From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Cfxk=QM=vger.kernel.org=netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,
	USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 921F8C282CB
	for <netdev@archiver.kernel.org>; Tue,  5 Feb 2019 22:54:14 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 669942175B
	for <netdev@archiver.kernel.org>; Tue,  5 Feb 2019 22:54:14 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730359AbfBEWyN (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Tue, 5 Feb 2019 17:54:13 -0500
Received: from mga12.intel.com ([192.55.52.136]:13884 "EHLO mga12.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730187AbfBEWyM (ORCPT <rfc822;netdev@vger.kernel.org>);
        Tue, 5 Feb 2019 17:54:12 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Feb 2019 14:54:11 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,337,1544515200"; 
   d="scan'208";a="140983149"
Received: from linksys13920.jf.intel.com (HELO rpedgeco-DESK5.jf.intel.com) ([10.54.75.11])
  by fmsmga002.fm.intel.com with ESMTP; 05 Feb 2019 14:54:11 -0800
From:   Rick Edgecombe <rick.p.edgecombe@intel.com>
To:     daniel@iogearbox.net, ast@fb.com
Cc:     netdev@vger.kernel.org, ard.biesheuvel@linaro.org,
        dave.hansen@intel.com, kristen@linux.intel.com,
        Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: [RFC PATCH 1/4] bpf, x64: Implement BPF call retpoline
Date:   Tue,  5 Feb 2019 14:51:00 -0800
Message-Id: <20190205225103.28296-2-rick.p.edgecombe@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190205225103.28296-1-rick.p.edgecombe@intel.com>
References: <20190205225103.28296-1-rick.p.edgecombe@intel.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Add x86 call retpoline sequence from the "Intel Retpoline: A Branch Target
Injection Mitigation White Paper" for BPF JIT compiler. Unlike the paper
it uses RBX instead of RAX since RAX is part of the BPF calling
convetions.

Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Alexei Starovoitov <ast@fb.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
---
 arch/x86/include/asm/nospec-branch.h | 45 ++++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index dad12b767ba0..70b3f6534134 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -320,6 +320,8 @@ DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
 
 #endif /* __ASSEMBLY__ */
 
+#ifdef CONFIG_RETPOLINE
+# ifdef CONFIG_X86_64
 /*
  * Below is used in the eBPF JIT compiler and emits the byte sequence
  * for the following assembly:
@@ -341,8 +343,6 @@ DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
  *    jmp *%rax for x86_64
  *    jmp *%edx for x86_32
  */
-#ifdef CONFIG_RETPOLINE
-# ifdef CONFIG_X86_64
 #  define RETPOLINE_RAX_BPF_JIT_SIZE	17
 #  define RETPOLINE_RAX_BPF_JIT()				\
 do {								\
@@ -355,6 +355,44 @@ do {								\
 	EMIT4(0x48, 0x89, 0x04, 0x24); /* mov %rax,(%rsp) */	\
 	EMIT1(0xC3);             /* retq */			\
 } while (0)
+
+/* Modified from "Intel Retpoline: A Branch Target Injection Mitigation White
+ * Paper" to use RBX register in order to not intefere with BPF calling
+ * conventions:
+ *
+ *   jmp label2
+ *
+ * label0:
+ *   call label1
+ *
+ * capture_ret_spec:
+ *   pause
+ *   lfence
+ *   jmp capture_ret_spec
+ *
+ * label1:
+ *   mov %rbx,(%rsp)
+ *   ret
+ *
+ * label2:
+ *   call label0
+ */
+#  define RETPOLINE_RBX_BPF_JIT_CALL_SIZE	24
+#  define RETPOLINE_RBX_BPF_JIT_CALL()				\
+do {								\
+	EMIT2(0xEB, 0x11);	 /* jump label2 */		\
+	/* label2: */						\
+	EMIT1_off32(0xE8, 7);	 /* call label1 */		\
+	/* capture_ret_spec: */					\
+	EMIT2(0xF3, 0x90);	 /* pause */			\
+	EMIT3(0x0F, 0xAE, 0xE8); /* lfence */			\
+	EMIT2(0xEB, 0xF9);	 /* jmp capture_ret_spec */	\
+	/* label1: */						\
+	EMIT4(0x48, 0x89, 0x1c, 0x24); /* mov %rbx,(%rsp) */	\
+	EMIT1(0xC3);		 /* ret */			\
+	/* label2: */						\
+	EMIT1_off32(0xE8, -22);	 /* call label0 */		\
+} while (0)
 # else /* !CONFIG_X86_64 */
 #  define RETPOLINE_EDX_BPF_JIT()				\
 do {								\
@@ -373,6 +411,9 @@ do {								\
 #  define RETPOLINE_RAX_BPF_JIT_SIZE	2
 #  define RETPOLINE_RAX_BPF_JIT()				\
 	EMIT2(0xFF, 0xE0);       /* jmp *%rax */
+#  define RETPOLINE_RBX_BPF_JIT_CALL_SIZE	2
+#  define RETPOLINE_RBX_BPF_JIT_CALL()				\
+	EMIT2(0xff, 0xD3)        /* call *%rbx */
 # else /* !CONFIG_X86_64 */
 #  define RETPOLINE_EDX_BPF_JIT()				\
 	EMIT2(0xFF, 0xE2)        /* jmp *%edx */
-- 
2.17.1