Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp1050234rwb;
        Thu, 18 Aug 2022 17:57:31 -0700 (PDT)
X-Google-Smtp-Source: AA6agR46PS2SYeHOe0x8mJ6wktOts261rdXNz+vGNDQOLwRhf5D5Ywc8ZZ2w0ZWCRZ60CVC97VFo
X-Received: by 2002:a65:6892:0:b0:41d:54a2:b0b0 with SMTP id e18-20020a656892000000b0041d54a2b0b0mr4266014pgt.560.1660870651180;
        Thu, 18 Aug 2022 17:57:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660870651; cv=none;
        d=google.com; s=arc-20160816;
        b=0+VW7q0mXzH0Jde9LfhnFLc32JRwtxz26Fa6mtOIVLMZsTxm/fFt5u8dPgSgmScPIf
         NRFrnI2PZR6Nor8iEcw/PFTJr9m3orWRC0RgMCgQbhV4Gp85B3wv+YYAubywRTJIcqfX
         TSr/xSD2TNAedcsPeOPBVfqmlR1gItyj9ukEfYGyOdHkiV1u508o+MPcFcoqnisXQdnx
         3V2lMuWqinAVckfYil9wI4VeP9+sFxATnIK9sUz4T8rAm+YEp6Aq0IiA0qhr1ywMQ6as
         1gyoCO6N28poJlKGpbo2vg9VAU7/Et9avSpzIlwEnl3Xl/24lbuL27IPDteXZrEyoS9n
         eu1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-disposition:mime-version:message-id
         :subject:cc:to:from:date;
        bh=MvRvt7XrBLo9TmKtCRRx31A0G/BwtGTl3IKag/gkeo0=;
        b=XsqQQvFp2fCR8qK+lWEfLz40dmIybDXZx8b/X2XSXNNfLG3VTa7RIiksQq+YTiJ2Tt
         O6IouBgg0ERRBhUTgQ99HpBRbPY4SmqJzdIqsoM9F+O6W+eEtdGxnrDksGP+9rudOjgf
         UUf3TfbufgEFTUTRj+vIONFxq1tD8FGM7f/TPAB/GkpyH3JrQqDqENgt967N0sU+XfSk
         rKKUtDWWQO5+ATTof5KgfWRUhuRXVEwCkFYkbcxH9iBxibxJLjZDmV0xY7uO8/GjQnGM
         3UOzsWu7R5hfVzjDgUt/gwchzpFzWeJ26rtw+NSI8DhkCRRCQRO5bMwT9LlNJeP8ZHfK
         5MtA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id rm2-20020a17090b3ec200b001f3e54ca93asi774807pjb.76.2022.08.18.17.57.20;
        Thu, 18 Aug 2022 17:57:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239717AbiHSAdT (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Thu, 18 Aug 2022 20:33:19 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59172 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229899AbiHSAdR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 18 Aug 2022 20:33:17 -0400
Received: from maynard.decadent.org.uk (maynard.decadent.org.uk [95.217.213.242])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 984A1FD00;
        Thu, 18 Aug 2022 17:33:15 -0700 (PDT)
Received: from 213.219.160.184.adsl.dyn.edpnet.net ([213.219.160.184] helo=deadeye)
        by maynard with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.92)
        (envelope-from <ben@decadent.org.uk>)
        id 1oOpwj-0000wB-3a; Fri, 19 Aug 2022 02:33:09 +0200
Received: from ben by deadeye with local (Exim 4.96)
        (envelope-from <ben@decadent.org.uk>)
        id 1oOpwi-000a0S-0N;
        Fri, 19 Aug 2022 02:33:08 +0200
Date:   Fri, 19 Aug 2022 02:33:08 +0200
From:   Ben Hutchings <ben@decadent.org.uk>
To:     x86@kernel.org
Cc:     linux-kernel@vger.kernel.org, 1017425@bugs.debian.org,
        =?iso-8859-1?Q?Martin-=C9ric?= Racine <martin-eric.racine@iki.fi>,
        stable@vger.kernel.org, regressions@lists.linux.dev,
        Daniel Sneddon <daniel.sneddon@linux.intel.com>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Subject: [PATCH] x86/speculation: Avoid LFENCE in FILL_RETURN_BUFFER on CPUs
 that lack it
Message-ID: <Yv7aRJ/SvVhSdnSB@decadent.org.uk>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
        protocol="application/pgp-signature"; boundary="eT0M3T1LYdQ/WIvW"
Content-Disposition: inline
X-SA-Exim-Connect-IP: 213.219.160.184
X-SA-Exim-Mail-From: ben@decadent.org.uk
X-SA-Exim-Scanned: No (on maynard); SAEximRunCond expanded to false
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--eT0M3T1LYdQ/WIvW
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=46rom: Ben Hutchings <benh@debian.org>

The mitigation for PBRSB includes adding LFENCE instructions to the
RSB filling sequence.  However, RSB filling is done on some older CPUs
that don't support the LFENCE instruction.

