Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8106638imu; Tue, 4 Dec 2018 03:06:57 -0800 (PST) X-Google-Smtp-Source: AFSGD/VhjeV/reYSY45M+A0sKkLfZ55ASibyUQ9iydMkzOnfeSMgeVJsiysGlioV9Nzo7k6sTff0 X-Received: by 2002:a62:1f9d:: with SMTP id l29mr19580891pfj.14.1543921617708; Tue, 04 Dec 2018 03:06:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543921617; cv=none; d=google.com; s=arc-20160816; b=aMM5L8EhgUSN1yMhyWLCtYLt4/YlRkYd4bzD7/R20U8tB2heE7hNtqWt2aN3ebcYbg MdK757D8teDW6nZ26ZzACZ8ob19RpWKZDWPeNAUYJChYk3uBlEuPaMxyHJbGs3r/k+cp KW6aX4uulOHFANeyWKr6yyug+FUs4me0duiz87qTspTUhs8vhBHZgmTX4kZo6JhbN25F ItZs0Lv5PEHoYumefGBGxpRumO5HoGPdKRIpWnde7KOeqJrnzky0B9mpwj/ENCU3qmb3 BmzF5HI1PzItOPlc2n1x5D79PD5/9pY13b5hu7N+1csVR3tHkUUkn+RW0yQ4l5i08Xi9 BLOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=4GEUjSkfVNZPW3jvk3y+2cGuKKOZQxo1RsYtcECY0Ng=; b=KEtKkJBzEdPfdEkPAZuEw90o31NprORRmgvWvKUTMRljM99vBMnLhwmMCli9A1x68a q84zftlNhsbQFvZ8luJYr47f4qmuw4EdbtNLG5l8fYo5dZMJX3x3fmJKsIK3SVoSef50 S9rADIzC9Fn8eWwjptXpC/fgmNmPmxfIv/28mVzp5kHpwGpBEGpFk8e93dlcQqpqma4G 8IkoLCc8YZmD7pTfWc3dc4uK1K/UeXW3KjOcPA9IidQgYEKujn5idSmkGin+1aJQ3Evc vyB6oc+q3jxrANHHtNrk5caKtEdA72P3Y2tv/eZ684iMD2wpXev0jIgjoyg2JTiDmd5O yNBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ngEUyN85; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g33si15152882pgm.426.2018.12.04.03.06.33; Tue, 04 Dec 2018 03:06:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ngEUyN85; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727594AbeLDLES (ORCPT + 99 others); Tue, 4 Dec 2018 06:04:18 -0500 Received: from mail.kernel.org ([198.145.29.99]:51116 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727347AbeLDLEP (ORCPT ); Tue, 4 Dec 2018 06:04:15 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B222E214F1; Tue, 4 Dec 2018 11:04:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543921454; bh=vAG3HuiIfZRBGBJRr83YFDycq/jxzhj/P0xNPzo8nT4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ngEUyN85G+Rbq1Wdc+7pLN1tuXJfbCRCf7sIvxUuML4gNg+MkrcWlA5fgQo4HSsjW N/wM5Q3WhyvyAcAbRSJxTI/FxljNK97/iVz5AVvCSbEmI/1SLvJOxwGNm9NkgvWdyQ Tyy8vo6ctgs/ylV7ROsQN8fYTClzCo37cWL7NR4w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Peter Zijlstra , Zhenzhong Duan , Thomas Gleixner , David Woodhouse , Borislav Petkov , Daniel Borkmann , "H. Peter Anvin" , Konrad Rzeszutek Wilk , Andy Lutomirski , Masahiro Yamada , Michal Marek , srinivas.eeda@oracle.com Subject: [PATCH 4.14 078/146] x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support Date: Tue, 4 Dec 2018 11:49:24 +0100 Message-Id: <20181204103729.971223628@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181204103726.750894136@linuxfoundation.org> References: <20181204103726.750894136@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Zhenzhong Duan zhenzhong.duan@oracle.com commit 4cd24de3a0980bf3100c9dcb08ef65ca7c31af48 upstream Since retpoline capable compilers are widely available, make CONFIG_RETPOLINE hard depend on the compiler capability. Break the build when CONFIG_RETPOLINE is enabled and the compiler does not support it. Emit an error message in that case: "arch/x86/Makefile:226: *** You are building kernel with non-retpoline compiler, please update your compiler.. Stop." [dwmw: