From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752748AbcAVKcy (ORCPT ); Fri, 22 Jan 2016 05:32:54 -0500 Received: from mx2.suse.de ([195.135.220.15]:60567 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752248AbcAVKcs (ORCPT ); Fri, 22 Jan 2016 05:32:48 -0500 Date: Fri, 22 Jan 2016 11:32:17 +0100 From: Borislav Petkov To: "H. Peter Anvin" Cc: Andy Lutomirski , Brian Gerst , the arch/x86 maintainers , Linux Kernel Mailing List , Ingo Molnar , Denys Vlasenko , Linus Torvalds Subject: Re: [PATCH] x86: static_cpu_has_safe: discard dynamic check after init Message-ID: <20160122103217.GA9306@pd.tnic> References: <3D4E057B-AB03-4C12-B59D-774E8954C742@zytor.com> <20160118232547.GK12651@pd.tnic> <20160119135714.GD15071@pd.tnic> <569F072B.1020504@zytor.com> <20160120103345.GA23350@pd.tnic> <108BC768-CF19-4F71-BF6D-70FF2252ADB8@zytor.com> <20160121221442.GB300@pd.tnic> <20160121225641.GC300@pd.tnic> <56A16BAC.2030405@zytor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <56A16BAC.2030405@zytor.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 21, 2016 at 03:37:16PM -0800, H. Peter Anvin wrote: > Maybe a label attribute would help, I don't know. Here's another version which works, not really better though: Change is this: --- + asm_volatile_goto(ALTERNATIVE("", "jmp %l[t_fixup_ss]", + X86_BUG_SYSRET_SS_ATTRS) + : : : : t_fixup_ss); + + return prev_p; + +t_fixup_ss: + savesegment(ss, ss_sel); + if (ss_sel != __KERNEL_DS) + loadsegment(ss, __KERNEL_DS); return prev_p; --- with two "return prev_p" with the hope that gcc won't generate a second JMP back to the frame restore and ret code. But, nah, it does. vmlinux: ffffffff8100472a: 90 nop ffffffff8100472b: 90 nop ffffffff8100472c: 90 nop ffffffff8100472d: 90 nop ffffffff8100472e: 90 nop ffffffff8100472f: 48 83 c4 18 add $0x18,%rsp ffffffff81004733: 4c 89 e0 mov %r12,%rax ffffffff81004736: 5b pop %rbx ffffffff81004737: 41 5c pop %r12 ffffffff81004739: 41 5d pop %r13 ffffffff8100473b: 41 5e pop %r14 ffffffff8100473d: 41 5f pop %r15 ffffffff8100473f: 5d pop %rbp ffffffff81004740: c3 retq after patching on an X86_BUG_SYSRET_SS_ATTRS CPU: [ 0.264007] apply_alternatives: feat: 16*32+8, old: (ffffffff8100472a, len: 5), repl: (ffffffff81de4e05, len: 5), pad: 5 [ 0.268005] ffffffff8100472a: old_insn: 90 90 90 90 90 [ 0.273510] ffffffff81de4e05: rpl_insn: e9 68 f9 21 ff [ 0.277496] recompute_jump: target RIP: ffffffff81004772, new_displ: 0x48 [ 0.280005] recompute_jump: final displ: 0x00000046, JMP 0xffffffff81004772 [ 0.283159] ffffffff8100472a: final_insn: eb 46 0f 1f 00 ffffffff8100472a: eb 46 0f 1f 00 jmp ffffffff81004772 ffffffff8100472f: 48 83 c4 18 add $0x18,%rsp ffffffff81004733: 4c 89 e0 mov %r12,%rax ffffffff81004736: 5b pop %rbx ffffffff81004737: 41 5c pop %r12 ffffffff81004739: 41 5d pop %r13 ffffffff8100473b: 41 5e pop %r14 ffffffff8100473d: 41 5f pop %r15 ffffffff8100473f: 5d pop %rbp ffffffff81004740: c3 retq so a two-byte JMP jumping to: ffffffff81004772: 66 8c d0 mov %ss,%ax ffffffff81004775: 66 83 f8 18 cmp $0x18,%ax ffffffff81004779: 74 b4 je ffffffff8100472f <__switch_to+0x2df> ffffffff8100477b: b8 18 00 00 00 mov $0x18,%eax ffffffff81004780: 8e d0 mov %eax,%ss ffffffff81004782: eb ab jmp ffffffff8100472f <__switch_to+0x2df> which does the fixup and jumps back to ...472f which restores the frame and returns. I wish I could be able to tell gcc to not jump back but add the function return here too as we don't care about code size in that case. And it's not like it is really better on !X86_BUG_SYSRET_SS_ATTRS CPUs - there we have the 5-byte padding NOP being converted to 5-byte one: [ 0.293164] ffffffff8100472a: [0:5) optimized NOPs: 0f 1f 44 00 00 I need to talk to my gcc guy... :) -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --