From nobody Tue May 7 08:46:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1593604793; cv=none; d=zohomail.com; s=zohoarc; b=mXxEk7AQ6GPXYkg16VVMW5JFvTvxsgCUvUY8YX4ncO/sIhuN17O3ZbQodzOSN2J+ItwcVYoEonZ1WtzradEkugXIFR7lu+FOSaWtAb+te3I/B1xBEPgRDhMoTl3HnMd9FcFi17MT6X/61L8gyC5LDixqm4udaRBYGlhrggufdbI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593604793; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=0GzRibzzSrOLLNRtudXq/vkiajAaDk9IREYgXuGVGz0=; b=XrCJ05EqJMKnL2qpzxF+4Atfo91MC/LAxIPo91vy6hzrydbbGXN/Nh0bIo6NUy/7x4Z+1/KpqVfRPqkGvTH3qnIAB7bLDQxKbeuYpFifeZ5UwG8H1NAqCjKSKzvoeiTJCdGX1U653bHvRMUggIATao5c+wLnMrzVF1qBGdgvYRc= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1593604793348142.23706419467783; Wed, 1 Jul 2020 04:59:53 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jqbOK-00038T-Qb; Wed, 01 Jul 2020 11:59:04 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jqbOJ-00038O-S6 for xen-devel@lists.xenproject.org; Wed, 01 Jul 2020 11:59:03 +0000 Received: from esa3.hc3370-68.iphmx.com (unknown [216.71.145.155]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 40edcd88-bb92-11ea-86f7-12813bfff9fa; Wed, 01 Jul 2020 11:59:02 +0000 (UTC) X-Inumbo-ID: 40edcd88-bb92-11ea-86f7-12813bfff9fa Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: weTeaknDV0sEqpvRdxIpQaRfhHXiDbIXWdTcnTH88GBzTgyz3JX8JaXUOk17WdXMqXxpz5NspV /pZWJz1PsVF1K3GJVKdZajwIQ0EWZ0hv29TC0n7QTrGIHrJaM2FAlT2/fDbxBUkGQmSw3WFDpL J7ptZ1N6CfavGbWnd2LjEYelswXS1D+UieFeqzKhwMDuoVQvzGzLM6OTYUgLo3yWGOZo+2a+bw trDDD055jEneNdtP0jDlA0p0zScAeWbA+ulnAvnUDvSF2ECOmlviBXIRlK2bEZkdOSIlv9qwhe thI= X-SBRS: 2.7 X-MesageID: 21379321 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.75,300,1589256000"; d="scan'208";a="21379321" From: Andrew Cooper To: Xen-devel Subject: [PATCH for-4.14] x86/spec-ctrl: Protect against CALL/JMP straight-line speculation Date: Wed, 1 Jul 2020 12:58:42 +0100 Message-ID: <20200701115842.18583-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Paul Durrant , Wei Liu , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Some x86 CPUs speculatively execute beyond indirect CALL/JMP instructions. With CONFIG_INDIRECT_THUNK / Retpolines, indirect CALL/JMP instructions are converted to direct CALL/JMP's to __x86_indirect_thunk_REG(), leaving just a handful of indirect JMPs implementing those stubs. There is no architectrual execution beyond an indirect JMP, so use INT3 as recommended by vendors to halt speculative execution. This is shorter than LFENCE (which would also work fine), but also shows up in logs if we do unexpected execute them. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monn=C3=A9 CC: Paul Durrant This wants backporting to all release, possibly even into the security tree= s, and should therefore be considered for 4.14 at this point. --- xen/arch/x86/indirect-thunk.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/indirect-thunk.S b/xen/arch/x86/indirect-thunk.S index 3c17f75c23..7392aee127 100644 --- a/xen/arch/x86/indirect-thunk.S +++ b/xen/arch/x86/indirect-thunk.S @@ -24,10 +24,12 @@ .macro IND_THUNK_LFENCE reg:req lfence jmp *%\reg + int3 /* Halt straight-line speculation */ .endm =20 .macro IND_THUNK_JMP reg:req jmp *%\reg + int3 /* Halt straight-line speculation */ .endm =20 /* --=20 2.11.0