Define and use a BARRIER_NOSPEC macro which makes the LFENCE
conditional on X86_FEATURE_LFENCE_RDTSC, like the barrier_nospec()
macro defined for C code in <asm/barrier.h>.

Reported-by: Martin-=C9ric Racine <martin-eric.racine@iki.fi>
References: https://bugs.debian.org/1017425
Cc: stable@vger.kernel.org
Cc: regressions@lists.linux.dev
Cc: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Fixes: 2b1299322016 ("x86/speculation: Add RSB VM Exit protections")
Fixes: ba6e31af2be9 ("x86/speculation: Add LFENCE to RSB fill sequence")
Signed-off-by: Ben Hutchings <benh@debian.org>
---
Re-sending this with properly matched From address and server.
Apologies if you got 2 copies.

Ben.

 arch/x86/include/asm/nospec-branch.h | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/no=
spec-branch.h
index e64fd20778b6..b1029fd88474 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -34,6 +34,11 @@
=20
 #define RSB_CLEAR_LOOPS		32	/* To forcibly overwrite all entries */
=20
+#ifdef __ASSEMBLY__
+
+/* Prevent speculative execution past this barrier. */
+#define BARRIER_NOSPEC ALTERNATIVE "", "lfence", X86_FEATURE_LFENCE_RDTSC
+
 /*
  * Google experimented with loop-unrolling and this turned out to be
  * the optimal version - two calls, each with their own speculation
@@ -62,9 +67,7 @@
 	dec	reg;				\
 	jnz	771b;				\
 	/* barrier for jnz misprediction */	\
-	lfence;
-
-#ifdef __ASSEMBLY__
+	BARRIER_NOSPEC;
=20
 /*
  * This should be used immediately before an indirect jump/call. It tells
@@ -138,7 +141,7 @@
 	int3
 .Lunbalanced_ret_guard_\@:
 	add $(BITS_PER_LONG/8), %_ASM_SP
-	lfence
+	BARRIER_NOSPEC
 .endm
=20
  /*

--eT0M3T1LYdQ/WIvW
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmL+2j0ACgkQ57/I7JWG
EQlPgA/+JoIOscO32lmTqexszlIn0F8EUMhfZfCh6h3mSgt0w8B1r4oBmEZTs9x5
HOHjeG0ZtdQvTKm10bCn2eCQq9xhH35m/OSNoysS64lFsQLyKmvXoV2U36nvxSnu
S7Dd0pt1Mgxs6o7+l/Gxhd1Jva6JagwjZjcOe3cPmcMtgbBZfPsmAofkSbq/89u4
iBeUm7YE5i7zRB5DZWHbMs+GIEGdyRplu1u7pYxRSg9XQg/zSdNdS02c5v8/PLx2
NgTGVR+t858WG791oTNXqkV1SG1s3LNuimJej155QCxyMNrJgAqre713cv9x5uEA
tU/VRZdPoYkee/L6d31p77C9+BV1PD2wy1pUFVBEvXV7cbDXvpXNjb5ZRAHPSBIa
1LBP1jrvCfeq7r4qQPIjIU5T8mU6ClJKkHLnf0ZjFwDvyNOEHy9dlH5ShjYy/oFX
Wedrbb7Y/sk39fxF5km0ns8gL/s689HbT1quEbqE2NhjfurOlSTuejwE4kZv8+O9
OTvzIPOoM0rjNZOWKn89zLwSygZxJeEczWiA6dml6vuqdU9p0TAI5b7DCvbcr71J
KziLwMJAGHIik+FYKS34tKsQaHTUIIbgNV3H1GLZnQrcYH0zfSDvO0q+X8bVcSWB
5k23Kkd4wwcu/WEVBSAIkiMoHmQrxUauVOcIDBXOoi0je9B67kQ=
=/q8V
-----END PGP SIGNATURE-----

--eT0M3T1LYdQ/WIvW--