From: Alexandre Chartre <alexandre.chartre@oracle.com>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, jpoimboe@redhat.com,
peterz@infradead.org, jthierry@redhat.com, tglx@linutronix.de,
alexandre.chartre@oracle.com
Subject: [PATCH V3 8/9] x86/speculation: Add return address unwind hints to retpoline and RSB stuffing
Date: Tue, 14 Apr 2020 12:36:17 +0200 [thread overview]
Message-ID: <20200414103618.12657-9-alexandre.chartre@oracle.com> (raw)
In-Reply-To: <20200414103618.12657-1-alexandre.chartre@oracle.com>
The retpoline and RSB stuffing code modify the stack to change return
addresses of intra-function calls. Add return address unwind hints so
that objtool can be aware of these tweaks. This requires a little
refactoring of the __FILL_RETURN_BUFFER macro for adding hints to
assembly and C code.
Signed-off-by: Alexandre Chartre <alexandre.chartre@oracle.com>
---
arch/x86/include/asm/nospec-branch.h | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index b0db793fd083..20594ea99c21 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -9,6 +9,7 @@
#include <asm/alternative-asm.h>
#include <asm/cpufeatures.h>
#include <asm/msr-index.h>
+#include <asm/unwind_hints.h>
/*
* This should be used immediately before a retpoline alternative. It tells
@@ -43,7 +44,7 @@
* the optimal version — two calls, each with their own speculation
* trap should their return address end up getting used, in a loop.
*/
-#define __FILL_RETURN_BUFFER(reg, nr, sp) \
+#define __FILL_RETURN_BUFFER_BEGIN(reg, nr, sp) \
mov $(nr/2), reg; \
771: \
call 772f; \
@@ -58,12 +59,19 @@
lfence; \
jmp 775b; \
774: \
- dec reg; \
+ dec reg;
+
+#define __FILL_RETURN_BUFFER_END(sp) \
add $(BITS_PER_LONG/8) * 2, sp; \
jnz 771b;
#ifdef __ASSEMBLY__
+#define __FILL_RETURN_BUFFER(reg, nr, sp) \
+ __FILL_RETURN_BUFFER_BEGIN(reg, nr, sp) \
+ UNWIND_HINT_RADDR_DELETE 2; \
+ __FILL_RETURN_BUFFER_END(sp)
+
/*
* This should be used immediately before an indirect jump/call. It tells
* objtool the subsequent indirect jump/call is vouched safe for retpoline
@@ -88,6 +96,7 @@
lfence
jmp .Lspec_trap_\@
.Ldo_rop_\@:
+ UNWIND_HINT_RADDR_ALTER
mov \reg, (%_ASM_SP)
ret
.endm
@@ -237,6 +246,11 @@ enum ssb_mitigation {
extern char __indirect_thunk_start[];
extern char __indirect_thunk_end[];
+#define __FILL_RETURN_BUFFER(reg, nr, sp) \
+ __stringify(__FILL_RETURN_BUFFER_BEGIN(reg, nr, sp)) \
+ UNWIND_HINT_RADDR_DELETE(2) \
+ __stringify(__FILL_RETURN_BUFFER_END(sp))
+
/*
* On VMEXIT we must ensure that no RSB predictions learned in the guest
* can be followed in the host, by overwriting the RSB completely. Both
@@ -250,7 +264,7 @@ static inline void vmexit_fill_RSB(void)
asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE
ALTERNATIVE("jmp 910f",
- __stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1)),
+ __FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1),
X86_FEATURE_RETPOLINE)
"910:"
: "=r" (loops), ASM_CALL_CONSTRAINT
--
2.18.2
next prev parent reply other threads:[~2020-04-14 10:55 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-14 10:36 [PATCH V3 0/9] objtool changes to check retpoline code Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 1/9] objtool: is_fentry_call() crashes if call has no destination Alexandre Chartre
2020-05-01 18:22 ` [tip: objtool/core] " tip-bot2 for Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 2/9] objtool: Allow branches within the same alternative Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 3/9] objtool: Add support for intra-function calls Alexandre Chartre
2020-04-14 12:07 ` Julien Thierry
2020-04-16 12:12 ` Miroslav Benes
2020-05-01 18:22 ` [tip: objtool/core] " tip-bot2 for Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 4/9] objtool: Handle return instruction with intra-function call Alexandre Chartre
2020-04-14 13:44 ` Julien Thierry
2020-04-14 10:36 ` [PATCH V3 5/9] objtool: Add return address unwind hints Alexandre Chartre
2020-04-14 16:16 ` Peter Zijlstra
2020-04-14 16:40 ` Alexandre Chartre
2020-04-14 17:56 ` Peter Zijlstra
2020-04-14 18:31 ` Alexandre Chartre
2020-04-14 18:42 ` Peter Zijlstra
2020-04-14 19:27 ` Alexandre Chartre
2020-04-14 19:48 ` Peter Zijlstra
2020-04-14 10:36 ` [PATCH V3 6/9] objtool: Report inconsistent stack changes in alternative Alexandre Chartre
2020-04-14 15:35 ` Julien Thierry
2020-04-14 22:41 ` kbuild test robot
2020-04-14 22:41 ` kbuild test robot
2020-04-14 23:09 ` kbuild test robot
2020-04-14 23:09 ` kbuild test robot
2020-04-16 14:18 ` Peter Zijlstra
2020-04-16 14:43 ` Alexandre Chartre
2020-04-14 10:36 ` [PATCH V3 7/9] x86/speculation: Change __FILL_RETURN_BUFFER to work with objtool Alexandre Chartre
2020-04-14 10:36 ` Alexandre Chartre [this message]
2020-04-14 10:36 ` [PATCH V3 9/9] x86/speculation: Annotate intra-function calls Alexandre Chartre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200414103618.12657-9-alexandre.chartre@oracle.com \
--to=alexandre.chartre@oracle.com \
--cc=jpoimboe@redhat.com \
--cc=jthierry@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.