Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

From: Borislav Petkov
Date: Sun Jan 14 2018 - 10:36:14 EST

Next message: Borislav Petkov: "Re: [PATCH v2] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros"
Previous message: mikhail fridman: "Congratulations"
In reply to: Thomas Gleixner: "Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit"
Next in thread: David Woodhouse: "[PATCH v8 08/12] x86/retpoline/hyperv: Convert assembler indirect jumps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote:
> Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b
> Gitweb: https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b
> Author: David Woodhouse <dwmw@xxxxxxxxxxxx>
> AuthorDate: Fri, 12 Jan 2018 11:11:27 +0000
> Committer: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> CommitDate: Fri, 12 Jan 2018 12:33:37 +0100
>
> x86/retpoline: Fill return stack buffer on vmexit

...

> +/*
> + * Google experimented with loop-unrolling and this turned out to be
> + * the optimal version â two calls, each with their own speculation
> + * trap should their return address end up getting used, in a loop.
> + */
> +#define __FILL_RETURN_BUFFER(reg, nr, sp) \
> + mov $(nr/2), reg; \
> +771: \
> + call 772f; \
> +773: /* speculation trap */ \
> + pause; \
> + jmp 773b; \
> +772: \
> + call 774f; \
> +775: /* speculation trap */ \
> + pause; \
> + jmp 775b; \
> +774: \
> + dec reg; \
> + jnz 771b; \
> + add $(BITS_PER_LONG/8) * nr, sp;
> +

Btw, just a minor nit: one could finish the lines with \n\t - the lines
preceding labels only with \n - so that the asm output looks readable.

Right now it is a single line of instructions. But I can fix that later.

---
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -33,23 +33,23 @@
* trap should their return address end up getting used, in a loop.
*/
#define __FILL_RETURN_BUFFER(reg, nr, sp) \
- mov $(nr/2), reg; \
-771: \
- call 772f; \
-773: /* speculation trap */ \
- pause; \
- lfence; \
- jmp 773b; \
-772: \
- call 774f; \
-775: /* speculation trap */ \
- pause; \
- lfence; \
- jmp 775b; \
-774: \
- dec reg; \
- jnz 771b; \
- add $(BITS_PER_LONG/8) * nr, sp;
+ mov $(nr/2), reg\n \
+771:\n\t \
+ call 772f\n \
+773:/* speculation trap */\n\t \
+ pause\n\t \
+ lfence\n\t \
+ jmp 773b\n \
+772:\n\t \
+ call 774f\n \
+775: /* speculation trap */\n\t \
+ pause\n\t \
+ lfence\n\t \
+ jmp 775b\n \
+774:\n\t \
+ dec reg\n\t \
+ jnz 771b\n\t \
+ add $(BITS_PER_LONG/8) * nr, sp\n

#ifdef __ASSEMBLY__

--
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Next message: Borislav Petkov: "Re: [PATCH v2] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros"
Previous message: mikhail fridman: "Congratulations"
In reply to: Thomas Gleixner: "Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit"
Next in thread: David Woodhouse: "[PATCH v8 08/12] x86/retpoline/hyperv: Convert assembler indirect jumps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]