This is a note to let you know that I've just added the patch titled
x86/cpu: Cleanup the untrain mess
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86-cpu-cleanup-the-untrain-mess.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From e7c25c441e9e0fa75b4c83e0b26306b702cfe90d Mon Sep 17 00:00:00 2001
From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Date: Mon, 14 Aug 2023 13:44:34 +0200
Subject: x86/cpu: Cleanup the untrain mess
From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
commit e7c25c441e9e0fa75b4c83e0b26306b702cfe90d upstream.
Since there can only be one active return_thunk, there only needs be
one (matching) untrain_ret. It fundamentally doesn't make sense to
allow multiple untrain_ret at the same time.
Fold all the 3 different untrain methods into a single (temporary)
helper stub.
Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
Link: https://lore.kernel.org/r/20230814121149.042774962@xxxxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/include/asm/nospec-branch.h | 12 ++++--------
arch/x86/kernel/cpu/bugs.c | 1 +
arch/x86/lib/retpoline.S | 7 +++++++
3 files changed, 12 insertions(+), 8 deletions(-)
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -156,9 +156,9 @@
.endm
#ifdef CONFIG_CPU_UNRET_ENTRY
-#define CALL_ZEN_UNTRAIN_RET "call retbleed_untrain_ret"
+#define CALL_UNTRAIN_RET "call entry_untrain_ret"
#else
-#define CALL_ZEN_UNTRAIN_RET ""
+#define CALL_UNTRAIN_RET ""
#endif
/*
@@ -177,14 +177,9 @@
defined(CONFIG_CPU_SRSO)
ANNOTATE_UNRET_END
ALTERNATIVE_2 "", \
- CALL_ZEN_UNTRAIN_RET, X86_FEATURE_UNRET, \
+ CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \
"call entry_ibpb", X86_FEATURE_ENTRY_IBPB
#endif
-
-#ifdef CONFIG_CPU_SRSO
- ALTERNATIVE_2 "", "call srso_untrain_ret", X86_FEATURE_SRSO, \
- "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS
-#endif
.endm
#else /* __ASSEMBLY__ */
@@ -209,6 +204,7 @@ extern void retbleed_untrain_ret(void);
extern void srso_untrain_ret(void);
extern void srso_alias_untrain_ret(void);
+extern void entry_untrain_ret(void);
extern void entry_ibpb(void);
#ifdef CONFIG_RETPOLINE
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2359,6 +2359,7 @@ static void __init srso_select_mitigatio
* like ftrace, static_call, etc.
*/
setup_force_cpu_cap(X86_FEATURE_RETHUNK);
+ setup_force_cpu_cap(X86_FEATURE_UNRET);
if (boot_cpu_data.x86 == 0x19) {
setup_force_cpu_cap(X86_FEATURE_SRSO_ALIAS);
--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -230,6 +230,13 @@ SYM_CODE_START(srso_return_thunk)
ud2
SYM_CODE_END(srso_return_thunk)
+SYM_FUNC_START(entry_untrain_ret)
+ ALTERNATIVE_2 "jmp retbleed_untrain_ret", \
+ "jmp srso_untrain_ret", X86_FEATURE_SRSO, \
+ "jmp srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS
+SYM_FUNC_END(entry_untrain_ret)
+__EXPORT_THUNK(entry_untrain_ret)
+
SYM_CODE_START(__x86_return_thunk)
UNWIND_HINT_FUNC
ANNOTATE_NOENDBR
Patches currently in stable-queue which might be from peterz@xxxxxxxxxxxxx are
queue-5.10/x86-cpu-fix-up-srso_safe_ret-and-__x86_return_thunk.patch
queue-5.10/x86-static_call-fix-__static_call_fixup.patch
queue-5.10/x86-cpu-cleanup-the-untrain-mess.patch
queue-5.10/iopoll-call-cpu_relax-in-busy-loops.patch
queue-5.10/objtool-x86-fixup-frame-pointer-vs-rethunk.patch
queue-5.10/x86-ibt-add-annotate_noendbr.patch
queue-5.10/x86-retpoline-kprobes-fix-position-of-thunk-sections-with-config_lto_clang.patch
queue-5.10/x86-cpu-rename-srso_-.-_alias-to-srso_alias_-1.patch
queue-5.10/x86-alternative-make-custom-return-thunk-unconditional.patch
queue-5.10/x86-cpu-rename-original-retbleed-methods.patch
queue-5.10/x86-cpu-clean-up-srso-return-thunk-mess.patch
queue-5.10/x86-cpu-fix-__x86_return_thunk-symbol-type.patch
