Re: [PATCH v2 04/19] x86: implement ifence()
- Date: Thu, 11 Jan 2018 20:27:45 -0600
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
- Subject: Re: [PATCH v2 04/19] x86: implement ifence()
Dan Williams <dan.j.williams@xxxxxxxxx> writes:
> The new barrier, 'ifence', ensures that no instructions past the
> boundary are speculatively executed.
This needs a much better description.
If that description was valid we could add ifence in the syscall
entry path and not have any speculative execution to worry about in the
'ifence', ensures that no speculative execution that reaches the 'ifence'
boundary continues past the 'ifence' boundary.
> Previously the kernel only needed this fence in 'rdtsc_ordered', but it
> can also be used as a mitigation against Spectre variant1 attacks that
> speculative access memory past an array bounds check.
> 'ifence', via 'ifence_array_ptr', is an opt-in fallback to the default
> mitigation provided by '__array_ptr'. It is also proposed for blocking
> speculation in the 'get_user' path to bypass 'access_ok' checks. For
> now, just provide the common definition for later patches to build
This part of the description is probably unnecessary.
> Suggested-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Suggested-by: Alan Cox <alan.cox@xxxxxxxxx>
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: Mark Rutland <mark.rutland@xxxxxxx>
> Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: x86@xxxxxxxxxx
> Signed-off-by: Elena Reshetova <elena.reshetova@xxxxxxxxx>
> Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
> arch/x86/include/asm/barrier.h | 4 ++++
> arch/x86/include/asm/msr.h | 3 +--
> 2 files changed, 5 insertions(+), 2 deletions(-)
> diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h
> index 7fb336210e1b..b04f572d6d97 100644
> --- a/arch/x86/include/asm/barrier.h
> +++ b/arch/x86/include/asm/barrier.h
> @@ -24,6 +24,10 @@
> #define wmb() asm volatile("sfence" ::: "memory")
> +/* prevent speculative execution past this barrier */
> +#define ifence() alternative_2("", "mfence", X86_FEATURE_MFENCE_RDTSC, \
> + "lfence", X86_FEATURE_LFENCE_RDTSC)
> #ifdef CONFIG_X86_PPRO_FENCE
> #define dma_rmb() rmb()
> diff --git a/arch/x86/include/asm/msr.h b/arch/x86/include/asm/msr.h
> index 07962f5f6fba..e426d2a33ff3 100644
> --- a/arch/x86/include/asm/msr.h
> +++ b/arch/x86/include/asm/msr.h
> @@ -214,8 +214,7 @@ static __always_inline unsigned long long rdtsc_ordered(void)
> * that some other imaginary CPU is updating continuously with a
> * time stamp.
> - alternative_2("", "mfence", X86_FEATURE_MFENCE_RDTSC,
> - "lfence", X86_FEATURE_LFENCE_RDTSC);
> + ifence();
> return rdtsc();