Hi,
There're several indirect calls in inline assembly in vesafb driver
(drivers/video/fbdev/vesafb.c), and these calls cannot be automatically
changed to retpolines. It's in vesafb_pan_display():
73 __asm__ __volatile__(
74 "call *(%%edi)"
and in vesa_setpalette():
113 __asm__ __volatile__(
114 "call *(%%esi)"
Is there need to use CALL_NOSPEC ?
Thanks, Alex
On Wed, 13 Mar 2019 17:54:18 +0300
Alexander Pateenok <[email protected]> wrote:
> Hi,
>
> There're several indirect calls in inline assembly in vesafb driver
> (drivers/video/fbdev/vesafb.c), and these calls cannot be automatically
> changed to retpolines. It's in vesafb_pan_display():
>
> 73 __asm__ __volatile__(
> 74 "call *(%%edi)"
>
> and in vesa_setpalette():
>
> 113 __asm__ __volatile__(
> 114 "call *(%%esi)"
>
> Is there need to use CALL_NOSPEC ?
Vesafb is from the time on the dinosaurs but yes any vesa bios code will
not be speculatively hardened. I'd also doubt anyone is actually using
vesafb in the first place but it should use nospec
Alan
On Tue, Mar 19, 2019 at 04:46:51PM +0000, Alan Cox wrote:
> On Wed, 13 Mar 2019 17:54:18 +0300
> Alexander Pateenok <[email protected]> wrote:
>
> > Hi,
> >
> > There're several indirect calls in inline assembly in vesafb driver
> > (drivers/video/fbdev/vesafb.c), and these calls cannot be automatically
> > changed to retpolines. It's in vesafb_pan_display():
> >
> > 73 __asm__ __volatile__(
> > 74 "call *(%%edi)"
> >
> > and in vesa_setpalette():
> >
> > 113 __asm__ __volatile__(
> > 114 "call *(%%esi)"
> >
> > Is there need to use CALL_NOSPEC ?
>
> Vesafb is from the time on the dinosaurs but yes any vesa bios code will
> not be speculatively hardened. I'd also doubt anyone is actually using
> vesafb in the first place but it should use nospec
Note that even when using vesafb the display panning is disabled by
default, and vesa_setpalette() is only used with 8bit depth (256 color
mode).
Also note that only 32bit builds will try to call vesa bios code ...
cheers,
Gerd