The following commit has been merged into the x86/bugs branch of tip: Commit-ID: 91174087dcc7565d8bf0d576544e42d5b1de6f39 Gitweb: https://git.kernel.org/tip/91174087dcc7565d8bf0d576544e42d5b1de6f39 Author: David Kaplan <david.kaplan@xxxxxxx> AuthorDate: Thu, 12 Oct 2023 16:10:31 +02:00 Committer: Ingo Molnar <mingo@xxxxxxxxxx> CommitterDate: Thu, 12 Oct 2023 19:44:34 +02:00 x86/retpoline: Ensure default return thunk isn't used at runtime All CPU bugs that require a return thunk define a special return thunk to use (e.g., srso_return_thunk). The default thunk, __x86_return_thunk, should never be used after apply_returns() completes. Otherwise this could lead to potential speculation holes. Enforce this by replacing this thunk with a ud2 when alternatives are applied. Alternative instructions are applied after apply_returns(). The default thunk is only used during kernel boot, it is not used during module init since that occurs after apply_returns(). Signed-off-by: David Kaplan <david.kaplan@xxxxxxx> Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx> Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx> Reviewed-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx> Acked-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> Link: https://lore.kernel.org/r/20231012141031.GHZSf+V1NjjUJTc9a9@fat_crate.local --- arch/x86/lib/retpoline.S | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 6376d01..fe05c13 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -356,15 +356,17 @@ SYM_FUNC_END(call_depth_return_thunk) * This function name is magical and is used by -mfunction-return=thunk-extern * for the compiler to generate JMPs to it. * - * This code is only used during kernel boot or module init. All + * This code is only used during kernel boot. All * 'JMP __x86_return_thunk' sites are changed to something else by * apply_returns(). + * + * This thunk is turned into a ud2 to ensure it is never used at runtime. + * Alternative instructions are applied after apply_returns(). */ SYM_CODE_START(__x86_return_thunk) UNWIND_HINT_FUNC ANNOTATE_NOENDBR - ANNOTATE_UNRET_SAFE - ret + ALTERNATIVE __stringify(ANNOTATE_UNRET_SAFE;ret),"ud2", X86_FEATURE_ALWAYS int3 SYM_CODE_END(__x86_return_thunk) EXPORT_SYMBOL(__x86_return_thunk)
|