Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 08:07:29PM +0100, Borislav Petkov wrote: > static inline void vmexit_fill_RSB(void) > { > #ifdef CONFIG_RETPOLINE > alternative_input("", "call __fill_rsb_clobber_ax", > X86_FEATURE_RETPOLINE, ASM_NO_INPUT_CLOBBER("memory")); Whoops, forgot the clobbers:

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 08:07:29PM +0100, Borislav Petkov wrote: > static inline void vmexit_fill_RSB(void) > { > #ifdef CONFIG_RETPOLINE > alternative_input("", "call __fill_rsb_clobber_ax", > X86_FEATURE_RETPOLINE, ASM_NO_INPUT_CLOBBER("memory")); Whoops, forgot the clobbers:

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 06:04:23PM +, David Woodhouse wrote: > Yep, I'll buy that. But first we need Josh to work out what he's having > for lunch. > > Although just another marker to tell objtool "ignore this whole > function" might be sufficient to allow us to have an out-of-line RSB- >

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 06:04:23PM +, David Woodhouse wrote: > Yep, I'll buy that. But first we need Josh to work out what he's having > for lunch. > > Although just another marker to tell objtool "ignore this whole > function" might be sufficient to allow us to have an out-of-line RSB- >

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 25 Jan 2018, Andy Lutomirski wrote: > Distros that use retpolines need their driver vendors to recompile no > matter what. Absolutely. Tainting a kernel, issuing a warning, or even voluntarily deciding to not load modules loaded without retpolines, that all sounds like reasonable

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 25 Jan 2018, Andy Lutomirski wrote: > Distros that use retpolines need their driver vendors to recompile no > matter what. Absolutely. Tainting a kernel, issuing a warning, or even voluntarily deciding to not load modules loaded without retpolines, that all sounds like reasonable

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 06:04:23PM +, David Woodhouse wrote: > On Thu, 2018-01-25 at 18:53 +0100, Borislav Petkov wrote: > > > > So forget the KABI angle and think: simpler, cleaner, more readable > > macros. > > > > Oh, and David, if while doing so I manage to add the alignment, then > >

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 06:04:23PM +, David Woodhouse wrote: > On Thu, 2018-01-25 at 18:53 +0100, Borislav Petkov wrote: > > > > So forget the KABI angle and think: simpler, cleaner, more readable > > macros. > > > > Oh, and David, if while doing so I manage to add the alignment, then > >

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-25 at 18:53 +0100, Borislav Petkov wrote: > > So forget the KABI angle and think: simpler, cleaner, more readable > macros. > > Oh, and David, if while doing so I manage to add the alignment, then > *that* is even better. > > Win-win-effing-win situation! Yep, I'll buy that.

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-25 at 18:53 +0100, Borislav Petkov wrote: > > So forget the KABI angle and think: simpler, cleaner, more readable > macros. > > Oh, and David, if while doing so I manage to add the alignment, then > *that* is even better. > > Win-win-effing-win situation! Yep, I'll buy that.

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 05:00:39PM +, David Woodhouse wrote: > And the whole problem here is that patching it in with alternatives is > painful on kernels < 4.1 because back then, we didn't cope with > oldinstr and altinstr being different lengths. > > And they don't want to fix *that*

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 05:00:39PM +, David Woodhouse wrote: > And the whole problem here is that patching it in with alternatives is > painful on kernels < 4.1 because back then, we didn't cope with > oldinstr and altinstr being different lengths. > > And they don't want to fix *that*

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 09:05:37AM -0800, Andy Lutomirski wrote: > On Thu, Jan 25, 2018 at 9:00 AM, David Woodhouse wrote: > > On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: > >> On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > >> > On Thu,

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 09:05:37AM -0800, Andy Lutomirski wrote: > On Thu, Jan 25, 2018 at 9:00 AM, David Woodhouse wrote: > > On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: > >> On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > >> > On Thu, 2018-01-25 at 16:51 +0100,

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 05:00:39PM +, David Woodhouse wrote: > On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: > > On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > > > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > > >  > > > > > And the seg fault is

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 05:00:39PM +, David Woodhouse wrote: > On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: > > On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > > > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > > >  > > > > > And the seg fault is

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 25 Jan 2018, David Woodhouse wrote: > On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: > > On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > > > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > > >  > > > > > And the seg fault is objtool's way of

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 25 Jan 2018, David Woodhouse wrote: > On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: > > On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > > > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > > >  > > > > > And the seg fault is objtool's way of

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 9:00 AM, David Woodhouse wrote: > On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: >> On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: >> > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: >> > > >> > > > And the seg

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 9:00 AM, David Woodhouse wrote: > On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: >> On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: >> > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: >> > > >> > > > And the seg fault is objtool's way

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: > On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > >  > > > > And the seg fault is objtool's way of telling you you need a > > > > ANNOTATE_NOSPEC_ALTERNATIVE

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote: > On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > >  > > > > And the seg fault is objtool's way of telling you you need a > > > > ANNOTATE_NOSPEC_ALTERNATIVE

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > > > > And the seg fault is objtool's way of telling you you need a > > > ANNOTATE_NOSPEC_ALTERNATIVE above the alternative ;-) > > > > Except that it blew up when I

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 04:03:18PM +, David Woodhouse wrote: > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > > > > And the seg fault is objtool's way of telling you you need a > > > ANNOTATE_NOSPEC_ALTERNATIVE above the alternative ;-) > > > > Except that it blew up when I

