x86/retpoline: Add initial retpoline support
Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide
the corresponding thunks. Provide assembler macros for invoking the thunks
in the same way that GCC does, from native and inline assembler.
This adds X86_FEATURE_RETPOLINE and sets it by default on all CPUs. In
some circumstances, IBRS microcode features may be used instead, and the
retpoline can be disabled.
On AMD CPUs if lfence is serialising, the retpoline can be dramatically
simplified to a simple "lfence; jmp *\reg". A future patch, after it has
been verified that lfence really is serialising in all circumstances, can
enable this by setting the X86_FEATURE_RETPOLINE_AMD feature bit in addition
to X86_FEATURE_RETPOLINE.
Do not align the retpoline in the altinstr section, because there is no
guarantee that it stays aligned when it's copied over the oldinstr during
alternative patching.
[ Andi Kleen: Rename the macros, add CONFIG_RETPOLINE option, export thunks]
[ tglx: Put actual function CALL/JMP in front of the macros, convert to
symbolic labels ]
[ dwmw2: Convert back to numeric labels, merge objtool fixes ]
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.uk
2018-01-12 05:46:25 +08:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
|
2018-01-26 20:11:37 +08:00
|
|
|
#ifndef _ASM_X86_NOSPEC_BRANCH_H_
|
|
|
|
#define _ASM_X86_NOSPEC_BRANCH_H_
|
x86/retpoline: Add initial retpoline support
Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide
the corresponding thunks. Provide assembler macros for invoking the thunks
in the same way that GCC does, from native and inline assembler.
This adds X86_FEATURE_RETPOLINE and sets it by default on all CPUs. In
some circumstances, IBRS microcode features may be used instead, and the
retpoline can be disabled.
On AMD CPUs if lfence is serialising, the retpoline can be dramatically
simplified to a simple "lfence; jmp *\reg". A future patch, after it has
been verified that lfence really is serialising in all circumstances, can
enable this by setting the X86_FEATURE_RETPOLINE_AMD feature bit in addition
to X86_FEATURE_RETPOLINE.
Do not align the retpoline in the altinstr section, because there is no
guarantee that it stays aligned when it's copied over the oldinstr during
alternative patching.
[ Andi Kleen: Rename the macros, add CONFIG_RETPOLINE option, export thunks]
[ tglx: Put actual function CALL/JMP in front of the macros, convert to
symbolic labels ]
[ dwmw2: Convert back to numeric labels, merge objtool fixes ]
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.uk
2018-01-12 05:46:25 +08:00
|
|
|
|
|
|
|
#include <asm/alternative.h>
|
|
|
|
#include <asm/alternative-asm.h>
|
|
|
|
#include <asm/cpufeatures.h>
|
|
|
|
|
|
|
|
#ifdef __ASSEMBLY__
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This should be used immediately before a retpoline alternative. It tells
|
|
|
|
* objtool where the retpolines are so that it can make sense of the control
|
|
|
|
* flow by just reading the original instruction(s) and ignoring the
|
|
|
|
* alternatives.
|
|
|
|
*/
|
|
|
|
.macro ANNOTATE_NOSPEC_ALTERNATIVE
|
|
|
|
.Lannotate_\@:
|
|
|
|
.pushsection .discard.nospec
|
|
|
|
.long .Lannotate_\@ - .
|
|
|
|
.popsection
|
|
|
|
.endm
|
|
|
|
|
|
|
|
/*
|
|
|
|
* These are the bare retpoline primitives for indirect jmp and call.
|
|
|
|
* Do not use these directly; they only exist to make the ALTERNATIVE
|
|
|
|
* invocation below less ugly.
|
|
|
|
*/
|
|
|
|
.macro RETPOLINE_JMP reg:req
|
|
|
|
call .Ldo_rop_\@
|
|
|
|
.Lspec_trap_\@:
|
|
|
|
pause
|
2018-01-14 07:27:30 +08:00
|
|
|
lfence
|
x86/retpoline: Add initial retpoline support
Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide
the corresponding thunks. Provide assembler macros for invoking the thunks
in the same way that GCC does, from native and inline assembler.
This adds X86_FEATURE_RETPOLINE and sets it by default on all CPUs. In
some circumstances, IBRS microcode features may be used instead, and the
retpoline can be disabled.
On AMD CPUs if lfence is serialising, the retpoline can be dramatically
simplified to a simple "lfence; jmp *\reg". A future patch, after it has
been verified that lfence really is serialising in all circumstances, can
enable this by setting the X86_FEATURE_RETPOLINE_AMD feature bit in addition
to X86_FEATURE_RETPOLINE.
