From: Peter Zijlstra <peterz@infradead.org>
To: Borislav Petkov <bp@alien8.de>
Cc: x86@kernel.org, jpoimboe@redhat.com, andrew.cooper3@citrix.com,
linux-kernel@vger.kernel.org, alexei.starovoitov@gmail.com,
ndesaulniers@google.com
Subject: Re: [PATCH 4/9] x86/alternative: Implement .retpoline_sites support
Date: Fri, 15 Oct 2021 18:56:35 +0200 [thread overview]
Message-ID: <20211015165635.GH174703@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <YWmPCF+g+sF4+ieh@zn.tnic>
On Fri, Oct 15, 2021 at 04:24:08PM +0200, Borislav Petkov wrote:
> On Wed, Oct 13, 2021 at 02:22:21PM +0200, Peter Zijlstra wrote:
> > +static int patch_retpoline(void *addr, struct insn *insn, u8 *bytes)
> > +{
> > + void (*target)(void);
> > + int reg, i = 0;
> > +
> > + if (cpu_feature_enabled(X86_FEATURE_RETPOLINE))
> > + return -1;
> > +
> > + target = addr + insn->length + insn->immediate.value;
> > + reg = (target - &__x86_indirect_thunk_rax) /
> > + (&__x86_indirect_thunk_rcx - &__x86_indirect_thunk_rax);
>
> I guess you should compute those values once so that it doesn't have to
> do them for each function invocation. And it does them here when I look
> at the asm it generates.
Takes away the simplicity of the thing. It can't know these values at
compile time (due to external symbols etc..) although I suppose LTO
might be able to fix that.
Other than that, the above is the trivial form of reverse indexing an
array.
> > +
> > + if (WARN_ON_ONCE(reg & ~0xf))
> > + return -1;
>
> Sanity-checking the alignment of those thunks?
Nah, the target address of the instruction; if that's not a retpoline
thunk (for whatever raisin) then the computation will not result in a
valid reg and we should bail.
> > +
> > + i = emit_indirect(insn->opcode.bytes[0], reg, bytes);
> > + if (i < 0)
> > + return i;
> > +
> > + for (; i < insn->length;)
> > + bytes[i++] = BYTES_NOP1;
>
> Why not:
>
> nop_len = insn->length - i;
> if (nop_len) {
> memcpy(&bytes[i], x86_nops[nop_len], nop_len);
> i += nop_len;
> }
>
> and then you save yourself the optimize_nops() call because it'll take
> the right-sized NOP directly.
That's not immediately safe; if for some reason or other the original
instrucion is 15 bytes long, and we generated 2 bytes, then we need 13
nop bytes, the above will then do an out-of-bound array access (due to
the nops array only doing 8 byte nops at max).
I wanted this code to be simple and obvious.
next prev parent reply other threads:[~2021-10-15 17:00 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 12:22 [PATCH 0/9] x86: Rewrite the retpoline rewrite logic Peter Zijlstra
2021-10-13 12:22 ` [PATCH 1/9] objtool,x86: Replace alternatives with .retpoline_sites Peter Zijlstra
2021-10-13 13:29 ` Borislav Petkov
2021-10-13 20:11 ` Josh Poimboeuf
2021-10-14 15:43 ` Peter Zijlstra
2021-10-13 12:22 ` [PATCH 2/9] x86/retpoline: Remove unused replacement symbols Peter Zijlstra
2021-10-13 12:22 ` [PATCH 3/9] x86/asm: Fix register order Peter Zijlstra
2021-10-13 20:15 ` Josh Poimboeuf
2021-10-13 12:22 ` [PATCH 4/9] x86/alternative: Implement .retpoline_sites support Peter Zijlstra
2021-10-13 14:38 ` Andrew Cooper
2021-10-13 15:12 ` Peter Zijlstra
2021-10-13 17:11 ` Andrew Cooper
2021-10-14 10:05 ` Peter Zijlstra
2021-10-13 20:39 ` Josh Poimboeuf
2021-10-13 21:20 ` Peter Zijlstra
2021-10-13 21:49 ` Josh Poimboeuf
2021-10-13 21:52 ` Josh Poimboeuf
2021-10-13 22:10 ` Peter Zijlstra
2021-10-13 22:47 ` Andrew Cooper
2021-10-13 20:52 ` Josh Poimboeuf
2021-10-13 21:00 ` Peter Zijlstra
2021-10-19 11:37 ` Peter Zijlstra
2021-10-19 16:46 ` Josh Poimboeuf
2021-10-19 16:49 ` Josh Poimboeuf
2021-10-20 8:25 ` Peter Zijlstra
2021-10-20 8:30 ` Peter Zijlstra
2021-10-13 21:11 ` Josh Poimboeuf
2021-10-13 21:43 ` Peter Zijlstra
2021-10-13 22:05 ` Josh Poimboeuf
2021-10-13 22:14 ` Peter Zijlstra
2021-10-15 14:24 ` Borislav Petkov
2021-10-15 16:56 ` Peter Zijlstra [this message]
2021-10-18 23:06 ` Alexander Lobakin
2021-10-19 0:25 ` Alexander Lobakin
2021-10-19 9:47 ` Alexander Lobakin
2021-10-19 10:16 ` Peter Zijlstra
2021-10-19 15:37 ` Sami Tolvanen
2021-10-19 18:00 ` Alexander Lobakin
2021-10-19 9:40 ` Peter Zijlstra
2021-10-19 10:02 ` Peter Zijlstra
2021-10-13 12:22 ` [PATCH 5/9] x86/alternative: Handle Jcc __x86_indirect_thunk_\reg Peter Zijlstra
2021-10-13 20:11 ` Nick Desaulniers
2021-10-13 21:08 ` Peter Zijlstra
2021-10-13 12:22 ` [PATCH 6/9] x86/alternative: Try inline spectre_v2=retpoline,amd Peter Zijlstra
2021-10-13 12:22 ` [PATCH 7/9] x86/alternative: Add debug prints to apply_retpolines() Peter Zijlstra
2021-10-13 12:22 ` [PATCH 8/9] x86,bugs: Unconditionally allow spectre_v2=retpoline,amd Peter Zijlstra
2021-10-13 12:22 ` [PATCH 9/9] bpf,x86: Respect X86_FEATURE_RETPOLINE* Peter Zijlstra
2021-10-13 21:06 ` Josh Poimboeuf
2021-10-13 21:54 ` Peter Zijlstra
2021-10-14 9:46 ` Peter Zijlstra
2021-10-14 9:48 ` Peter Zijlstra
2021-10-20 7:34 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211015165635.GH174703@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=alexei.starovoitov@gmail.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ndesaulniers@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.