Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3934326imw; Mon, 18 Jul 2022 17:50:11 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uRaO1Fp9IT2bzLs7wgyl/YwCM5glcBbiN7NFVD3qGYo+W3C6/7/HASozNKeEiDJYdt/ojh X-Received: by 2002:a05:6402:190b:b0:43a:c95d:ec93 with SMTP id e11-20020a056402190b00b0043ac95dec93mr39785885edz.44.1658191810945; Mon, 18 Jul 2022 17:50:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658191810; cv=none; d=google.com; s=arc-20160816; b=vSNsqcX7RFXFK/fiZHmdKXO6SF6qzIvoPe8DM5E9gH/mjq7k/LkMm7h8aCmEwrPgEH AuI7FNk7jFF1JDq3BrKad9ELls4Gjviux6OiZd0bXYN5++UjpGAXhHPiooZwmhgYkr6r /keMPZcb9dAFkAjKtT+zHdh1ibMdlBjRkCsvEfEB3YwsHMcR5mUPI8tH5Ic+U3gpUkBg bZR5ZQdaO7Xf+Dxs8ehy2AaE4dNBse3VKPzKRF3aRAFimAvNeDktx5ScZY2i25r3DVwz CYlc4unsliDwFTUh0zLUOexV1V+7ogit8reRw7xCanic1qFKFxvwZ1F4vBPKuBh+n4CI H2gQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=co6Jv7mgpbM21F/ySZgejVa+xfgfIHwJOW7zyHk6RRw=; b=GEpCz900r8bpMI+aeWEPBq+37AzyqMYb01x77Jhlkm34eW3X2LtVkpbMoCq9V5tirz VK1gVCElS99QjYyF5w9nRccGKoo+KGH0zSgEFsD+kIh4BwBWMJ+BDk5en+d7HhCnhz+a OtI2rjnDpn4NxqHA0Ycecwa5EGn8qeNTjEnmJViosiN9cwLnK3k6cftaBQJ7EqbS/mTv wt9I4hUIAF9BZ7aGCF+gijQnfFScXy1z7okL07kOCHEokSzlYTMWIi4NNssXqJ4BPItZ x1TWFlr8O2L5Goo8og1th7yMS7NjygtI6ZNfPuaqdFfnOsWbsM+vKpMQDffkPz4S/jQF oJlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=V9UMmiWL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nc24-20020a1709071c1800b007262ce19578si18212648ejc.549.2022.07.18.17.49.46; Mon, 18 Jul 2022 17:50:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=V9UMmiWL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233567AbiGSAXq (ORCPT + 99 others); Mon, 18 Jul 2022 20:23:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233216AbiGSAXp (ORCPT ); Mon, 18 Jul 2022 20:23:45 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E078F33353 for ; Mon, 18 Jul 2022 17:23:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=co6Jv7mgpbM21F/ySZgejVa+xfgfIHwJOW7zyHk6RRw=; b=V9UMmiWLz6B624YTzjx8QNbpsj XQ9Gpycq+ffDa9KEvuCt++XuvuqC1bG66/tX+vuXgOJb6jhUEHJkTHZ3eWDFazbn+TLKwfmPyTCMm fNAVUkQUpFg80nt4uzdaiKYZmgbreie5sYPYY4pskkzmSiYOf44AVYc9mcIhzCySazBgo2A0TIWF9 X/HCMRGrdEF0BUwlREeE6kgSqiy8mz0Y5nOWPXoYeDMCrIdWbj7WGikNLSQo/E2z3zlG87VX7333k 83HNssLQjQYiMG8y8gMJzFN8lotZR/chjwlp4B41/+E5ZGVxX+5+FAR/+j2F1K6WSeVIRwlC4eOSa 2N/vDlDg==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=worktop.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1oDb1H-00DAwU-Nb; Tue, 19 Jul 2022 00:23:23 +0000 Received: by worktop.programming.kicks-ass.net (Postfix, from userid 1000) id AC6F69802A7; Tue, 19 Jul 2022 02:23:22 +0200 (CEST) Date: Tue, 19 Jul 2022 02:23:22 +0200 From: Peter Zijlstra To: Linus Torvalds Cc: Thomas Gleixner , Sami Tolvanen , Joao Moreira , LKML , the arch/x86 maintainers , Tim Chen , Josh Poimboeuf , "Cooper, Andrew" , Pawan Gupta , Johannes Wikner , Alyssa Milburn , Jann Horn , "H.J. Lu" , "Moreira, Joao" , "Nuzman, Joseph" , Steven Rostedt , "Gross, Jurgen" , Masami Hiramatsu , Alexei Starovoitov , Daniel Borkmann , Peter Collingbourne Subject: Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation Message-ID: References: <87lesqukm5.ffs@tglx> <2f7f899cb75b79b08b0662ff4d2cb877@overdrivepizza.com> <87fsiyuhyz.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 18, 2022 at 05:11:27PM -0700, Linus Torvalds wrote: > On Mon, Jul 18, 2022 at 5:03 PM Linus Torvalds > wrote: > > > > So it already only adds the pattern to things that have their address > > taken, not all functions? > > > > If so, that's simple enough to sort out: don't do any RSB stack > > adjustment for those thunks AT ALL. > > > > Because they should just then end up with a jump to the "real" target, > > and that real target will do the RSB stack thing. > > Put another way, let's say that you have a function that looks like this: > > int silly(void) > { > return 0; > } > > and now you have two cases: > > - the "direct callable version" of that function looks exactly the > way it always has looked, and gets the 16 bytes of padding for it, and > the RSB counting can happen in that padding > > - the "somebody took the address of this function" creates code that > has the hash marker before it, and has the hash check, and then does a > "jmp silly" to actually jump to the real code. > > So what the RSB counting does is just ignore that second case entirely > as far as the RSB code generation goes. No need to have any padding > for it at all, it has that (completely different) kCFI padding > instead. > > Instead, only the "real" silly function gets that RSB code, and the > "jmp silly" from the kCFI thunk needs to be updated to point to the > RSB thunk in front of it. > > Yes, yes, it makes indirect calls slightly more expensive than direct > calls (because that kCFI thing can't just fall through to the real > thing), but considering all the *other* costs of indirect calls, the > cost of having that one "jmp" instruction doesn't really seem to > matter, does it? So it's like 2:15 am here, so I might not be following things right, but doesn't the above mean you have to play funny games with what a function pointer is? That is, the content of a function pointer (address taken) no longer match the actual function? That gives grief with things like static_call(), ftrace and other things that write call instructions instead of doing indirect calls.