It's kernel policy to not have (unannotated) indirect jumps because of
Spectre v2. This one's probably harmless, but better safe than sorry.
Convert it to a retpoline.
Cc: Boris Ostrovsky <[email protected]>
Cc: Juergen Gross <[email protected]>
Signed-off-by: Josh Poimboeuf <[email protected]>
---
arch/x86/platform/pvh/head.S | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index 43b4d864817e..d87cebd08d32 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S
@@ -16,6 +16,7 @@
#include <asm/boot.h>
#include <asm/processor-flags.h>
#include <asm/msr.h>
+#include <asm/nospec-branch.h>
#include <xen/interface/elfnote.h>
__HEAD
@@ -105,7 +106,7 @@ SYM_CODE_START_LOCAL(pvh_start_xen)
/* startup_64 expects boot_params in %rsi. */
mov $_pa(pvh_bootparams), %rsi
mov $_pa(startup_64), %rax
- jmp *%rax
+ JMP_NOSPEC rax
#else /* CONFIG_X86_64 */
--
2.29.2
On 1/14/21 2:40 PM, Josh Poimboeuf wrote:
> It's kernel policy to not have (unannotated) indirect jumps because of
> Spectre v2. This one's probably harmless, but better safe than sorry.
> Convert it to a retpoline.
>
> Cc: Boris Ostrovsky <[email protected]>
> Cc: Juergen Gross <[email protected]>
> Signed-off-by: Josh Poimboeuf <[email protected]>
Reviewed-by: Boris Ostrovsky <[email protected]>
On 14.01.21 20:40, Josh Poimboeuf wrote:
> It's kernel policy to not have (unannotated) indirect jumps because of
> Spectre v2. This one's probably harmless, but better safe than sorry.
> Convert it to a retpoline.
>
> Cc: Boris Ostrovsky <[email protected]>
> Cc: Juergen Gross <[email protected]>
> Signed-off-by: Josh Poimboeuf <[email protected]>
> ---
> arch/x86/platform/pvh/head.S | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
> index 43b4d864817e..d87cebd08d32 100644
> --- a/arch/x86/platform/pvh/head.S
> +++ b/arch/x86/platform/pvh/head.S
> @@ -16,6 +16,7 @@
> #include <asm/boot.h>
> #include <asm/processor-flags.h>
> #include <asm/msr.h>
> +#include <asm/nospec-branch.h>
> #include <xen/interface/elfnote.h>
>
> __HEAD
> @@ -105,7 +106,7 @@ SYM_CODE_START_LOCAL(pvh_start_xen)
> /* startup_64 expects boot_params in %rsi. */
> mov $_pa(pvh_bootparams), %rsi
> mov $_pa(startup_64), %rax
> - jmp *%rax
> + JMP_NOSPEC rax
I'd rather have it annotated only.
Using ALTERNATIVE in very early boot code is just adding needless
clutter, as the retpoline variant won't ever be active.
Juergen
On Fri, Jan 15, 2021 at 06:24:10AM +0100, Jürgen Groß wrote:
> On 14.01.21 20:40, Josh Poimboeuf wrote:
> > It's kernel policy to not have (unannotated) indirect jumps because of
> > Spectre v2. This one's probably harmless, but better safe than sorry.
> > Convert it to a retpoline.
> >
> > Cc: Boris Ostrovsky <[email protected]>
> > Cc: Juergen Gross <[email protected]>
> > Signed-off-by: Josh Poimboeuf <[email protected]>
> > ---
> > arch/x86/platform/pvh/head.S | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
> > index 43b4d864817e..d87cebd08d32 100644
> > --- a/arch/x86/platform/pvh/head.S
> > +++ b/arch/x86/platform/pvh/head.S
> > @@ -16,6 +16,7 @@
> > #include <asm/boot.h>
> > #include <asm/processor-flags.h>
> > #include <asm/msr.h>
> > +#include <asm/nospec-branch.h>
> > #include <xen/interface/elfnote.h>
> > __HEAD
> > @@ -105,7 +106,7 @@ SYM_CODE_START_LOCAL(pvh_start_xen)
> > /* startup_64 expects boot_params in %rsi. */
> > mov $_pa(pvh_bootparams), %rsi
> > mov $_pa(startup_64), %rax
> > - jmp *%rax
> > + JMP_NOSPEC rax
>
> I'd rather have it annotated only.
>
> Using ALTERNATIVE in very early boot code is just adding needless
> clutter, as the retpoline variant won't ever be active.
Yeah, Andy pointed out something similar. I'll be changing this to an
annotation.
--
Josh