Re: [PATCH v2 04/19] x86: implement ifence()
From: Eric W. Biederman
Date: Thu Jan 11 2018 - 21:28:44 EST
Dan Williams <dan.j.williams@xxxxxxxxx> writes:
> The new barrier, 'ifence', ensures that no instructions past the
> boundary are speculatively executed.
This needs a much better description.
If that description was valid we could add ifence in the syscall
entry path and not have any speculative execution to worry about in the
kernel.
Perhaps:
'ifence', ensures that no speculative execution that reaches the 'ifence'
boundary continues past the 'ifence' boundary.
> Previously the kernel only needed this fence in 'rdtsc_ordered', but it
> can also be used as a mitigation against Spectre variant1 attacks that
> speculative access memory past an array bounds check.
>
> 'ifence', via 'ifence_array_ptr', is an opt-in fallback to the default
> mitigation provided by '__array_ptr'. It is also proposed for blocking
> speculation in the 'get_user' path to bypass 'access_ok' checks. For
> now, just provide the common definition for later patches to build
> upon.
This part of the description is probably unnecessary.
Eric
>
> Suggested-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Suggested-by: Alan Cox <alan.cox@xxxxxxxxx>
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: Mark Rutland <mark.rutland@xxxxxxx>
> Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: x86@xxxxxxxxxx
> Signed-off-by: Elena Reshetova <elena.reshetova@xxxxxxxxx>
> Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
> ---
> arch/x86/include/asm/barrier.h | 4 ++++
> arch/x86/include/asm/msr.h | 3 +--
> 2 files changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h
> index 7fb336210e1b..b04f572d6d97 100644
> --- a/arch/x86/include/asm/barrier.h
> +++ b/arch/x86/include/asm/barrier.h
> @@ -24,6 +24,10 @@
> #define wmb() asm volatile("sfence" ::: "memory")
> #endif
>
> +/* prevent speculative execution past this barrier */
> +#define ifence() alternative_2("", "mfence", X86_FEATURE_MFENCE_RDTSC, \
> + "lfence", X86_FEATURE_LFENCE_RDTSC)
> +
> #ifdef CONFIG_X86_PPRO_FENCE
> #define dma_rmb() rmb()
> #else
> diff --git a/arch/x86/include/asm/msr.h b/arch/x86/include/asm/msr.h
> index 07962f5f6fba..e426d2a33ff3 100644
> --- a/arch/x86/include/asm/msr.h
> +++ b/arch/x86/include/asm/msr.h
> @@ -214,8 +214,7 @@ static __always_inline unsigned long long rdtsc_ordered(void)
> * that some other imaginary CPU is updating continuously with a
> * time stamp.
> */
> - alternative_2("", "mfence", X86_FEATURE_MFENCE_RDTSC,
> - "lfence", X86_FEATURE_LFENCE_RDTSC);
> + ifence();
> return rdtsc();
> }
>