diff options
Diffstat (limited to 'debian/patches/bugfix/x86/retbleed/0005-x86-retpoline-Use-mfunction-return.patch')
| -rw-r--r-- | debian/patches/bugfix/x86/retbleed/0005-x86-retpoline-Use-mfunction-return.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/debian/patches/bugfix/x86/retbleed/0005-x86-retpoline-Use-mfunction-return.patch b/debian/patches/bugfix/x86/retbleed/0005-x86-retpoline-Use-mfunction-return.patch new file mode 100644 index 000000000..340617608 --- /dev/null +++ b/debian/patches/bugfix/x86/retbleed/0005-x86-retpoline-Use-mfunction-return.patch @@ -0,0 +1,77 @@ +From: Peter Zijlstra <peterz@infradead.org> +Date: Tue, 14 Jun 2022 23:15:36 +0200 +Subject: x86/retpoline: Use -mfunction-return +Origin: https://git.kernel.org/linus/0b53c374b9eff2255a386f1f1cfb9a928e52a5ae + +Utilize -mfunction-return=thunk-extern when available to have the +compiler replace RET instructions with direct JMPs to the symbol +__x86_return_thunk. This does not affect assembler (.S) sources, only C +sources. + +-mfunction-return=thunk-extern has been available since gcc 7.3 and +clang 15. + +Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> +Signed-off-by: Borislav Petkov <bp@suse.de> +Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> +Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org> +Tested-by: Nick Desaulniers <ndesaulniers@google.com> +Signed-off-by: Borislav Petkov <bp@suse.de> +--- + arch/x86/Makefile | 2 ++ + arch/x86/include/asm/nospec-branch.h | 2 ++ + arch/x86/lib/retpoline.S | 13 +++++++++++++ + 3 files changed, 17 insertions(+) + +diff --git a/arch/x86/Makefile b/arch/x86/Makefile +index a74886aed349..6e16057737e5 100644 +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -15,11 +15,13 @@ endif + ifdef CONFIG_CC_IS_GCC + RETPOLINE_CFLAGS := $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register) + RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch-cs-prefix) ++RETPOLINE_CFLAGS += $(call cc-option,-mfunction-return=thunk-extern) + RETPOLINE_VDSO_CFLAGS := $(call cc-option,-mindirect-branch=thunk-inline -mindirect-branch-register) + endif + ifdef CONFIG_CC_IS_CLANG + RETPOLINE_CFLAGS := -mretpoline-external-thunk + RETPOLINE_VDSO_CFLAGS := -mretpoline ++RETPOLINE_CFLAGS += $(call cc-option,-mfunction-return=thunk-extern) + endif + export RETPOLINE_CFLAGS + export RETPOLINE_VDSO_CFLAGS +diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h +index 5728539a3e77..829c9f827a96 100644 +--- a/arch/x86/include/asm/nospec-branch.h ++++ b/arch/x86/include/asm/nospec-branch.h +@@ -123,6 +123,8 @@ + typedef u8 retpoline_thunk_t[RETPOLINE_THUNK_SIZE]; + extern retpoline_thunk_t __x86_indirect_thunk_array[]; + ++extern void __x86_return_thunk(void); ++ + #ifdef CONFIG_RETPOLINE + + #define GEN(reg) \ +diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S +index 2cdd62499d54..4467c21215f4 100644 +--- a/arch/x86/lib/retpoline.S ++++ b/arch/x86/lib/retpoline.S +@@ -67,3 +67,16 @@ SYM_CODE_END(__x86_indirect_thunk_array) + #define GEN(reg) EXPORT_THUNK(reg) + #include <asm/GEN-for-each-reg.h> + #undef GEN ++ ++/* ++ * This function name is magical and is used by -mfunction-return=thunk-extern ++ * for the compiler to generate JMPs to it. ++ */ ++SYM_CODE_START(__x86_return_thunk) ++ UNWIND_HINT_EMPTY ++ ANNOTATE_NOENDBR ++ ret ++ int3 ++SYM_CODE_END(__x86_return_thunk) ++ ++__EXPORT_THUNK(__x86_return_thunk) |