Received: by 2002:ab2:7988:0:b0:1f4:b336:87c4 with SMTP id g8csp54391lqj; Thu, 11 Apr 2024 09:38:48 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUn9VzhRJ/zjt4QT+OFVoj1fQgtBz8tQkBFfarmnoDHooNB3PwBfzgY86cop99OoQFxOa6z+A6w41vuPOmwG7GWGVH6S28BAfP1w6bKKw== X-Google-Smtp-Source: AGHT+IH3g5urp2FUak0WtXjJIEj6dJkrYDPou9CmoNePQUqEd9o07Y+LUqj99q6/tBoZ3ebAvOUA X-Received: by 2002:a19:ca01:0:b0:515:d1b9:3066 with SMTP id a1-20020a19ca01000000b00515d1b93066mr168516lfg.46.1712853528088; Thu, 11 Apr 2024 09:38:48 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712853528; cv=pass; d=google.com; s=arc-20160816; b=PIc6Eim/yFA3tLqOw4w1Q6eCb043C6HVY1O4BoiM1OCXf8Zte3a/Zol+Ux2B9PXjjS CK0c0xUWuKqJ+pGuoQhSz940D0tYlOZqlmM1jE+KJ+CsoAHVnKKbycHhq2QRL2bazgKZ ZzOti0e8ARGyeESoV02QciVsG0GV3M874o5vaVpO/Fdd9d3JiLvu+dGdyq34ZydBAJ9e cnCQRPnvKREUGMLNMAlnBy22ZMeM8E7zCKrB5zXX69FrknpBvjAIT1wZy1e0BftjE/uc YHAG6vUFwSsoMW7r2fH9qj3jlnTodPWn7mKeRuyGp0KezCpBkfvGsA9U/IF8apzoOafO 5bsw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=IeRkdq7+2piFj/xXeYoVNcpWPj3nEJ132bjKmTGLRBQ=; fh=ji7HrPcp1r+OOLDs18P5kihpvOHr0fK0iabYdOu6QE8=; b=HxfZV5GIWdT7CXgCsjJuqgM4QQ2X1Sc5YZLWVAFtzF/0BRvOWHpDyEekzS8aYV6jq/ 49acK2cvw3Zq/EvPpP8boWHs6w6XCO0yJJTs72jcKH6nQhmqmW8fZVk0yAlLQAO5sq/s CQp5cjWFgba3Rg/RfbCCcC8I4liY3EwaYpVoEH9p1tU+v7tZ5J+0Ste+R7otCt4Brb2T yBOjFDTTMMSEAnOFkPNJZU0iwzLF9ckzkg4m9LRLeZuCvnJlCAvphRNn/uMpYPM0LW0O Yiy+VrSg0fuUK4zHeqvm7yVGGOAbwSoqZQEpdumYOdMsJQorxlh04rYijmQC5jn+gX4t Nd6w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aGaTBU7d; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-141027-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141027-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id cw10-20020a170906478a00b00a51dbd0cc2csi917249ejc.758.2024.04.11.09.38.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 09:38:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-141027-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aGaTBU7d; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-141027-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141027-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 10A171F23443 for ; Thu, 11 Apr 2024 16:38:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A0FE31CA6D1; Thu, 11 Apr 2024 15:38:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="aGaTBU7d" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C91E51CA6BA for ; Thu, 11 Apr 2024 15:38:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712849923; cv=none; b=qX/BhX3EMbodPNgDL39DdZHFCCfnRhE+L3+um4DTA8rQjo/rvRBP9o8lFnrPs2OAPG1zpAjG6216lzN3c7Nm/O///ec7kFsPu24mjwSVSt/X7UD7Y5SI65nbD/F7X2tnGNgZt91iLXF7G9yuzvN3HnF1MlIkQ85UW4dSq+XMnHI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712849923; c=relaxed/simple; bh=0XIFigNg8okTi2XcwCJDslMjIxGNFSCDsSh68/q0Ud4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Hl06GZOQTmgqiin3OLd7xhP+qQEOwqQC5EvtdnxAopEepzgDsI7MIXioLMVGGFWHiSGwRDgQzkxK21XTG4CyQAv34oBgOdrXowY8F587J4SScviNGPPFbN6dZzES/GGWkH64YXYOYZA0LnvHTdORDdxYIez4XnlrPSVU07SvAB0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=aGaTBU7d; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id AE207C113CE; Thu, 11 Apr 2024 15:38:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712849923; bh=0XIFigNg8okTi2XcwCJDslMjIxGNFSCDsSh68/q0Ud4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=aGaTBU7dJ/KuPVA22cvjffRpSftlAU4O+LZZLSuPk3heq+ij90Fsc7u3tN9JEsmIU lt6D6iwTiFikA3C0RWCvWY1lIdpzdaDrnUJeyMPYpI/oOSiSj+oDQrdRZKnt0IqKOE 7D9KZ2d51dyUy3fqlmFxFECXFdXtiwlklgm2RhJhwIIo3IJ8ivMcfzzeabnW57Irqd lPWciXlA5yanNZE8QiY2lE66HZoawFU9OTMsRQFmMO8zH0YRcrOq00SaJsJmR4YWbX SEu0Q1TzjcQCjKyUR9JdkI/4Mqu0+3JSGch87GkcLkhh+BRFknnUkA7kO29MmPTcx6 LrwpuKlS+G+Eg== Date: Thu, 11 Apr 2024 08:38:41 -0700 From: Josh Poimboeuf To: Andrew Cooper Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds , Daniel Sneddon , Pawan Gupta , Thomas Gleixner , Alexandre Chartre , Konrad Rzeszutek Wilk , Peter Zijlstra , Greg Kroah-Hartman , Sean Christopherson , Dave Hansen , Nikolay Borisov , KP Singh , Waiman Long , Borislav Petkov Subject: Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed Message-ID: <20240411153841.zexbsqrdli54kiez@treble> References: <97befd7c1e008797734dee05181c49056ff6de57.1712813475.git.jpoimboe@kernel.org> <90405c43-daca-48e4-b424-d66d6bf4dd87@citrix.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <90405c43-daca-48e4-b424-d66d6bf4dd87@citrix.com> On Thu, Apr 11, 2024 at 11:06:37AM +0100, Andrew Cooper wrote: > > +#define __do_syscall(table, func_direct, nr, regs) \ > > +({ \ > > + unsigned long __rax, __rdi, __rsi; \ > > + \ > > + asm_inline volatile( \ > > + ALTERNATIVE("call " __stringify(func_direct) "\n\t", \ > > + ANNOTATE_RETPOLINE_SAFE \ > > + "call *%[func_ptr]\n\t", \ > > This wants to be a plain maybe-thunk'd indirect call, and without the > ANNOTATE_RETPOLINE_SAFE. > > Or you're going to get into cases where some combinations of command > line options do unexpected things e.g. retpolining everything except the > syscall dispatch. In that case won't X86_FEATURE_INDIRECT_SAFE get cleared, resulting in the above using a direct call? Or did I miss something? -- Josh