xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>,
	andrew.cooper3@citrix.com, dfaggioli@suse.com, jbeulich@suse.com
Subject: [PATCH v3 08/17] x86: add support for spectre mitigation with local thunk
Date: Fri,  9 Feb 2018 15:01:42 +0100	[thread overview]
Message-ID: <20180209140151.24714-9-jgross@suse.com> (raw)
In-Reply-To: <20180209140151.24714-1-jgross@suse.com>

Right now an indirect jump might use a relative jump to a retpoline
thunk in order to mitigate the Spectre vulnerability.

In case the code using the indirect jump is remapped to another
virtual address this won't work any longer, so add support for
indirect jumps using a local thunk instead.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
V3:
- new patch
---
 xen/arch/x86/indirect-thunk.S            | 23 +----------------------
 xen/include/asm-x86/asm_defns.h          | 25 +++++++++++++++++++++++++
 xen/include/asm-x86/indirect_thunk_asm.h |  8 ++++++--
 3 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/xen/arch/x86/indirect-thunk.S b/xen/arch/x86/indirect-thunk.S
index e03fc14c73..b4d3e4cec4 100644
--- a/xen/arch/x86/indirect-thunk.S
+++ b/xen/arch/x86/indirect-thunk.S
@@ -11,25 +11,6 @@
 
 #include <asm/asm_defns.h>
 
-.macro IND_THUNK_RETPOLINE reg:req
-        call 2f
-1:
-        lfence
-        jmp 1b
-2:
-        mov %\reg, (%rsp)
-        ret
-.endm
-
-.macro IND_THUNK_LFENCE reg:req
-        lfence
-        jmp *%\reg
-.endm
-
-.macro IND_THUNK_JMP reg:req
-        jmp *%\reg
-.endm
-
 /*
  * Build the __x86_indirect_thunk_* symbols.  Execution lands on an
  * alternative patch point which implements one of the above THUNK_*'s
@@ -38,9 +19,7 @@
         .section .text.__x86_indirect_thunk_\reg, "ax", @progbits
 
 ENTRY(__x86_indirect_thunk_\reg)
-        ALTERNATIVE_2 __stringify(IND_THUNK_RETPOLINE \reg),              \
-        __stringify(IND_THUNK_LFENCE \reg), X86_FEATURE_IND_THUNK_LFENCE, \
-        __stringify(IND_THUNK_JMP \reg),    X86_FEATURE_IND_THUNK_JMP
+        GEN_INDIRECT_THUNK_BODY \reg
 .endm
 
 /* Instantiate GEN_INDIRECT_THUNK for each register except %rsp. */
diff --git a/xen/include/asm-x86/asm_defns.h b/xen/include/asm-x86/asm_defns.h
index 2a79e8a7f4..7d26391be8 100644
--- a/xen/include/asm-x86/asm_defns.h
+++ b/xen/include/asm-x86/asm_defns.h
@@ -334,6 +334,31 @@ static always_inline void stac(void)
         subq  $-(UREGS_error_code-UREGS_r15+\adj), %rsp
 .endm
 
+.macro IND_THUNK_RETPOLINE reg:req
+        call 2f
+1:
+        lfence
+        jmp 1b
+2:
+        mov %\reg, (%rsp)
+        ret
+.endm
+
+.macro IND_THUNK_LFENCE reg:req
+        lfence
+        jmp *%\reg
+.endm
+
+.macro IND_THUNK_JMP reg:req
+        jmp *%\reg
+.endm
+
+.macro GEN_INDIRECT_THUNK_BODY reg:req
+        ALTERNATIVE_2 __stringify(IND_THUNK_RETPOLINE \reg),              \
+        __stringify(IND_THUNK_LFENCE \reg), X86_FEATURE_IND_THUNK_LFENCE, \
+        __stringify(IND_THUNK_JMP \reg),    X86_FEATURE_IND_THUNK_JMP
+.endm
+
 #endif
 