Do not align the retpoline in the altinstr section, because there is no
guarantee that it stays aligned when it's copied over the oldinstr during
alternative patching.
[ Andi Kleen: Rename the macros, add CONFIG_RETPOLINE option, export thunks]
[ tglx: Put actual function CALL/JMP in front of the macros, convert to
symbolic labels ]
[ dwmw2: Convert back to numeric labels, merge objtool fixes ]
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.uk
2018-01-12 05:46:25 +08:00
|
|
|
jmp .Lspec_trap_\@
|
|
|
|
.Ldo_rop_\@:
|
|
|
|
mov \reg, (%_ASM_SP)
|
|
|
|
ret
|
|
|
|
.endm
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is a wrapper around RETPOLINE_JMP so the called function in reg
|
|
|
|
* returns to the instruction after the macro.
|
|
|
|
*/
|
|
|
|
.macro RETPOLINE_CALL reg:req
|
|
|
|
jmp .Ldo_call_\@
|
|
|
|
.Ldo_retpoline_jmp_\@:
|
|
|
|
RETPOLINE_JMP \reg
|
|
|
|
.Ldo_call_\@:
|
|
|
|
call .Ldo_retpoline_jmp_\@
|
|
|
|
.endm
|
|
|
|
|
|
|
|
/*
|
|
|
|
* JMP_NOSPEC and CALL_NOSPEC macros can be used instead of a simple
|
|
|
|
* indirect jmp/call which may be susceptible to the Spectre variant 2
|
|
|
|
* attack.
|
|
|
|
*/
|
|
|
|
.macro JMP_NOSPEC reg:req
|
|
|
|
#ifdef CONFIG_RETPOLINE
|
|
|
|
ANNOTATE_NOSPEC_ALTERNATIVE
|
|
|
|
ALTERNATIVE_2 __stringify(jmp *\reg), \
|
|
|
|
__stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE, \
|
|
|
|
__stringify(lfence; jmp *\reg), X86_FEATURE_RETPOLINE_AMD
|
|
|
|
#else
|
|
|
|
jmp *\reg
|
|
|
|
#endif
|
|
|
|
.endm
|
|
|
|
|
|
|
|
.macro CALL_NOSPEC reg:req
|
|
|
|
#ifdef CONFIG_RETPOLINE
|
|
|
|
ANNOTATE_NOSPEC_ALTERNATIVE
|
|
|
|
ALTERNATIVE_2 __stringify(call *\reg), \
|
|
|
|
__stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\
|
|
|
|
__stringify(lfence; call *\reg), X86_FEATURE_RETPOLINE_AMD
|
|
|
|
#else
|
|
|
|
call *\reg
|
|
|
|
#endif
|
2018-01-12 19:11:27 +08:00
|
|
|
.endm
|
|
|
|
|
2018-01-28 00:24:33 +08:00
|
|
|
/* This clobbers the BX register */
|
|
|
|
.macro FILL_RETURN_BUFFER nr:req ftr:req
|
2018-01-12 19:11:27 +08:00
|
|
|
#ifdef CONFIG_RETPOLINE
|
2018-01-28 00:24:33 +08:00
|
|
|
ALTERNATIVE "", "call __clear_rsb", \ftr
|
2018-01-12 19:11:27 +08:00
|
|
|
#endif
|
x86/retpoline: Add initial retpoline support
Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide
the corresponding thunks. Provide assembler macros for invoking the thunks
in the same way that GCC does, from native and inline assembler.
This adds X86_FEATURE_RETPOLINE and sets it by default on all CPUs. In
some circumstances, IBRS microcode features may be used instead, and the
retpoline can be disabled.
On AMD CPUs if lfence is serialising, the retpoline can be dramatically
simplified to a simple "lfence; jmp *\reg". A future patch, after it has
been verified that lfence really is serialising in all circumstances, can
enable this by setting the X86_FEATURE_RETPOLINE_AMD feature bit in addition
to X86_FEATURE_RETPOLINE.
Do not align the retpoline in the altinstr section, because there is no
guarantee that it stays aligned when it's copied over the oldinstr during
alternative patching.