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > > And the seg fault is objtool's way of telling you you need a > > ANNOTATE_NOSPEC_ALTERNATIVE above the alternative ;-) > > Except that it blew up when I did this which doesn't have ALTERNATIVE > (it's the diff I saved :-)) Yeah,

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote: > > > And the seg fault is objtool's way of telling you you need a > > ANNOTATE_NOSPEC_ALTERNATIVE above the alternative ;-) > > Except that it blew up when I did this which doesn't have ALTERNATIVE > (it's the diff I saved :-)) Yeah,

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 09:10:24AM -0600, Josh Poimboeuf wrote: > Huh? GCC doesn't even look inside the inline asm. That's why we had to > implement ASM_CALL_CONSTRAINT. That wasn't very correct. What I meant was: *we* need to tell gcc that the inline asm *might* clobber registers and which

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 09:10:24AM -0600, Josh Poimboeuf wrote: > Huh? GCC doesn't even look inside the inline asm. That's why we had to > implement ASM_CALL_CONSTRAINT. That wasn't very correct. What I meant was: *we* need to tell gcc that the inline asm *might* clobber registers and which

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 01:45:54PM +0100, Borislav Petkov wrote: > > > +/* Like alternative_io, but for replacing a direct call with another > > > one. */ > > > +#define alternative_void_call(oldfunc, newfunc, feature, input...) > > > \ > > > + asm volatile (ALTERNATIVE("call

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 01:45:54PM +0100, Borislav Petkov wrote: > > > +/* Like alternative_io, but for replacing a direct call with another > > > one. */ > > > +#define alternative_void_call(oldfunc, newfunc, feature, input...) > > > \ > > > + asm volatile (ALTERNATIVE("call

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 12:20:49PM +, David Woodhouse wrote: > I haven't had lunch yet, so I don't feel queasy Oh, I caught you on time then :-) > and I'm vaguely interested... *why* does it break kABI? Kernels < 4.1 don't have the insn padding I did back then so when one tries to backport

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 12:20:49PM +, David Woodhouse wrote: > I haven't had lunch yet, so I don't feel queasy Oh, I caught you on time then :-) > and I'm vaguely interested... *why* does it break kABI? Kernels < 4.1 don't have the insn padding I did back then so when one tries to backport

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-25 at 13:07 +0100, Borislav Petkov wrote: > On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > > > > +/* > > + * On VMEXIT we must ensure that no RSB predictions learned in the guest > > + * can be followed in the host, by overwriting the RSB

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-25 at 13:07 +0100, Borislav Petkov wrote: > On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > > > > +/* > > + * On VMEXIT we must ensure that no RSB predictions learned in the guest > > + * can be followed in the host, by overwriting the RSB

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > +/* > + * On VMEXIT we must ensure that no RSB predictions learned in the guest > + * can be followed in the host, by overwriting the RSB completely. Both > + * retpoline and IBRS mitigations for Spectre v2 need this;

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > +/* > + * On VMEXIT we must ensure that no RSB predictions learned in the guest > + * can be followed in the host, by overwriting the RSB completely. Both > + * retpoline and IBRS mitigations for Spectre v2 need this;

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b > Gitweb: > https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b > Author: David Woodhouse > AuthorDate: Fri, 12 Jan 2018

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b > Gitweb: > https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b > Author: David Woodhouse > AuthorDate: Fri, 12 Jan 2018 11:11:27 + >

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Sun, 14 Jan 2018, Borislav Petkov wrote: > On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > > Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b > > Gitweb: > > https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b > > Author: David

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Sun, 14 Jan 2018, Borislav Petkov wrote: > On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > > Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b > > Gitweb: > > https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b > > Author: David

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b > Gitweb: > https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b > Author: David Woodhouse > AuthorDate: Fri, 12 Jan 2018

Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Fri, Jan 12, 2018 at 03:37:49AM -0800, tip-bot for David Woodhouse wrote: > Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b > Gitweb: > https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b > Author: David Woodhouse > AuthorDate: Fri, 12 Jan 2018 11:11:27 + >

[tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b Gitweb: https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b Author: David Woodhouse AuthorDate: Fri, 12 Jan 2018 11:11:27 + Committer: Thomas Gleixner CommitDate: Fri, 12 Jan

[tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

Commit-ID: 117cc7a908c83697b0b737d15ae1eb5943afe35b Gitweb: https://git.kernel.org/tip/117cc7a908c83697b0b737d15ae1eb5943afe35b Author: David Woodhouse AuthorDate: Fri, 12 Jan 2018 11:11:27 + Committer: Thomas Gleixner CommitDate: Fri, 12 Jan 2018 12:33:37 +0100 x86/retpoline:

[tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

Commit-ID: 85ec967c1dc04bde16d783ea04428bef3c00a171 Gitweb: https://git.kernel.org/tip/85ec967c1dc04bde16d783ea04428bef3c00a171 Author: David Woodhouse AuthorDate: Thu, 11 Jan 2018 21:46:34 + Committer: Thomas Gleixner CommitDate: Fri, 12 Jan

[tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

Commit-ID: 85ec967c1dc04bde16d783ea04428bef3c00a171 Gitweb: https://git.kernel.org/tip/85ec967c1dc04bde16d783ea04428bef3c00a171 Author: David Woodhouse AuthorDate: Thu, 11 Jan 2018 21:46:34 + Committer: Thomas Gleixner CommitDate: Fri, 12 Jan 2018 00:14:32 +0100 x86/retpoline: