lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <tip-2eb9137c8744f9adf1670e9aa52850948a30112b@git.kernel.org>
Date:   Sat, 13 Jan 2018 02:33:51 -0800
From:   tip-bot for Tom Lendacky <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     gregkh@...ux-foundation.org, bp@...en8.de, luto@...nel.org,
        jikos@...nel.org, tim.c.chen@...ux.intel.com, peterz@...radead.org,
        linux-kernel@...r.kernel.org, thomas.lendacky@....com,
        torvalds@...ux-foundation.org, keescook@...gle.com,
        jpoimboe@...hat.com, tglx@...utronix.de, dwmw@...zon.co.uk,
        mingo@...nel.org, pjt@...gle.com, hpa@...or.com, riel@...hat.com,
        dave.hansen@...el.com, dan.j.williams@...el.com
Subject: [tip:x86/pti] x86/retpoline: Use LFENCE instead of PAUSE in the
 retpoline/RSB filling RSB macros

Commit-ID:  2eb9137c8744f9adf1670e9aa52850948a30112b
Gitweb:     https://git.kernel.org/tip/2eb9137c8744f9adf1670e9aa52850948a30112b
Author:     Tom Lendacky <thomas.lendacky@....com>
AuthorDate: Fri, 12 Jan 2018 19:07:28 -0600
Committer:  Ingo Molnar <mingo@...nel.org>
CommitDate: Sat, 13 Jan 2018 11:28:50 +0100

x86/retpoline: Use LFENCE instead of PAUSE in the retpoline/RSB filling RSB macros

The PAUSE instruction is currently used in the retpoline and RSB filling
macros as a speculation trap.  The use of PAUSE was originally suggested
because it showed a very, very small difference in the amount of
cycles/time used to execute the retpoline as compared to LFENCE.

On AMD, the PAUSE instruction is not a serializing instruction, so the
PAUSE/JMP loop will use excess power as it is speculated over waiting
for return to mispredict to the correct target.

The RSB filling macro is applicable to AMD, and, if software is unable to
verify that LFENCE is serializing on AMD (possible when running under a
hypervisor), the generic retpoline support will be used and, so, is also
applicable to AMD.  Change the use of PAUSE to LFENCE.

Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Dan Williams <dan.j.williams@...el.com>
Cc: Dave Hansen <dave.hansen@...el.com>
Cc: David Woodhouse <dwmw@...zon.co.uk>
Cc: Greg Kroah-Hartman <gregkh@...ux-foundation.org>
Cc: Jiri Kosina <jikos@...nel.org>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Kees Cook <keescook@...gle.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Paul Turner <pjt@...gle.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Rik van Riel <riel@...hat.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Tim Chen <tim.c.chen@...ux.intel.com>
Link: http://lkml.kernel.org/r/20180113010728.27928.8537.stgit@tlendack-t1.amdoffice.net
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
 arch/x86/include/asm/nospec-branch.h | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 402a11c..2c4a09a 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -11,7 +11,7 @@
  * Fill the CPU return stack buffer.
  *
  * Each entry in the RSB, if used for a speculative 'ret', contains an
- * infinite 'pause; jmp' loop to capture speculative execution.
+ * infinite 'lfence; jmp' loop to capture speculative execution.
  *
  * This is required in various cases for retpoline and IBRS-based
  * mitigations for the Spectre variant 2 vulnerability. Sometimes to
@@ -37,12 +37,12 @@
 771:						\
 	call	772f;				\
 773:	/* speculation trap */			\
-	pause;					\
+	lfence;					\
 	jmp	773b;				\
 772:						\
 	call	774f;				\
 775:	/* speculation trap */			\
-	pause;					\
+	lfence;					\
 	jmp	775b;				\
 774:						\
 	dec	reg;				\
@@ -72,7 +72,7 @@
 .macro RETPOLINE_JMP reg:req
 	call	.Ldo_rop_\@
 .Lspec_trap_\@:
-	pause
+	lfence
 	jmp	.Lspec_trap_\@
 .Ldo_rop_\@:
 	mov	\reg, (%_ASM_SP)
@@ -164,7 +164,7 @@
 	"       jmp    904f;\n"					\
 	"       .align 16\n"					\
 	"901:	call   903f;\n"					\
-	"902:	pause;\n"					\
+	"902:	lfence;\n"					\
 	"       jmp    902b;\n"					\
 	"       .align 16\n"					\
 	"903:	addl   $4, %%esp;\n"				\

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