 #ifdef CONFIG_PERF_COUNTERS
diff --git a/xen/include/asm-x86/indirect_thunk_asm.h b/xen/include/asm-x86/indirect_thunk_asm.h
index 96bcc25497..3abb32caee 100644
--- a/xen/include/asm-x86/indirect_thunk_asm.h
+++ b/xen/include/asm-x86/indirect_thunk_asm.h
@@ -3,7 +3,7 @@
  * usual #ifdef'ary to turn into comments.
  */
 
-.macro INDIRECT_BRANCH insn:req arg:req
+.macro INDIRECT_BRANCH insn:req arg:req label=__x86_indirect_thunk_r
 /*
  * Create an indirect branch.  insn is one of call/jmp, arg is a single
  * register.
@@ -16,7 +16,7 @@
         $done = 0
         .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15
         .ifeqs "\arg", "%r\reg"
-            \insn __x86_indirect_thunk_r\reg
+            \insn \label\reg
             $done = 1
            .exitm
         .endif
@@ -39,3 +39,7 @@
 .macro INDIRECT_JMP arg:req
     INDIRECT_BRANCH jmp \arg
 .endm
+
+.macro INDIRECT_LOCAL_JMP arg:req
+    INDIRECT_BRANCH jmp \arg local__x86_indirect_thunk_r
+.endm
-- 
2.13.6


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  parent reply	other threads:[~2018-02-09 14:06 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-09 14:01 [PATCH v3 00/17] Alternative Meltdown mitigation Juergen Gross
2018-02-09 14:01 ` [PATCH v3 01/17] x86: don't use hypervisor stack size for dumping guest stacks Juergen Gross
2018-02-09 14:01 ` [PATCH v3 02/17] x86: do a revert of e871e80c38547d9faefc6604532ba3e985e65873 Juergen Gross
2018-02-13 10:14   ` Jan Beulich
2018-02-09 14:01 ` [PATCH v3 03/17] x86: revert 5784de3e2067ed73efc2fe42e62831e8ae7f46c4 Juergen Gross
2018-02-09 14:01 ` [PATCH v3 04/17] x86: don't access saved user regs via rsp in trap handlers Juergen Gross
2018-02-09 14:01 ` [PATCH v3 05/17] x86: add a xpti command line parameter Juergen Gross
2018-02-09 14:01 ` [PATCH v3 06/17] x86: allow per-domain mappings without NX bit or with specific mfn Juergen Gross
2018-02-09 14:01 ` [PATCH v3 07/17] xen/x86: split _set_tssldt_desc() into ldt and tss specific functions Juergen Gross
2018-02-09 14:01 ` Juergen Gross [this message]
2018-02-09 14:01 ` [PATCH v3 09/17] x86: create syscall stub for per-domain mapping Juergen Gross
2018-02-09 14:01 ` [PATCH v3 10/17] x86: allocate per-vcpu stacks for interrupt entries Juergen Gross
2018-02-09 14:01 ` [PATCH v3 11/17] x86: modify interrupt handlers to support stack switching Juergen Gross
2018-02-09 14:01 ` [PATCH v3 12/17] x86: activate per-vcpu stacks in case of xpti Juergen Gross
2018-02-09 14:01 ` [PATCH v3 13/17] x86: allocate hypervisor L4 page table for XPTI Juergen Gross
2018-02-09 14:01 ` [PATCH v3 14/17] xen: add domain pointer to fill_ro_mpt() and zap_ro_mpt() functions Juergen Gross
2018-02-09 14:01 ` [PATCH v3 15/17] x86: fill XPTI shadow pages and keep them in sync with guest L4 Juergen Gross
2018-02-09 14:01 ` [PATCH v3 16/17] x86: do page table switching when entering/leaving hypervisor Juergen Gross
2018-02-09 14:01 ` [PATCH v3 17/17] x86: hide most hypervisor mappings in XPTI shadow page tables Juergen Gross
2018-02-12 17:54 ` [PATCH v3 00/17] Alternative Meltdown mitigation Dario Faggioli
2018-02-13 11:36   ` Juergen Gross
2018-02-13 14:16     ` Jan Beulich
     [not found]     ` <5A83014E02000078001A7619@suse.com>
2018-02-13 14:29       ` Juergen Gross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180209140151.24714-9-jgross@suse.com \
    --to=jgross@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=dfaggioli@suse.com \
    --cc=jbeulich@suse.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).