Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3906805imw;
        Mon, 18 Jul 2022 17:12:04 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1tJ2YprfWxr1GW+Gsu4CaR6fVatvIReuUmeo3I+gc40DB8T+U2ZGjeG7fAov0ZL/YDyGvZn
X-Received: by 2002:a05:6402:194f:b0:43a:298f:f39c with SMTP id f15-20020a056402194f00b0043a298ff39cmr39997343edz.106.1658189523862;
        Mon, 18 Jul 2022 17:12:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658189523; cv=none;
        d=google.com; s=arc-20160816;
        b=W2RGf0CPbx+yc+YFlU8FvDeE+SKj/t14e3jHO8ef9qlEGw1jPNBC8aI8l+Vpvvos79
         ySoIXN4Qa5KkxCBxaE3RQ0LLxphVDkJSqPwTCKyMoj2zvNOOhaax2qmepVXECaONh1yD
         VOL5fCM3zcIoEwCAym64bESIfkUzJeIz1b81NMItViNlhT0FLZiYZ4FRGGtbPW3APGZY
         XloxGfHIWhIHO9d9jNP3ccisf88nFm2vS+m8NXmNqqPACRFySC2otybTkTg9SVsl7/Qs
         pu9dQ+bWgQJcGVwtLXC6f1cottLli1DxBf37iHLe4fBe6IM4z44Rkg6fT2SgsKRqeuc8
         dS/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=PeoZcQXjPYfGM6NHDdN44xGgOfK7e6P3NcGDah0veFw=;
        b=SqwUOAL6FIHqfX442ZRj47HsrLBDHx0TlGpWNri1JrbE0E6C0B04iSNFpMGjd/Fi3X
         XfNiFQUcOz79a0sZeKcp7jmRks8y7INiQsEKmhzlat9pKqTgNv35pvqKF7XeNslji8xi
         IRQiEx0KiDfAE+3fmqhbCK4YVdFgQajH1QhHC1Qm9oJA4SfzxJcyZWEQ5r2AXtoFEJSH
         6KXFqkxyNSX64RjdQYKqW7BSQQN5Cc6kKmzjEqzjQFyMI7YxGkaTcHNwn4Ql/ub3szW6
         KbGfiY2CnPitRHTmAXi5O/ltu3avv9Zt5B8W9a5zJ7ism37IY9HXpsHPP85hAnfTZBSu
         T05Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=Tsr6vm5O;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id f26-20020a50d55a000000b0043743ad1af8si16692028edj.356.2022.07.18.17.11.39;
        Mon, 18 Jul 2022 17:12:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=Tsr6vm5O;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233907AbiGRXwd (ORCPT <rfc822;alexzyp@gmail.com> + 99 others);
        Mon, 18 Jul 2022 19:52:33 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59146 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231609AbiGRXwc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Jul 2022 19:52:32 -0400
Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F7BD33422
        for <linux-kernel@vger.kernel.org>; Mon, 18 Jul 2022 16:52:31 -0700 (PDT)
Received: by mail-ej1-x62f.google.com with SMTP id ss3so24152054ejc.11
        for <linux-kernel@vger.kernel.org>; Mon, 18 Jul 2022 16:52:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=PeoZcQXjPYfGM6NHDdN44xGgOfK7e6P3NcGDah0veFw=;
        b=Tsr6vm5Og8CXWOejNJLfAeeA2UoM6xTxcxAVY74PflXgYE5HetiipEHSqM3JM2GHtB
         gH0O4RCdoEj01KLyLQyPWvVjLudH9MCNar1Q5Q0Sv3eo/s3Bz4embZVCMm19YzKRsAQH
         FR2+kNXdGShg3oDupslhJZ+P8B99cCpt6YzJE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=PeoZcQXjPYfGM6NHDdN44xGgOfK7e6P3NcGDah0veFw=;
        b=qljxgvwgusTBxxMYR+FISkm6eEYFNoFZcs1MSE7AhJdksJSDWO9+lIQqO7u6YYVej8
         UFkZ3osEMoka1lWykCdtV01rF0LhLVSUfCQPbir38o9Q7NjifkfrxmGQCMRlMtoguzer
         rHbPX3yyJWw7J+IptcOj5DWPUfg2d1z++NK7nUQrVyonRTOLCBG5HITvYYZ/OoPglmns
         zMY3yHJ00xxgnpmkVD0jgntdY6v2OFPQyH3qbmE0CGCbuKWdmUgOm8YQ6PoenOirL89r
         39ILQ3r/71mKtZqm7XojoA4s8FtDalJjMKoYD2MeA3rmwf0aC20HuRFED3X9+rr5QMbk
         iqkw==
X-Gm-Message-State: AJIora/YBAl58PzWUIXnCkfqFTOiJk0vtoGwnVqiMo0y4YZsPkQdUpZW
        wpZpj3sLgd6VdKG+ppWEJ7PBERUp+/dy0IqZfSs=
X-Received: by 2002:a17:906:730d:b0:72f:1031:2130 with SMTP id di13-20020a170906730d00b0072f10312130mr13340064ejc.481.1658188349609;
