Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp958389imi; Fri, 22 Jul 2022 13:34:20 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sOT1WEkcGPNJPGVCgmOKnkGB9zuXzgXhWXYroezMbHLSbFxT2XiVLzLKwU8q70OoNq2U+Y X-Received: by 2002:a05:6402:3228:b0:43b:de2e:2fc0 with SMTP id g40-20020a056402322800b0043bde2e2fc0mr432006eda.299.1658522059979; Fri, 22 Jul 2022 13:34:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658522059; cv=none; d=google.com; s=arc-20160816; b=lCAUt30QMpnuiagJCN4AxGN+SLNAEQmhxL9yCRv7of8KzOgG3BQkdWg+PBfoK1U7nC pdKZOFt4V7pH1zccHyBFMKXH5LSF5yOj1HaXW/W6mIKJmFT9WQoGzc99b16ZcMbd6znT kntwy1WttEuDQXvVHwYQFV8YtmeMwJa76tQgsXiO9OTBk0XnMVNmG7yngv+XqNREs9iA DX5IF9IPOBFOz35Tj5h8wHlX1vfGi3xt/OMnCUA+hzHxzBHpzLWPA1Vqu4r4A6wWXyRg 94r6WCR+cQ94SSTAyZw5mNiJIi2c4P+nLd8F6wWgD36w4mqM2h80fZNd30d3ADsWL5ll Vz5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=vXmJ2yXCxNskba4ZLjbH86FNYHbD4NThIUhKp55EFNU=; b=RZQaK5a+ZxtuK2iH396/ndcJvgSUw70UsUUqpaHquMMPSishOXYuWGvBLMaqRZPm6Y NGJaF3ZnIyKvaY/7WdAIHJXjvDEhkOYqwAMf1cG+9i2xCAs4nMVv8jZL27DNuuoc3sSh H8bUdQFwe7i9p1r98Bfm+gpJC19oewovRYQaN30gRg9Nh5norFi0fSkfVM5lShSxK06R ZlpdPb3DAlj+Z7nsc/E3JqEzHzh+BLzs8NT47gf7FGEKmhj3DzsAzzowzD48yWQawC70 uI6QfBm1XPdfXPbrZWL1NfLhLO7EGl1icWrGMbe0xvSCbghaMkvY/Q3Y2RXBzocvlbQL 29rQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VgoMhvGk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hb33-20020a170907162100b0072b4a6fd638si7556998ejc.543.2022.07.22.13.33.54; Fri, 22 Jul 2022 13:34:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VgoMhvGk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236628AbiGVULa (ORCPT + 99 others); Fri, 22 Jul 2022 16:11:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39716 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236650AbiGVUL2 (ORCPT ); Fri, 22 Jul 2022 16:11:28 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25747A9B98 for ; Fri, 22 Jul 2022 13:11:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1658520687; x=1690056687; h=message-id:subject:from:to:cc:date:in-reply-to: references:mime-version:content-transfer-encoding; bh=TDg/+6wBwme/2Hkfd05RWXB2rfGyaMu54q4M571X0q4=; b=VgoMhvGkkcvHUhMlIqdyIFndS5Q1DFMrnAFcmiMvUzwGhr93NHRyLmH/ 3NvbViZfK50q+hkDoyKlLzyWmVOj99HI3l+WijC143KdA/YSaJ1vZXJeU Ag+8gc8pBjk4/qiOapqAsgFPU/+C08Of6KtO0QCM6LQqbS5d58bJCLNT1 Tg7NsTLygtex0jABTmlQIJ8Gnb2iax5vwksQ0g12WJnANuEK55PFphY+Y 0DHwhLIQKVDdsb9DXEqM5bhues/N3/kEYlstXrnluZ92Lk7GekG010CmJ AB/JYgpGjiojJO22haFDrtYwBJq9Ll0xi8f4joXA8+kj21LywW46fveUh A==; X-IronPort-AV: E=McAfee;i="6400,9594,10416"; a="267792192" X-IronPort-AV: E=Sophos;i="5.93,186,1654585200"; d="scan'208";a="267792192" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jul 2022 13:11:26 -0700 X-IronPort-AV: E=Sophos;i="5.93,186,1654585200"; d="scan'208";a="844883130" Received: from schen9-mobl.jf.intel.com ([10.24.10.91]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jul 2022 13:11:25 -0700 Message-ID: Subject: Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation From: Tim Chen To: Thomas Gleixner , Linus Torvalds Cc: LKML , the arch/x86 maintainers , Josh Poimboeuf , Andrew Cooper , Pawan Gupta , Johannes Wikner , Alyssa Milburn , Jann Horn , "H.J. Lu" , Joao Moreira , Joseph Nuzman , Steven Rostedt , Juergen Gross , "Peter Zijlstra (Intel)" , Masami Hiramatsu , Alexei Starovoitov , Daniel Borkmann Date: Fri, 22 Jul 2022 13:11:25 -0700 In-Reply-To: <87o7xmup5t.ffs@tglx> References: <20220716230344.239749011@linutronix.de> <87wncauslw.ffs@tglx> <87tu7euska.ffs@tglx> <87o7xmup5t.ffs@tglx> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 (3.34.4-1.fc31) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2022-07-18 at 22:44 +0200, Thomas Gleixner wrote: > On Mon, Jul 18 2022 at 12:51, Linus Torvalds wrote: > > On Mon, Jul 18, 2022 at 12:30 PM Thomas Gleixner wrote: > > > Let the compiler add a 16 byte padding in front of each function entry > > > point and put the call depth accounting there. That avoids calling out > > > into the module area and reduces ITLB pressure. > > > > Ooh. > > > > I actually like this a lot better. > > > > Could we just say "use this instead if you have SKL and care about the issue?" > > > > I don't hate your module thunk trick, but this does seem *so* much > > simpler, and if it performs better anyway, it really does seem like > > the better approach. > > Yes, Peter and I came from avoiding a new compiler and the overhead for > everyone when putting the padding into the code. We realized only when > staring at the perf data that this padding in front of the function > might