| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180104023232.0460184b@alans-desktop>
Date: Thu, 4 Jan 2018 02:32:32 +0000
From: Alan Cox <gnomes@...rguk.ukuu.org.uk>
To: Brian Gerst <brgerst@...il.com>
Cc: Andi Kleen <andi@...stfloor.org>,
Thomas Gleixner <tglx@...utronix.de>,
Linus Torvalds <torvalds@...ux-foundation.org>,
gregkh@...ux-foundation.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>
Subject: Re: [PATCH v2 01/12] x86/retpoline: Define retpoline indirect thunk
and macros
> > +ENTRY(__x86.indirect_thunk)
> > + CFI_STARTPROC
> > + call retpoline_call_target
> > +2:
> > + lfence /* stop speculation */
> > + jmp 2b
> > +retpoline_call_target:
> > +#ifdef CONFIG_64BIT
> > + lea 8(%rsp), %rsp
> > +#else
> > + lea 4(%esp), %esp
> > +#endif
> > + ret
> > + CFI_ENDPROC
> > +ENDPROC(__x86.indirect_thunk)
> > +
> > + EXPORT_SYMBOL(__x86.indirect_thunk)
> > --
> > 2.14.3
> >
>
> Can someone actually explain WTF this mess is trying to accomplish?
Think of it as an 'indirect call that doesn't speculate' instruction.
There isn't one in the processor but this specific sequence happens to
make the micro-architecture do just that as efficiently as possible.
What it's actually doing on the non-speculated path (ie the reachable
code) is to call, put the address we want to hit over the existing return
address and then return, to the address we want to indirectly go to.
It's faster than doing a far branch or flushing branch predictors and the
like.
Alan
Powered by blists - more mailing lists