Received: by 2002:ab2:1347:0:b0:1f4:ac9d:b246 with SMTP id g7csp466486lqg; Thu, 11 Apr 2024 08:09:06 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUGmFsfDMTBY+a3qMSFNA8ZwJsbugCY+wMNhCKgOe1IfMB+idNryJLbv7j8maLCLyQOFEmSOhyZJaGK9WiCqivHvQbslGWpzchFxysQog== X-Google-Smtp-Source: AGHT+IEHpea3E+SCKpYYYK/82BJ6T62chOxtD5rPmqXmlEXPjxkLl0LPtcu2l2Ej6MZqUzg0ZIkS X-Received: by 2002:a17:906:6948:b0:a50:7cdd:348f with SMTP id c8-20020a170906694800b00a507cdd348fmr3740693ejs.46.1712848145643; Thu, 11 Apr 2024 08:09:05 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712848145; cv=pass; d=google.com; s=arc-20160816; b=YMxU2i9LOX+EWUpG26hBlZVZWAF05NwXCQyut3d74C3G2r34QvH6NJO5AeHJZuK0b7 Idwnm2QHxr/7WgcIjk7w7s1uqsbOQne5IEpDt688rI6k4zhHx7SEo6Tpy5wbATT7hqUu SPPcaiMd/b4iFtS5Izc7+GStakdvPSKGMUAnf5o87WPkkExQpB0ApIDHlbwH3d2ngGzk 27SKBTlujIk7qzBvervE6amIRip7+wqIV027lR9q/WJe8R+NDgP9N5uJgNLc31piX6/r ud08R8U97yTlEKdVQg93LUpE8CyEhk723Ukx0XSwpP+IMbakeXrsU/lKkv3oLoR00Hll 0/EQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=oK+KG+cHi73BkH0dnZ6kjBnonm1o7YwUF0wDeJ98xRw=; fh=892hrt+4WTh0buDdLFktzaLuMmL2pb7pldVQWEKCPZs=; b=GWyaxi84kjQyrXTEQ1bGiY+jHjBxYi/PBwcBQfIXdSHEe+OvohI2O/GlL1E/+Q52Hg THBeAN21twgm643fMVrOaGyTYHZis0HeIf68r5atb28vh1TGAPvRprolv26Te3+DBOsa XkH9Zm9EWzG+J2NMQRmdAOjqMe/47WMnYmJaMiAvOMnTkzjjeymv+/C4ERDsuwHhFfNn 38DUnU4gcj9TjHkhpKlEhEz6Of/0KRrFOFjmng6RztAz7OBdV7+mXKidFLB9sQrkeGT9 ioo+yw4idJKMNcDcSg0i0VgIsJxULhxQXsQOwfcPCIy151AbMBXjKSy+YZqYkDVK/33O UH8g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=to815qwe; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-140719-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-140719-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id e25-20020a170906315900b00a4e34434ae5si812742eje.756.2024.04.11.08.09.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 08:09:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-140719-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=to815qwe; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-140719-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-140719-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 5A9E01F22DE2 for ; Thu, 11 Apr 2024 15:08:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1F40E179A8; Thu, 11 Apr 2024 15:08:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="to815qwe" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 473D017735 for ; Thu, 11 Apr 2024 15:08:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712848091; cv=none; b=KBAFLIApJY6K1vWwZ8ZmmW0sIiTaH4VSkHlzjpOx5Glxq1nVZOwRopnOaExNjo2E/hthD7zxonfZWWhjlsGbE0YGHqO3k4se2i1EOYtXgJNYri+6Tbq1MfzPhxiLXHaOeOMdpyNUkiBwOdo6as6zTUIYxx4VRIioSoWFGj/dUFU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712848091; c=relaxed/simple; bh=SzzKMkdyb3myA6zNSYzjTuGGXEZ4LdIPFjD8WtxpVLI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=T9R9k5sFcuBlrEU46Cj3cNoH4irGBjMybd5sMFifps7GugwK7zxbzsX79/LyeD381vxsApJ6krpenZRXlMNKz9J9HYtfFSQ2fF69K4YlNSEqdFzuDgMb0jmVn1fPFm7ts1Fz67uN1QS26DYBPmncrYls+6VkEobQs3Qg5FRVC0k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=to815qwe; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61C4AC113CD; Thu, 11 Apr 2024 15:08:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712848091; bh=SzzKMkdyb3myA6zNSYzjTuGGXEZ4LdIPFjD8WtxpVLI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=to815qweE4QcMoFbhOkPm6cYTmSy3fJitDiXQDm0RwmnF9K7cx/SBFvVghz28PHBy k90jggAcoMC7/15nFI6Mj2mIevX08p9MyKpg2gAtkuRBaDzZz4ZAs+0asrLC36JnFt PvEc+N9npnc3hYH3e6tvZSXPe7pERr3GheA3LQlwNeW7lmaZ/wB7nGsKi3cjsmkM5Y XHjAPV10JKRck30b7J74omPaQoWrFoWLWb8MDBQlnnHjQafybi4N+2pDT9mn3c1c0a b2WvjSMvpLx8L2uksLABaCl3/UmD9R8mxeqfb+fMAxww6vleJfHb6NAKFbcd2jOw44 ct9OqQRESptxw== Date: Thu, 11 Apr 2024 08:08:08 -0700 From: Josh Poimboeuf To: Nikolay Borisov Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds , Daniel Sneddon , Pawan Gupta , Thomas Gleixner , Alexandre Chartre , Konrad Rzeszutek Wilk , Peter Zijlstra , Greg Kroah-Hartman , Sean Christopherson , Andrew Cooper , Dave Hansen , KP Singh , Waiman Long , Borislav Petkov Subject: Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed Message-ID: <20240411150808.ukeoq54nrjtdd65g@treble> References: <97befd7c1e008797734dee05181c49056ff6de57.1712813475.git.jpoimboe@kernel.org> <124f4871-1275-47af-b513-297b870708b2@suse.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <124f4871-1275-47af-b513-297b870708b2@suse.com> On Thu, Apr 11, 2024 at 09:20:17AM +0300, Nikolay Borisov wrote: > On 11.04.24 г. 8:40 ч., Josh Poimboeuf wrote: > > Syscall hardening (i.e., converting the syscall indirect branch to a > > series of direct branches) may cause performance regressions in certain > > scenarios. Only use the syscall hardening when indirect branches are > > considered unsafe. > > > > Fixes: 1e3ad78334a6 ("x86/syscall: Don't force use of indirect calls for system calls") > > Signed-off-by: Josh Poimboeuf > > Why fiddle with syscall mechanism if the bhb scrubbing sequence mitigates > bhb? AFAIU (correct me if I'm wrong) the original idea was to have use > syscall hardening instead of the BHB sequence but since it became clear > that's not sufficient bhb scrubbing completely subsumes the direct branch > approach in the syscall handler? I agree, but I think Linus wanted it for some reason. I might not have gotten the X86_FEATURE_INDIRECT_SAFE conditions right, maybe Linus can clarify. I'm going to experiment with having objtool find all indirect branches reachable 66 branches from syscall entry. If we converted all those to direct branches then the SW loop wouldn't be needed. But until then I don't see much point in the syscall direct branches. We could just disable it completely until if/when it's really needed. -- Josh