Received: by 2002:ab2:7407:0:b0:1f4:b336:87c4 with SMTP id e7csp138975lqn; Thu, 11 Apr 2024 17:15:37 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWeB8jjFGIxJFR+EyCe9dHUZSKBdUM6IVp/afVwAznoL/KjpnkW7Y5JyQX4fLsBTA1Qpoi3AEe4PzMS3YyRwYyrPU0pmxybPpPW+36oXA== X-Google-Smtp-Source: AGHT+IEDm3+uKXsOTQ9Ls8fA3syFjXnxI/+uM6l68qWQ/A1GWmq/b28O1EAPeY84IWASVOokmj4Q X-Received: by 2002:a17:902:a50d:b0:1e4:b051:f870 with SMTP id s13-20020a170902a50d00b001e4b051f870mr1089225plq.24.1712880937501; Thu, 11 Apr 2024 17:15:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712880937; cv=pass; d=google.com; s=arc-20160816; b=AGWTa9DiSbi/DpsQ4HTi11KOdN7rOA49PXCMnHRT9EmJdTRicbLgIkaAop5yiTfwHG GR2SCeWfDmqruujnd5JmuI2U+eZVROhS4iUk2e/yAA5mamziD8oA4imD/aKD3P9m0ity 1zKSDLgh9NqWU5KDPfIhtHSrpPR2cR3PpqZhaACDat+TWfAo1ZoQcZTEPIBCUk+YxAiz +5OahwZ5jGOmOdR6dGSCyiFvHJ7JBfPfVDzkrwd67tDrGlH8dsvdwKEYmK1DLsc/32yk m1XafD2Conf8uV9KxLHihyi48Wl+dtIhT5JBry6D9XAmS4IH4h49KsnmTkblJZi0VeRl mvjA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=WEjrRVlDiJ1eEo7W1L6U5TUwXneIQSqsLtr7RAvQQDw=; fh=2GubHmAM/tKXrQtdWXB7FQUcY4W5CGoLKEXqzDuG/ms=; b=JyTxQtTMhgsiMbV3eoj5fG3VK2X8IntXeBMPOHInX8ITgx4I549tJT9tl9M6+pEsFc u6xgzOEtQUtlYJhv+doCUSdsfqQ16EMkpJdA3p7uGtPPq6K2c8UGuA5O37GGEMtfy/wf eQyhc7CMwty5HeuL4lkiLsckPF2jlZiM305ExlKT91cUgmX0roUlmyW4gx7FkhVCD2GA y+fwQT+PGc9UMZvg/4CHaCAlIDghbqLTWed+8FmTGbne84rzmlab37TvuYqQB8hHbEfe vK5ct7o7jX8zUKGx1U2ngW43zWbUNJL1KgrsqYIlVH9ic72W1rgmcHI+w/jJyqy5yFvO VDug==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=bkF+T73C; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-141744-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141744-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id n16-20020a170902f61000b001e4803fb156si2154713plg.282.2024.04.11.17.15.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 17:15:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-141744-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=bkF+T73C; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-141744-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141744-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 34AFD285C94 for ; Fri, 12 Apr 2024 00:15:37 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E0AFA1361; Fri, 12 Apr 2024 00:15:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="bkF+T73C" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64A7836C for ; Fri, 12 Apr 2024 00:15:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712880934; cv=none; b=Rg+yXCJu5hZVlPGB+F9SUSXM0ht158Lylq1KxHmy86HOgWQI06DNRHd8ckGmKdYG38iUWaLYDQstZgLASSuxv1avzXC6sywKCqN3q3N9vDDzCgxEOJEBdyeIFF0sCf4Tgc4pG/V9+vKtsdT0E1R2rQCN8JJvcFGvxW87cBdd9qw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712880934; c=relaxed/simple; bh=MbYbHKaYYrxJIm4Fw2wvHNsnfpuTDp9lkXBmrxwCgpg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=lMA6+1ZPop6fD+6C32h1/9jNHhtgH637C1PqO7btcOsSLw+E5VJb0CWjp5/dmjmutgs/36FzT7BknKRcxB3q24ghZjc7lz1I5UosolpeS1xddDjgk578cSLATALFBa579lA2zf82YCGMOzRYG9zAotnadnDsEFwuXi5+5nldSW0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=bkF+T73C; arc=none smtp.client-ip=198.175.65.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1712880933; x=1744416933; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=MbYbHKaYYrxJIm4Fw2wvHNsnfpuTDp9lkXBmrxwCgpg=; b=bkF+T73ChBwd/8e99sGdI8GLNII3frVOl+zGiCDMQ6fQ9Mf2sCLi/Alc KtuW3KJnEqqd8h083Z0oO0NBDGbXHSPFwvvevYcsK9vvws8sk8kHc8R4Y nthwIS4B4u9l7XTDnSDB5bmMI5PRC0W6GgPegNA+smph2TcH9S4ZwfOcQ 8IHdpAIWGMJncsld4/h0+n0IEOsLv7Y2ixo5M6fUoTAv42hHgnWhPqYtG Nj0mMeNHKaZ/gKpRAEAGAEA/bRMaTGUa8ysRwZ0Cd+EJo+LRQ+qyFwCAK ApFVK8i1cRfBT81CKIi9vEM573inrS3w6q7NctEmINv4o6Vx+LlENJ7GD w==; X-CSE-ConnectionGUID: zFrDygX8TUm5SfMTLfSgdA== X-CSE-MsgGUID: t2DOCICYRA21Twh1sYrTCA== X-IronPort-AV: E=McAfee;i="6600,9927,11041"; a="30806482" X-IronPort-AV: E=Sophos;i="6.07,194,1708416000"; d="scan'208";a="30806482" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2024 17:15:32 -0700 X-CSE-ConnectionGUID: RiGasNyXTBu/IwBZtzs4Ow== X-CSE-MsgGUID: YIq+Z4zeQPGFQy8b4Mmi9w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,194,1708416000"; d="scan'208";a="21501876" Received: from haigouhu-mobl1.amr.corp.intel.com (HELO desk) ([10.209.117.182]) by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2024 17:15:31 -0700 Date: Thu, 11 Apr 2024 17:15:22 -0700 From: Pawan Gupta To: Josh Poimboeuf Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds , Daniel Sneddon , Thomas Gleixner , Alexandre Chartre , Konrad Rzeszutek Wilk , Peter Zijlstra , Greg Kroah-Hartman , Sean Christopherson , Andrew Cooper , Dave Hansen , Nikolay Borisov , KP Singh , Waiman Long , Borislav Petkov Subject: Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed Message-ID: <20240412001522.3zp2mzked4ksglkl@desk> References: <97befd7c1e008797734dee05181c49056ff6de57.1712813475.git.jpoimboe@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <97befd7c1e008797734dee05181c49056ff6de57.1712813475.git.jpoimboe@kernel.org> On Wed, Apr 10, 2024 at 10:40:49PM -0700, Josh Poimboeuf wrote: > Syscall hardening (i.e., converting the syscall indirect branch to a > series of direct branches) may cause performance regressions in certain > scenarios. Only use the syscall hardening when indirect branches are > considered unsafe. > > Fixes: 1e3ad78334a6 ("x86/syscall: Don't force use of indirect calls for system calls") > Signed-off-by: Josh Poimboeuf > --- > arch/x86/entry/common.c | 30 +++++++++++++++++++++++++--- > arch/x86/entry/syscall_32.c | 11 +--------- > arch/x86/entry/syscall_64.c | 8 +------- > arch/x86/entry/syscall_x32.c | 7 ++++++- > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/syscall.h | 8 +++++++- > arch/x86/kernel/cpu/bugs.c | 32 +++++++++++++++++++++++++++++- > 7 files changed, 74 insertions(+), 23 deletions(-) > > diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c > index 6de50b80702e..80d432d2fe44 100644 > --- a/arch/x86/entry/common.c > +++ b/arch/x86/entry/common.c > @@ -39,6 +39,28 @@ > > #ifdef CONFIG_X86_64 > > +/* > + * Do either a direct or an indirect call, depending on whether indirect calls > + * are considered safe. > + */ > +#define __do_syscall(table, func_direct, nr, regs) \ > +({ \ > + unsigned long __rax, __rdi, __rsi; \ > + \ > + asm_inline volatile( \ > + ALTERNATIVE("call " __stringify(func_direct) "\n\t", \ > + ANNOTATE_RETPOLINE_SAFE \ > + "call *%[func_ptr]\n\t", \ This will likely not insert the lfence before the indirect call in spectre_v2=eibrs,lfence mode. As X86_FEATURE_INDIRECT_SAFE is not cleared when eIBRS is enabled, this will not be converted to direct call. [...] > @@ -1720,6 +1744,7 @@ static void __init spectre_v2_select_mitigation(void) > > case SPECTRE_V2_CMD_RETPOLINE_LFENCE: > pr_err(SPECTRE_V2_LFENCE_MSG); > + setup_clear_cpu_cap(X86_FEATURE_INDIRECT_SAFE); I don't know if it intentional, this seems to be the duplicate of X86_FEATURE_INDIRECT_SAFE clear later in SPECTRE_V2_LFENCE mode. Also it seems a bit odd to do this here in SPECTRE_V2_CMD handling. > mode = SPECTRE_V2_LFENCE; > break; > > @@ -1772,11 +1797,16 @@ static void __init spectre_v2_select_mitigation(void) > break; > > case SPECTRE_V2_LFENCE: > + setup_clear_cpu_cap(X86_FEATURE_INDIRECT_SAFE); > + fallthrough; > case SPECTRE_V2_EIBRS_LFENCE: > setup_force_cpu_cap(X86_FEATURE_RETPOLINE_LFENCE); > - fallthrough; > + setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > + break; > > case SPECTRE_V2_RETPOLINE: > + setup_clear_cpu_cap(X86_FEATURE_INDIRECT_SAFE); > + fallthrough; > case SPECTRE_V2_EIBRS_RETPOLINE: > setup_force_cpu_cap(X86_FEATURE_RETPOLINE); > break;