        Mon, 18 Jul 2022 16:52:29 -0700 (PDT)
Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com. [209.85.221.41])
        by smtp.gmail.com with ESMTPSA id o20-20020aa7c7d4000000b0043a587eb95dsm9533574eds.5.2022.07.18.16.52.26
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 18 Jul 2022 16:52:28 -0700 (PDT)
Received: by mail-wr1-f41.google.com with SMTP id b26so19288735wrc.2
        for <linux-kernel@vger.kernel.org>; Mon, 18 Jul 2022 16:52:26 -0700 (PDT)
X-Received: by 2002:a5d:69c2:0:b0:21d:807c:a892 with SMTP id
 s2-20020a5d69c2000000b0021d807ca892mr24554501wrw.274.1658188346000; Mon, 18
 Jul 2022 16:52:26 -0700 (PDT)
MIME-Version: 1.0
References: <20220716230344.239749011@linutronix.de> <87wncauslw.ffs@tglx>
 <87tu7euska.ffs@tglx> <CAHk-=wjpzVRU0Yr_0DJSB_bKHW3_74UucNpJBjxfHPo_R=PYNg@mail.gmail.com>
 <87o7xmup5t.ffs@tglx> <YtXOMPpmx8TcFtOX@worktop.programming.kicks-ass.net>
 <87lesqukm5.ffs@tglx> <2f7f899cb75b79b08b0662ff4d2cb877@overdrivepizza.com>
 <CABCJKudvSv9bAOrDLHki5XPYNJK6=PS-x8v=E08es8w4LJpxBw@mail.gmail.com>
 <87fsiyuhyz.ffs@tglx> <CAHk-=wjEDJ4+xg0CWR7CaCKnO6Nhzn+vjJy7CjaVmf9R+g_3ag@mail.gmail.com>
In-Reply-To: <CAHk-=wjEDJ4+xg0CWR7CaCKnO6Nhzn+vjJy7CjaVmf9R+g_3ag@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Mon, 18 Jul 2022 16:52:09 -0700
X-Gmail-Original-Message-ID: <CAHk-=wj6U3UamfLLV+rPu1WmKG_w3p0Bg=YbQcG1DxHpmP40Ag@mail.gmail.com>
Message-ID: <CAHk-=wj6U3UamfLLV+rPu1WmKG_w3p0Bg=YbQcG1DxHpmP40Ag@mail.gmail.com>
Subject: Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation
To:     Thomas Gleixner <tglx@linutronix.de>
Cc:     Sami Tolvanen <samitolvanen@google.com>,
        Joao Moreira <joao@overdrivepizza.com>,
        Peter Zijlstra <peterz@infradead.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Josh Poimboeuf <jpoimboe@kernel.org>,
        "Cooper, Andrew" <andrew.cooper3@citrix.com>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Johannes Wikner <kwikner@ethz.ch>,
        Alyssa Milburn <alyssa.milburn@linux.intel.com>,
        Jann Horn <jannh@google.com>, "H.J. Lu" <hjl.tools@gmail.com>,
        "Moreira, Joao" <joao.moreira@intel.com>,
        "Nuzman, Joseph" <joseph.nuzman@intel.com>,
        Steven Rostedt <rostedt@goodmis.org>,
        "Gross, Jurgen" <jgross@suse.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Peter Collingbourne <pcc@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 18, 2022 at 4:42 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> You have the "real" marker before the function.
>
> But you also have the "false" marker that is part of the hash check
> that is *inside* the function.
>
> The "real marker + 6" points to the function head itself, and so is ok
> as a target (normal operation).

Of course, one fix for that is to make the hash be only 24 bits, and
make the int3 byte part of the value you check, and not have the same
pattern in the checking code at all.

Honestly, I think that would be a better model - yes, you lose 8 bits
of hash, but considering that apparently the current KCFI code
*guarantees* that the hash pattern will exist even outside the actual
target pattern, I think it's still a better model.

I also happen to believe that the kCFI code should have entirely
different targets for direct jumps and for indirect jumps, but that's
a separate issue. Maybe it already does that?

                 Linus