From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf0-f169.google.com ([209.85.192.169]:35472 "EHLO mail-pf0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751810AbeBVDEF (ORCPT ); Wed, 21 Feb 2018 22:04:05 -0500 Received: by mail-pf0-f169.google.com with SMTP id y186so864579pfb.2 for ; Wed, 21 Feb 2018 19:04:05 -0800 (PST) Message-ID: <1519268642.55655.46.camel@gmail.com> Subject: Re: [PATCH bpf] bpf, x64: implement retpoline for tail call From: Eric Dumazet To: Daniel Borkmann , ast@kernel.org Cc: torvalds@linux-foundation.org, netdev@vger.kernel.org Date: Wed, 21 Feb 2018 19:04:02 -0800 In-Reply-To: <20180222000507.3374-1-daniel@iogearbox.net> References: <20180222000507.3374-1-daniel@iogearbox.net> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org List-ID: On Thu, 2018-02-22 at 01:05 +0100, Daniel Borkmann wrote: ... > +/* Instead of plain jmp %rax, we emit a retpoline to control > + * speculative execution for the indirect branch. > + */ > +static void emit_retpoline_rax_trampoline(u8 **pprog) > +{ > + u8 *prog = *pprog; > + int cnt = 0; > + > + EMIT1_off32(0xE8, 7); /* callq */ > + /* capture_spec: */ > + EMIT2(0xF3, 0x90); /* pause */ > + EMIT3(0x0F, 0xAE, 0xE8); /* lfence */ > + EMIT2(0xEB, 0xF9); /* jmp */ > + /* set_up_target: */ > + EMIT4(0x48, 0x89, 0x04, 0x24); /* mov %rax,(%rsp) */ > + EMIT1(0xC3); /* retq */ > + > + BUILD_BUG_ON(cnt != RETPOLINE_SIZE); > + *pprog = prog; You might define the actual code sequence (and length) in arch/x86/include/asm/nospec-branch.h If we need to adjust code sequences for RETPOLINE, then we wont forget/miss that arch/x86/net/bpf_jit_comp.c had it hard-coded. Thanks Daniel.