[ Andi Kleen: Rename the macros, add CONFIG_RETPOLINE option, export thunks]
[ tglx: Put actual function CALL/JMP in front of the macros, convert to
symbolic labels ]
[ dwmw2: Convert back to numeric labels, merge objtool fixes ]
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.uk
2018-01-12 05:46:25 +08:00
|
|
|
.endm
|
|
|
|
|
|
|
|
#else /* __ASSEMBLY__ */
|
|
|
|
|
|
|
|
#define ANNOTATE_NOSPEC_ALTERNATIVE \
|
|
|
|
"999:\n\t" \
|
|
|
|
".pushsection .discard.nospec\n\t" \
|
|
|
|
".long 999b - .\n\t" \
|
|
|
|
".popsection\n\t"
|
|
|
|
|
|
|
|
#if defined(CONFIG_X86_64) && defined(RETPOLINE)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Since the inline asm uses the %V modifier which is only in newer GCC,
|
|
|
|
* the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE.
|
|
|
|
*/
|
|
|
|
# define CALL_NOSPEC \
|
|
|
|
ANNOTATE_NOSPEC_ALTERNATIVE \
|
|
|
|
ALTERNATIVE( \
|
|
|
|
"call *%[thunk_target]\n", \
|
|
|
|
"call __x86_indirect_thunk_%V[thunk_target]\n", \
|
|
|
|
X86_FEATURE_RETPOLINE)
|
|
|
|
# define THUNK_TARGET(addr) [thunk_target] "r" (addr)
|
|
|
|
|
|
|
|
#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE)
|
|
|
|
/*
|
|
|
|
* For i386 we use the original ret-equivalent retpoline, because
|
|
|
|
* otherwise we'll run out of registers. We don't care about CET
|
|
|
|
* here, anyway.
|
|
|
|
*/
|
|
|
|
# define CALL_NOSPEC ALTERNATIVE("call *%[thunk_target]\n", \
|
|
|
|
" jmp 904f;\n" \
|
|
|
|
" .align 16\n" \
|
|
|
|
"901: call 903f;\n" \
|
|
|
|
"902: pause;\n" \
|
2018-01-14 07:27:30 +08:00
|
|
|
" lfence;\n" \
|
x86/retpoline: Add initial retpoline support
Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide
the corresponding thunks. Provide assembler macros for invoking the thunks
in the same way that GCC does, from native and inline assembler.
This adds X86_FEATURE_RETPOLINE and sets it by default on all CPUs. In
some circumstances, IBRS microcode features may be used instead, and the
retpoline can be disabled.
On AMD CPUs if lfence is serialising, the retpoline can be dramatically
simplified to a simple "lfence; jmp *\reg". A future patch, after it has
been verified that lfence really is serialising in all circumstances, can
enable this by setting the X86_FEATURE_RETPOLINE_AMD feature bit in addition
to X86_FEATURE_RETPOLINE.
Do not align the retpoline in the altinstr section, because there is no
guarantee that it stays aligned when it's copied over the oldinstr during
alternative patching.
[ Andi Kleen: Rename the macros, add CONFIG_RETPOLINE option, export thunks]
[ tglx: Put actual function CALL/JMP in front of the macros, convert to
symbolic labels ]
[ dwmw2: Convert back to numeric labels, merge objtool fixes ]
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.uk
2018-01-12 05:46:25 +08:00
|
|
|
" jmp 902b;\n" \
|
|
|
|
" .align 16\n" \
|
|
|
|
"903: addl $4, %%esp;\n" \
|
|
|
|
" pushl %[thunk_target];\n" \
|
|
|
|
" ret;\n" \
|
|
|
|
" .align 16\n" \
|
|
|
|
"904: call 901b;\n", \
|
|
|
|
X86_FEATURE_RETPOLINE)
|
|
|
|
|
|
|
|
# define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
|
2018-01-12 19:11:27 +08:00
|
|
|
#else /* No retpoline for C / inline asm */
|
x86/retpoline: Add initial retpoline support
Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide
the corresponding thunks. Provide assembler macros for invoking the thunks
in the same way that GCC does, from native and inline assembler.
This adds X86_FEATURE_RETPOLINE and sets it by default on all CPUs. In
some circumstances, IBRS microcode features may be used instead, and the
retpoline can be disabled.
On AMD CPUs if lfence is serialising, the retpoline can be dramatically
simplified to a simple "lfence; jmp *\reg". A future patch, after it has
been verified that lfence really is serialising in all circumstances, can
enable this by setting the X86_FEATURE_RETPOLINE_AMD feature bit in addition
to X86_FEATURE_RETPOLINE.
