Received: by 2002:ab2:7407:0:b0:1f4:b336:87c4 with SMTP id e7csp257036lqn; Thu, 11 Apr 2024 23:38:02 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUp+b0uUpLD2Gdi9fIvg9YGpdNVYBYVwuRS3kp7RMWBNesbWZ4/GE+dHVWMbafQGKjxGddHptfJSXsNDsgneLPHvwUwhhJE6DgY2LHeoA== X-Google-Smtp-Source: AGHT+IGOWQWquQ26CnmYfrwsBneBEEckfD7D2CFPhlSnKH4q4is6dA02+PFmRD3b5dcQVE8vUR4S X-Received: by 2002:a0c:ecc8:0:b0:696:93f3:7c9b with SMTP id o8-20020a0cecc8000000b0069693f37c9bmr2047132qvq.40.1712903882529; Thu, 11 Apr 2024 23:38:02 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712903882; cv=pass; d=google.com; s=arc-20160816; b=r1YfvVmm9PzGkyQphI0/SRRO9SceP0rZ1fKRPW34lky0JYtkUdVry8yiLwDxjbQ6dh Ry2ZUT5gWQuaESmWXTU8YtF2mo2jGTGMt1QDCfGH9TFYQhnaQHlVyp8+8GIKlzLnH7Rh K9oNnIuP4GMkmDmDlqXlHeV5ZP9BQG2OvGiSay2V34jlHjsa5QpFFlJticoUT4iDjQ6f R9GNM809zuUXYuzYbdNHlC3rTh4b22Bk5Di0Y/hZ97upL6JMir9/EPJEfwvJltmVdgMw oZN8fKNo6Hw8ERe3bTI3rDZDpR3eb8feIwSmUBMGcgmHyv501ZeNooA1HWKNLrv/J6sN U1cQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=6f26adygyvfnOwhGC7vuKuzcfXg/Le7Qv7cWGCNjlzY=; fh=2GubHmAM/tKXrQtdWXB7FQUcY4W5CGoLKEXqzDuG/ms=; b=F4pQMBO5XNLKh/xXv8c75arXNEtglQKynKrAGs/jzU4aeU2s6JS06J6Y5jGCCf9VOP cA5wUISdR19T5DbQZk9+RsZIFqcy4oNCDeyf/MUJ2MugM48vuhOXaQSAspMFk7nMfzFm zWPGoYZMC/OqfVAIcHy8G40MbPhEKQkN0demhjBn17tyBYmv7xQjZXsSedXmr9nKMHBh M6MirgYFA7/sZNyLAVdmYgPd7/UIkwlB5eqabQUkOQMEJdD3yh4M4OdVG5aU5GFn8Skn krF7DFszUirsi7zuwCeGjJFeMpovPzHWyIS5qRZn/0PN4YLxnPGTHVANvlbP9egPtft2 Zfpw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=oAHjtwf6; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-142047-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-142047-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id qf24-20020a0562144b9800b0069b1f1c5457si2953916qvb.279.2024.04.11.23.38.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 23:38:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-142047-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=oAHjtwf6; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-142047-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-142047-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 402E51C22617 for ; Fri, 12 Apr 2024 06:38:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 130673FE37; Fri, 12 Apr 2024 06:37:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="oAHjtwf6" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8362168DE for ; Fri, 12 Apr 2024 06:37:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712903875; cv=none; b=OKHsqUuuIHhe8+OGeALX1nsHZBGCHotVDviUOi2Ddgc3eUk+Fi587mBcca1zyiVNHhoVwMs5O/3c5Mjh3QAlgOccKP2Z3PN3JPjU0j6RRF341kVnuQuUY1JtArbVdx9xlx3cTHVyMtjTfKAN1TvD9KEOp5sbENCmb/wKCW1CdMY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712903875; c=relaxed/simple; bh=wf49vU3wxO+7g5vHILGQYoyMXXaNaNzlyUpS0RvxM8M=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=AMKUCbApyrkRtHX3SVgPFVMbVAS4plGArkt4BdWtDdcIFTzyxXoLDwBMQfkC24VwWtQF2asgQCVgKxQj+MR1Y6d14bs+JSGUorZmlX+gTCLIMCbJR3OugN/j9p+G6C8ML9t8AhX2nTp2bGddZbng1yRCrsT012h4KifiuR8bUrU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=oAHjtwf6; arc=none smtp.client-ip=192.198.163.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1712903873; x=1744439873; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=wf49vU3wxO+7g5vHILGQYoyMXXaNaNzlyUpS0RvxM8M=; b=oAHjtwf6NgCL0UO+md2hL2sDQcS+Vt+8yA5ttrr9ZkxxERpaH9rQtnHA 3JfoBMLdfsbTvQfFg9Kbr/4MdluixvWhdxTJWhIxn/ejjZuqwM+ZCCH4z rsyIBclrQ1rXhjQBIaSpaN0oRJJ+0l4HGHP96L0JV6Z+e/wgQkn1TyOcq uBzi4CuMgnDn9+mZh4rFhfjo6UJCP/7gha8jQ31mh0EplNtPyud/NV3bO lBnEs5WYL2d1tDfbHfsPDl5a1JqcgCHLlDCiiaNwJ0egsmHeUXE5GpOcY ayho68XFLO6cgofQhhUtMkRKomPfRg29XBhJBHqdj3ogiTy/8xpUMaUvL g==; X-CSE-ConnectionGUID: fGlwWOq3RjWB2Z5Yh48MFw== X-CSE-MsgGUID: ZwtnJ9qvRDa/ppYRT/Dxow== X-IronPort-AV: E=McAfee;i="6600,9927,11041"; a="19059327" X-IronPort-AV: E=Sophos;i="6.07,195,1708416000"; d="scan'208";a="19059327" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2024 23:37:52 -0700 X-CSE-ConnectionGUID: SC8AzrMfS6aC1LlcBSdErw== X-CSE-MsgGUID: VB8YPjGaRZGhh6kSohl0wQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,195,1708416000"; d="scan'208";a="44422086" Received: from ccaruthe-mobl.amr.corp.intel.com (HELO desk) ([10.251.14.202]) by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2024 23:37:52 -0700 Date: Thu, 11 Apr 2024 23:37:42 -0700 From: Pawan Gupta To: Josh Poimboeuf Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds , Daniel Sneddon , Thomas Gleixner , Alexandre Chartre , Konrad Rzeszutek Wilk , Peter Zijlstra , Greg Kroah-Hartman , Sean Christopherson , Andrew Cooper , Dave Hansen , Nikolay Borisov , KP Singh , Waiman Long , Borislav Petkov Subject: Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed Message-ID: <20240412063742.bsy7jrpbvqydntre@desk> References: <97befd7c1e008797734dee05181c49056ff6de57.1712813475.git.jpoimboe@kernel.org> <20240412062844.p5j33tmqjggladgl@desk> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240412062844.p5j33tmqjggladgl@desk> On Thu, Apr 11, 2024 at 11:28:54PM -0700, Pawan Gupta wrote: > > +#define __do_syscall(table, func_direct, nr, regs) \ > > +({ \ > > + unsigned long __rax, __rdi, __rsi; \ > > + \ > > + asm_inline volatile( \ > > + ALTERNATIVE("call " __stringify(func_direct) "\n\t", \ > > + ANNOTATE_RETPOLINE_SAFE \ > > + "call *%[func_ptr]\n\t", \ > > + X86_FEATURE_INDIRECT_SAFE) \ > > + : "=D" (__rdi), "=S" (__rsi), "=a" (__rax), \ > > + ASM_CALL_CONSTRAINT \ > > + : "0" (regs), "1" (nr), [func_ptr] "r" (table[nr]) \ > > + : "rdx", "rcx", "r8", "r9", "r10", "r11", \ > > + "cc", "memory"); \ > > + \ > > + __rax; \ > > +}) > > This is a nice implementation, but I think we can avoid the complexity > by using cpu_feature_enabled(). As cpu_feature_enabled() is also runtime > patched, atleast the likely() path should be comparable to this. Please > let me know if you have any concerns with this approach. > > --- > diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c > index 6de50b80702e..7c5332b83246 100644 > --- a/arch/x86/entry/common.c > +++ b/arch/x86/entry/common.c > @@ -49,7 +49,11 @@ static __always_inline bool do_syscall_x64(struct pt_regs *regs, int nr) > > if (likely(unr < NR_syscalls)) { > unr = array_index_nospec(unr, NR_syscalls); > - regs->ax = x64_sys_call(regs, unr); > + if (likely(cpu_feature_enabled(X86_FEATURE_INDIRECT_SAFE))) > + regs->ax = sys_call_table[unr](regs); > + else > + regs->ax = x64_sys_call(regs, unr); BTW, this also solves the missing lfence case before the indirect call.