Fail the build with non-retpoline compiler] Suggested-by: Peter Zijlstra Signed-off-by: Zhenzhong Duan Signed-off-by: Thomas Gleixner Cc: David Woodhouse Cc: Borislav Petkov Cc: Daniel Borkmann Cc: H. Peter Anvin Cc: Konrad Rzeszutek Wilk Cc: Andy Lutomirski Cc: Masahiro Yamada Cc: Michal Marek Cc: Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/cca0cb20-f9e2-4094-840b-fb0f8810cd34@default Signed-off-by: Greg Kroah-Hartman --- arch/x86/Kconfig | 4 ---- arch/x86/Makefile | 5 +++-- arch/x86/include/asm/nospec-branch.h | 10 ++++++---- arch/x86/kernel/cpu/bugs.c | 2 +- scripts/Makefile.build | 2 -- 5 files changed, 10 insertions(+), 13 deletions(-) --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -440,10 +440,6 @@ config RETPOLINE branches. Requires a compiler with -mindirect-branch=thunk-extern support for full protection. The kernel may run slower. - Without compiler support, at least indirect branches in assembler - code are eliminated. Since this includes the syscall entry path, - it is not entirely pointless. - config INTEL_RDT bool "Intel Resource Director Technology support" default n --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -241,9 +241,10 @@ KBUILD_CFLAGS += -fno-asynchronous-unwin # Avoid indirect branches in kernel to deal with Spectre ifdef CONFIG_RETPOLINE -ifneq ($(RETPOLINE_CFLAGS),) - KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE +ifeq ($(RETPOLINE_CFLAGS),) + $(error You are building kernel with non-retpoline compiler, please update your compiler.) endif + KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) endif archscripts: scripts_basic --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -162,11 +162,12 @@ _ASM_PTR " 999b\n\t" \ ".popsection\n\t" -#if defined(CONFIG_X86_64) && defined(RETPOLINE) +#ifdef CONFIG_RETPOLINE +#ifdef CONFIG_X86_64 /* - * Since the inline asm uses the %V modifier which is only in newer GCC, - * the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE. + * Inline asm uses the %V modifier which is only in newer GCC + * which is ensured when CONFIG_RETPOLINE is defined. */ # define CALL_NOSPEC \ ANNOTATE_NOSPEC_ALTERNATIVE \ @@ -181,7 +182,7 @@ X86_FEATURE_RETPOLINE_AMD) # define THUNK_TARGET(addr) [thunk_target] "r" (addr) -#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE) +#else /* CONFIG_X86_32 */ /* * For i386 we use the original ret-equivalent retpoline, because * otherwise we'll run out of registers. We don't care about CET @@ -211,6 +212,7 @@ X86_FEATURE_RETPOLINE_AMD) # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) +#endif #else /* No retpoline for C / inline asm */ # define CALL_NOSPEC "call *%[thunk_target]\n" # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -251,7 +251,7 @@ static void __init spec2_print_if_secure static inline bool retp_compiler(void) { - return __is_defined(RETPOLINE); + return __is_defined(CONFIG_RETPOLINE); } static inline bool match_option(const char *arg, int arglen, const char *opt) --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -272,10 +272,8 @@ else objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) endif ifdef CONFIG_RETPOLINE -ifneq ($(RETPOLINE_CFLAGS),) objtool_args += --retpoline endif -endif ifdef CONFIG_MODVERSIONS