From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, "Borislav Petkov (AMD)" <bp@alien8.de>
Subject: [PATCH 6.1 08/15] x86/srso: Explain the untraining sequences a bit more
Date: Thu, 24 Aug 2023 16:15:04 +0200 [thread overview]
Message-ID: <20230824141447.570167607@linuxfoundation.org> (raw)
In-Reply-To: <20230824141447.155846739@linuxfoundation.org>
From: Borislav Petkov (AMD) <bp@alien8.de>
commit 9dbd23e42ff0b10c9b02c9e649c76e5228241a8e upstream.
The goal is to eventually have a proper documentation about all this.
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230814164447.GFZNpZ/64H4lENIe94@fat_crate.local
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/lib/retpoline.S | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -130,6 +130,25 @@ SYM_CODE_START(srso_alias_return_thunk)
SYM_CODE_END(srso_alias_return_thunk)
/*
+ * Some generic notes on the untraining sequences:
+ *
+ * They are interchangeable when it comes to flushing potentially wrong
+ * RET predictions from the BTB.
+ *
+ * The SRSO Zen1/2 (MOVABS) untraining sequence is longer than the
+ * Retbleed sequence because the return sequence done there
+ * (srso_safe_ret()) is longer and the return sequence must fully nest
+ * (end before) the untraining sequence. Therefore, the untraining
+ * sequence must fully overlap the return sequence.
+ *
+ * Regarding alignment - the instructions which need to be untrained,
+ * must all start at a cacheline boundary for Zen1/2 generations. That
+ * is, instruction sequences starting at srso_safe_ret() and
+ * the respective instruction sequences at retbleed_return_thunk()
+ * must start at a cacheline boundary.
+ */
+
+/*
* Safety details here pertain to the AMD Zen{1,2} microarchitecture:
* 1) The RET at retbleed_return_thunk must be on a 64 byte boundary, for
* alignment within the BTB.
next prev parent reply other threads:[~2023-08-24 14:16 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-24 14:14 [PATCH 6.1 00/15] 6.1.48-rc1 review Greg Kroah-Hartman
2023-08-24 14:14 ` [PATCH 6.1 01/15] x86/cpu: Fix __x86_return_thunk symbol type Greg Kroah-Hartman
2023-08-24 14:14 ` [PATCH 6.1 02/15] x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() Greg Kroah-Hartman
2023-08-24 14:14 ` [PATCH 6.1 03/15] x86/alternative: Make custom return thunk unconditional Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 04/15] x86/cpu: Clean up SRSO return thunk mess Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 05/15] x86/cpu: Rename original retbleed methods Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 06/15] x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 07/15] x86/cpu: Cleanup the untrain mess Greg Kroah-Hartman
2023-08-24 14:15 ` Greg Kroah-Hartman [this message]
2023-08-24 14:15 ` [PATCH 6.1 09/15] x86/static_call: Fix __static_call_fixup() Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 10/15] x86/retpoline: Dont clobber RFLAGS during srso_safe_ret() Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 11/15] x86/CPU/AMD: Fix the DIV(0) initial fix attempt Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 12/15] x86/srso: Disable the mitigation on unaffected configurations Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 13/15] x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 14/15] objtool/x86: Fixup frame-pointer vs rethunk Greg Kroah-Hartman
2023-08-24 14:15 ` [PATCH 6.1 15/15] x86/srso: Correct the mitigation status when SMT is disabled Greg Kroah-Hartman
2023-08-24 21:31 ` [PATCH 6.1 00/15] 6.1.48-rc1 review Florian Fainelli
2023-08-25 3:05 ` Florian Fainelli
2023-08-25 1:30 ` SeongJae Park
2023-08-25 2:40 ` Joel Fernandes
2023-08-25 7:05 ` Naresh Kamboju
2023-08-25 7:05 ` [LTP] " Naresh Kamboju
2023-08-25 7:15 ` Harshit Mogalapalli
2023-08-25 7:15 ` [LTP] " Harshit Mogalapalli
2023-08-25 7:45 ` Christian Brauner
2023-08-25 7:45 ` [LTP] " Christian Brauner
2023-08-25 8:10 ` Greg Kroah-Hartman
2023-08-25 8:10 ` [LTP] " Greg Kroah-Hartman
2023-08-25 8:48 ` Naresh Kamboju
2023-08-25 8:48 ` [LTP] " Naresh Kamboju
2023-08-25 16:29 ` Harshit Mogalapalli
2023-08-25 16:29 ` [LTP] " Harshit Mogalapalli
2023-08-25 9:33 ` Naresh Kamboju
2023-08-25 9:33 ` [LTP] " Naresh Kamboju
2023-08-25 9:26 ` Sudip Mukherjee (Codethink)
2023-08-26 8:45 ` Salvatore Bonaccorso
2023-08-25 9:40 ` Naresh Kamboju
2023-08-25 10:15 ` Jon Hunter
2023-08-25 12:16 ` Conor Dooley
2023-08-25 12:33 ` Takeshi Ogasawara
2023-08-25 15:40 ` Guenter Roeck
2023-08-25 18:12 ` Shuah Khan
2023-08-26 1:23 ` Bagas Sanjaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230824141447.570167607@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@alien8.de \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.