Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit

[Peter Zijlstra]

On Thu, Jan 11, 2018 at 12:04:35AM +0000, Woodhouse, David wrote:
> On Wed, 2018-01-10 at 15:47 -0800, Tim Chen wrote:
> > 
> > > +
> > > +     asm volatile (ALTERNATIVE("",
> > > +                               __stringify(__FILL_RETURN_BUFFER(%0, %1, _%=)),
> > > +                               X86_FEATURE_RETPOLINE)
> > 
> > We'll be patching in a fairly long set of instructions here.  Maybe put
> > the ALTERNATIVE in the assembly and use a jmp skip_\@ for the ALTERNATIVE.
> 
> Perhaps the alternatives.h header could give me a clean way of doing this:
> 
> --- a/arch/x86/include/asm/nospec-branch.h
> +++ b/arch/x86/include/asm/nospec-branch.h
> @@ -177,7 +178,7 @@ static inline void vmexit_fill_RSB(void)
>  {
>         unsigned long dummy;
>  
> -       asm volatile (ALTERNATIVE("",
> +       asm volatile (ALTERNATIVE("jmp " alt_end_marker "f",
>                                   __stringify(__FILL_RETURN_BUFFER(%0, %1, _%=)),
>                                   X86_FEATURE_RETPOLINE)
>                       : "=r" (dummy), ASM_CALL_CONSTRAINT : : "memory" );


Or we teach the alternative thing to patch in a jmp to end instead of
NOP padding the entire thing as soon as the jmp (3 bytes) fits ?