Re: [PATCH] KVM: VMX: remove LFENCE in vmx_spec_ctrl_restore_host()

From: Josh Poimboeuf
Date: Tue Jun 06 2023 - 00:00:02 EST

Next message: Stephen Rothwell: "linux-next: build warning after merge of the block tree"
Previous message: Yu Kuai: "Re: [PATCH -next v2] block: fix blktrace debugfs entries leak"
In reply to: Andrew Cooper: "Re: [PATCH] KVM: VMX: remove LFENCE in vmx_spec_ctrl_restore_host()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 06, 2023 at 01:20:52AM +0100, Andrew Cooper wrote:

<clip very useful summary which belongs in git somewhere>

> But, the safety of vmx_spec_ctrl_restore_host() in the first place
> depends on the early return never ever becoming a conditional,

Good point. And that would be easier to overlook in C.

> and the compiler never emitting a call to memcpy()/memset()/whatever
> behind your back - something which is not prohibited by noinstr.

Au contraire, objtool has checking for that:

if (state->noinstr && state->instr <= 0 &&
!noinstr_call_dest(file, insn, insn_call_dest(insn))) {
WARN_INSN(insn, "call to %s() leaves .noinstr.text section", call_dest_name(insn));
return 1;
}

Regardless, despite being the person who wrote this thing in C to begin
with, I believe asm really is a better fit due to the delicate and
precise nature of the mitigations.

--
Josh

Next message: Stephen Rothwell: "linux-next: build warning after merge of the block tree"
Previous message: Yu Kuai: "Re: [PATCH -next v2] block: fix blktrace debugfs entries leak"
In reply to: Andrew Cooper: "Re: [PATCH] KVM: VMX: remove LFENCE in vmx_spec_ctrl_restore_host()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]