6v2OFPQyH3qbmE0CGCbuKWdmUgOm8YQ6PoenOirL89r 39ILQ3r/71mKtZqm7XojoA4s8FtDalJjMKoYD2MeA3rmwf0aC20HuRFED3X9+rr5QMbk iqkw== X-Gm-Message-State: AJIora/YBAl58PzWUIXnCkfqFTOiJk0vtoGwnVqiMo0y4YZsPkQdUpZW wpZpj3sLgd6VdKG+ppWEJ7PBERUp+/dy0IqZfSs= X-Received: by 2002:a17:906:730d:b0:72f:1031:2130 with SMTP id di13-20020a170906730d00b0072f10312130mr13340064ejc.481.1658188349609; Mon, 18 Jul 2022 16:52:29 -0700 (PDT) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com. [209.85.221.41]) by smtp.gmail.com with ESMTPSA id o20-20020aa7c7d4000000b0043a587eb95dsm9533574eds.5.2022.07.18.16.52.26 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 18 Jul 2022 16:52:28 -0700 (PDT) Received: by mail-wr1-f41.google.com with SMTP id b26so19288735wrc.2 for ; Mon, 18 Jul 2022 16:52:26 -0700 (PDT) X-Received: by 2002:a5d:69c2:0:b0:21d:807c:a892 with SMTP id s2-20020a5d69c2000000b0021d807ca892mr24554501wrw.274.1658188346000; Mon, 18 Jul 2022 16:52:26 -0700 (PDT) MIME-Version: 1.0 References: <20220716230344.239749011@linutronix.de> <87wncauslw.ffs@tglx> <87tu7euska.ffs@tglx> <87o7xmup5t.ffs@tglx> <87lesqukm5.ffs@tglx> <2f7f899cb75b79b08b0662ff4d2cb877@overdrivepizza.com> <87fsiyuhyz.ffs@tglx> In-Reply-To: From: Linus Torvalds Date: Mon, 18 Jul 2022 16:52:09 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation To: Thomas Gleixner Cc: Sami Tolvanen , Joao Moreira , Peter Zijlstra , LKML , "the arch/x86 maintainers" , Tim Chen , Josh Poimboeuf , "Cooper, Andrew" , Pawan Gupta , Johannes Wikner , Alyssa Milburn , Jann Horn , "H.J. Lu" , "Moreira, Joao" , "Nuzman, Joseph" , Steven Rostedt , "Gross, Jurgen" , Masami Hiramatsu , Alexei Starovoitov , Daniel Borkmann , Peter Collingbourne Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 18, 2022 at 4:42 PM Linus Torvalds wrote: > > You have the "real" marker before the function. > > But you also have the "false" marker that is part of the hash check > that is *inside* the function. > > The "real marker + 6" points to the function head itself, and so is ok > as a target (normal operation). Of course, one fix for that is to make the hash be only 24 bits, and make the int3 byte part of the value you check, and not have the same pattern in the checking code at all. Honestly, I think that would be a better model - yes, you lose 8 bits of hash, but considering that apparently the current KCFI code *guarantees* that the hash pattern will exist even outside the actual target pattern, I think it's still a better model. I also happen to believe that the kCFI code should have entirely different targets for direct jumps and for indirect jumps, but that's a separate issue. Maybe it already does that? Linus