Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752996AbeAJSTg (ORCPT + 1 other); Wed, 10 Jan 2018 13:19:36 -0500 Received: from terminus.zytor.com ([65.50.211.136]:51381 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752109AbeAJSTe (ORCPT ); Wed, 10 Jan 2018 13:19:34 -0500 Date: Wed, 10 Jan 2018 10:15:00 -0800 From: tip-bot for David Woodhouse Message-ID: Cc: ak@linux.intel.com, dwmw@amazon.co.uk, tglx@linutronix.de, keescook@google.com, linux-kernel@vger.kernel.org, arjan@linux.intel.com, peterz@infradead.org, riel@redhat.com, gregkh@linux-foundation.org, dave.hansen@intel.com, luto@amacapital.net, tim.c.chen@linux.intel.com, pjt@google.com, torvalds@linux-foundation.org, jikos@kernel.org, mingo@kernel.org, hpa@zytor.com Reply-To: peterz@infradead.org, linux-kernel@vger.kernel.org, arjan@linux.intel.com, keescook@google.com, tglx@linutronix.de, riel@redhat.com, ak@linux.intel.com, dwmw@amazon.co.uk, tim.c.chen@linux.intel.com, hpa@zytor.com, mingo@kernel.org, torvalds@linux-foundation.org, pjt@google.com, jikos@kernel.org, gregkh@linux-foundation.org, luto@amacapital.net, dave.hansen@intel.com In-Reply-To: <1515508997-6154-6-git-send-email-dwmw@amazon.co.uk> References: <1515508997-6154-6-git-send-email-dwmw@amazon.co.uk> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/pti] x86/retpoline/entry: Convert entry assembler indirect jumps Git-Commit-ID: 8e8284e74cf80e1addf71d83794cba23f7a59e3a X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: Commit-ID: 8e8284e74cf80e1addf71d83794cba23f7a59e3a Gitweb: https://git.kernel.org/tip/8e8284e74cf80e1addf71d83794cba23f7a59e3a Author: David Woodhouse AuthorDate: Tue, 9 Jan 2018 14:43:11 +0000 Committer: Thomas Gleixner CommitDate: Wed, 10 Jan 2018 19:09:10 +0100 x86/retpoline/entry: Convert entry assembler indirect jumps Convert indirect jumps in core 32/64bit entry assembler code to use non-speculative sequences when CONFIG_RETPOLINE is enabled. Don't use CALL_NOSPEC in entry_SYSCALL_64_fastpath because the return address after the 'call' instruction must be *precisely* at the .Lentry_SYSCALL_64_after_fastpath label for stub_ptregs_64 to work, and the use of alternatives will mess that up unless we play horrid games to prepend with NOPs and make the variants the same length. It's not worth it; in the case where we ALTERNATIVE out the retpoline, the first instruction at __x86.indirect_thunk.rax is going to be a bare jmp *%rax anyway. Signed-off-by: David Woodhouse Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Acked-by: Arjan van de Ven Cc: gnomes@lxorguk.ukuu.org.uk Cc: Rik van Riel Cc: Andi Kleen Cc: Peter Zijlstra Cc: Linus Torvalds Cc: Jiri Kosina Cc: Andy Lutomirski Cc: Dave Hansen Cc: Kees Cook Cc: Tim Chen Cc: Greg Kroah-Hartman Cc: Paul Turner Link: https://lkml.kernel.org/r/1515508997-6154-6-git-send-email-dwmw@amazon.co.uk --- arch/x86/entry/entry_32.S | 5 +++-- arch/x86/entry/entry_64.S | 12 +++++++++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index ace8f32..a1f28a5 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -44,6 +44,7 @@ #include #include #include +#include .section .entry.text, "ax" @@ -290,7 +291,7 @@ ENTRY(ret_from_fork) /* kernel thread */ 1: movl %edi, %eax - call *%ebx + CALL_NOSPEC %ebx /* * A kernel thread is allowed to return here after successfully * calling do_execve(). Exit to userspace to complete the execve() @@ -919,7 +920,7 @@ common_exception: movl %ecx, %es TRACE_IRQS_OFF movl %esp, %eax # pt_regs pointer - call *%edi + CALL_NOSPEC %edi jmp ret_from_exception END(common_exception) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index ed31d00..59874bc 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -37,6 +37,7 @@ #include #include #include +#include #include #include "calling.h" @@ -187,7 +188,7 @@ ENTRY(entry_SYSCALL_64_trampoline) */ pushq %rdi movq $entry_SYSCALL_64_stage2, %rdi - jmp *%rdi + JMP_NOSPEC %rdi END(entry_SYSCALL_64_trampoline) .popsection @@ -266,7 +267,12 @@ entry_SYSCALL_64_fastpath: * It might end up jumping to the slow path. If it jumps, RAX * and all argument registers are clobbered. */ +#ifdef CONFIG_RETPOLINE + movq sys_call_table(, %rax, 8), %rax + call __x86_indirect_thunk_rax +#else call *sys_call_table(, %rax, 8) +#endif .Lentry_SYSCALL_64_after_fastpath_call: movq %rax, RAX(%rsp) @@ -438,7 +444,7 @@ ENTRY(stub_ptregs_64) jmp entry_SYSCALL64_slow_path 1: - jmp *%rax /* Called from C */ + JMP_NOSPEC %rax /* Called from C */ END(stub_ptregs_64) .macro ptregs_stub func @@ -517,7 +523,7 @@ ENTRY(ret_from_fork) 1: /* kernel thread */ movq %r12, %rdi - call *%rbx + CALL_NOSPEC %rbx /* * A kernel thread is allowed to return here after successfully * calling do_execve(). Exit to userspace to complete the execve()