Do not align the retpoline in the altinstr section, because there is no
guarantee that it stays aligned when it's copied over the oldinstr during
alternative patching.
[ Andi Kleen: Rename the macros, add CONFIG_RETPOLINE option, export thunks]
[ tglx: Put actual function CALL/JMP in front of the macros, convert to
symbolic labels ]
[ dwmw2: Convert back to numeric labels, merge objtool fixes ]
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.uk
2018-01-12 05:46:25 +08:00
|
|
|
# define CALL_NOSPEC "call *%[thunk_target]\n"
|
|
|
|
# define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
|
|
|
|
#endif
|
|
|
|
|
2018-01-12 05:46:26 +08:00
|
|
|
/* The Spectre V2 mitigation variants */
|
|
|
|
enum spectre_v2_mitigation {
|
|
|
|
SPECTRE_V2_NONE,
|
|
|
|
SPECTRE_V2_RETPOLINE_MINIMAL,
|
|
|
|
SPECTRE_V2_RETPOLINE_MINIMAL_AMD,
|
|
|
|
SPECTRE_V2_RETPOLINE_GENERIC,
|
|
|
|
SPECTRE_V2_RETPOLINE_AMD,
|
|
|
|
SPECTRE_V2_IBRS,
|
|
|
|
};
|
|
|
|
|
2018-01-19 00:14:21 +08:00
|
|
|
extern char __indirect_thunk_start[];
|
|
|
|
extern char __indirect_thunk_end[];
|
|
|
|
|
2018-01-12 19:11:27 +08:00
|
|
|
/*
|
|
|
|
* On VMEXIT we must ensure that no RSB predictions learned in the guest
|
|
|
|
* can be followed in the host, by overwriting the RSB completely. Both
|
|
|
|
* retpoline and IBRS mitigations for Spectre v2 need this; only on future
|
2018-02-03 03:12:20 +08:00
|
|
|
* CPUs with IBRS_ALL *might* it be avoided.
|
2018-01-12 19:11:27 +08:00
|
|
|
*/
|
|
|
|
static inline void vmexit_fill_RSB(void)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_RETPOLINE
|
2018-01-28 00:24:33 +08:00
|
|
|
alternative_input("",
|
|
|
|
"call __fill_rsb",
|
|
|
|
X86_FEATURE_RETPOLINE,
|
|
|
|
ASM_NO_INPUT_CLOBBER(_ASM_BX, "memory"));
|
2018-01-12 19:11:27 +08:00
|
|
|
#endif
|
|
|
|
}
|
2018-01-18 06:53:28 +08:00
|
|
|
|
2018-01-26 00:14:15 +08:00
|
|
|
static inline void indirect_branch_prediction_barrier(void)
|
|
|
|
{
|
2018-01-28 00:24:34 +08:00
|
|
|
alternative_input("",
|
|
|
|
"call __ibp_barrier",
|
|
|
|
X86_FEATURE_USE_IBPB,
|
|
|
|
ASM_NO_INPUT_CLOBBER("eax", "ecx", "edx", "memory"));
|
2018-01-26 00:14:15 +08:00
|
|
|
}
|
|
|
|
|
x86/retpoline: Add initial retpoline support
Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide
the corresponding thunks. Provide assembler macros for invoking the thunks
in the same way that GCC does, from native and inline assembler.
This adds X86_FEATURE_RETPOLINE and sets it by default on all CPUs. In
some circumstances, IBRS microcode features may be used instead, and the
retpoline can be disabled.
On AMD CPUs if lfence is serialising, the retpoline can be dramatically
simplified to a simple "lfence; jmp *\reg". A future patch, after it has
been verified that lfence really is serialising in all circumstances, can
enable this by setting the X86_FEATURE_RETPOLINE_AMD feature bit in addition
to X86_FEATURE_RETPOLINE.
Do not align the retpoline in the altinstr section, because there is no
guarantee that it stays aligned when it's copied over the oldinstr during
alternative patching.
[ Andi Kleen: Rename the macros, add CONFIG_RETPOLINE option, export thunks]
[ tglx: Put actual function CALL/JMP in front of the macros, convert to
symbolic labels ]
[ dwmw2: Convert back to numeric labels, merge objtool fixes ]
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-4-git-send-email-dwmw@amazon.co.uk
2018-01-12 05:46:25 +08:00
|
|
|
#endif /* __ASSEMBLY__ */
|
2018-01-26 20:11:37 +08:00
|
|
|
#endif /* _ASM_X86_NOSPEC_BRANCH_H_ */
|