be an acceptable solution. I did some more tests today on different > machines with mitigations=off with kernels compiled with and without > that padding. I couldn't find a single test case where the result was > outside of the usual noise. But then my tests are definitely incomplete. > Here are some performance numbers for FIO running on a SKX server with Intel Cold Stream SSD. Padding improves performance significantly. Tested latest depth tracking code from Thomas: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git/log/?h=depthtracking (SHA1 714d29e3e7e3faac27142424ae2533163ddd3a46) latest gcc patch from Thomas is included at the end. Baseline Baseline read (kIOPs) Mean stdev mitigations=off retbleed=off CPU util ================================================================================ mitigations=off 356.33 6.35 0.00% 7.11% 98.93% retbleed=off 332.67 5.51 -6.64% 0.00% 99.16% retbleed=ibrs 242.00 5.57 -32.09% -27.25% 99.41% retbleed=stuff (nopad) 281.67 4.62 -20.95% -15.33% 99.35% retbleed=stuff (pad) 310.67 0.58 -12.82% -6.61% 99.29% read/write Baseline Baseline 70/30 (kIOPs) Mean stdev mitigations=off retbleed=off CPU util ================================================================================ mitigations=off 340.60 8.12 0.00% 4.01% 96.80% retbleed=off 327.47 8.03 -3.86% 0.00% 97.06% retbleed=ibrs 239.47 0.75 -29.69% -26.87% 98.23% retbleed=stuff (nopad) 275.20 0.69 -19.20% -15.96% 97.86% retbleed=stuff (pad) 296.60 2.03 -12.92% -9.43% 97.14% Baseline Baseline write (kIOPs) Mean stdev mitigations=off retbleed=off CPU util ================================================================================ mitigations=off 299.33 4.04 0.00% 7.16% 93.51% retbleed=off 279.33 7.51 -6.68% 0.00% 94.30% retbleed=ibrs 231.33 0.58 -22.72% -17.18% 95.84% retbleed=stuff (nopad) 257.67 0.58 -13.92% -7.76% 94.96% retbleed=stuff (pad) 274.67 1.53 -8.24% -1.67% 94.31% Tim gcc patch from Thomas: --- gcc/config/i386/i386.cc | 13 +++++++++++++ gcc/config/i386/i386.h | 7 +++++++ gcc/config/i386/i386.opt | 4 ++++ gcc/doc/invoke.texi | 6 ++++++ 4 files changed, 30 insertions(+) --- a/gcc/config/i386/i386.cc +++ b/gcc/config/i386/i386.cc @@ -6182,6 +6182,19 @@ ix86_code_end (void) file_end_indicate_split_stack (); } +void +x86_asm_output_function_prefix (FILE *asm_out_file, + const char *fnname ATTRIBUTE_UNUSED) +{ + if (force_function_padding) + { + fprintf (asm_out_file, "\t.align %d\n", + 1 << force_function_padding); + fprintf (asm_out_file, "\t.skip %d,0xcc\n", + 1 << force_function_padding); + } +} + /* Emit code for the SET_GOT patterns. */ const char * --- a/gcc/config/i386/i386.h +++ b/gcc/config/i386/i386.h @@ -2860,6 +2860,13 @@ extern enum attr_cpu ix86_schedule; #define LIBGCC2_UNWIND_ATTRIBUTE __attribute__((target ("no-mmx,no-sse"))) #endif +#include +extern void +x86_asm_output_function_prefix (FILE *asm_out_file, + const char *fnname ATTRIBUTE_UNUSED); +#undef ASM_OUTPUT_FUNCTION_PREFIX +#define ASM_OUTPUT_FUNCTION_PREFIX x86_asm_output_function_prefix + /* Local variables: version-control: t --- a/gcc/config/i386/i386.opt +++ b/gcc/config/i386/i386.opt @@ -1064,6 +1064,10 @@ mindirect-branch= Target RejectNegative Joined Enum(indirect_branch) Var(ix86_indirect_branch) Init(indirect_branch_keep) Convert indirect call and jump to call and return thunks. +mforce-function-padding= +Target Joined UInteger Var(force_function_padding) Init(0) IntegerRange(0, 6) +Put a 2^$N byte padding area before each function + mfunction-return= Target RejectNegative Joined Enum(indirect_branch) Var(ix86_function_return) Init(indirect_branch_keep) Convert function return to call and return thunk. --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -1451,6 +1451,7 @@ See RS/6000 and PowerPC Options. -mindirect-branch=@var{choice} -mfunction-return=@var{choice} @gol -mindirect-branch-register -mharden-sls=@var{choice} @gol -mindirect-branch-cs-prefix -mneeded -mno-direct-extern-access} +-mforce-function-padding @gol @emph{x86 Windows Options} @gccoptlist{-mconsole -mcygwin -mno-cygwin -mdll @gol @@ -32849,6 +32850,11 @@ Force all calls to functions to be indir when using Intel Processor Trace where it generates more precise timing information for function calls. +@item -mforce-function-padding +@opindex -mforce-function-padding +Force a 16 byte padding are before each function which allows run-time +code patching to put a special prologue before the function entry. + @item -mmanual-endbr @opindex mmanual-endbr Insert ENDBR instruction at function entry only via the @code{cf_check}