Patch "x86/retpoline/hyperv: Convert assembler indirect jumps" has been added to the 4.9-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 15 Jan 2018 10:07:15 +0100

This is a note to let you know that I've just added the patch titled

    x86/retpoline/hyperv: Convert assembler indirect jumps

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From e70e5892b28c18f517f29ab6e83bd57705104b31 Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw@xxxxxxxxxxxx>
Date: Thu, 11 Jan 2018 21:46:30 +0000
Subject: x86/retpoline/hyperv: Convert assembler indirect jumps

From: David Woodhouse <dwmw@xxxxxxxxxxxx>

commit e70e5892b28c18f517f29ab6e83bd57705104b31 upstream.

Convert all indirect jumps in hyperv inline asm code to use non-speculative
sequences when CONFIG_RETPOLINE is enabled.

Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Acked-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
Acked-by: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: gnomes@xxxxxxxxxxxxxxxxxxx
Cc: Rik van Riel <riel@xxxxxxxxxx>
Cc: Andi Kleen <ak@xxxxxxxxxxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: thomas.lendacky@xxxxxxx
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Jiri Kosina <jikos@xxxxxxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxx>
Cc: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxxx>
Cc: Paul Turner <pjt@xxxxxxxxxx>
Link: https://lkml.kernel.org/r/1515707194-20531-9-git-send-email-dwmw@xxxxxxxxxxxx
[ backport to 4.9, hopefully correct, not tested... - gregkh ]
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/hv/hv.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
@@ -31,6 +31,7 @@
 #include <linux/clockchips.h>
 #include <asm/hyperv.h>
 #include <asm/mshyperv.h>
+#include <asm/nospec-branch.h>
 #include "hyperv_vmbus.h"
 
 /* The one and only */
@@ -103,9 +104,10 @@ u64 hv_do_hypercall(u64 control, void *i
 		return (u64)ULLONG_MAX;
 
 	__asm__ __volatile__("mov %0, %%r8" : : "r" (output_address) : "r8");
-	__asm__ __volatile__("call *%3" : "=a" (hv_status) :
+	__asm__ __volatile__(CALL_NOSPEC :
+			     "=a" (hv_status) :
 			     "c" (control), "d" (input_address),
-			     "m" (hypercall_page));
+			     THUNK_TARGET(hypercall_page));
 
 	return hv_status;
 
@@ -123,11 +125,12 @@ u64 hv_do_hypercall(u64 control, void *i
 	if (!hypercall_page)
 		return (u64)ULLONG_MAX;
 
-	__asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi),
+	__asm__ __volatile__ (CALL_NOSPEC : "=d"(hv_status_hi),
 			      "=a"(hv_status_lo) : "d" (control_hi),
 			      "a" (control_lo), "b" (input_address_hi),
 			      "c" (input_address_lo), "D"(output_address_hi),
-			      "S"(output_address_lo), "m" (hypercall_page));
+			      "S"(output_address_lo),
+			      THUNK_TARGET(hypercall_page));
 
 	return hv_status_lo | ((u64)hv_status_hi << 32);
 #endif /* !x86_64 */


Patches currently in stable-queue which might be from dwmw@xxxxxxxxxxxx are

queue-4.9/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch
queue-4.9/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch
queue-4.9/objtool-detect-jumps-to-retpoline-thunks.patch
queue-4.9/x86-cpufeatures-add-x86_bug_spectre_v.patch
queue-4.9/x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch
queue-4.9/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch
queue-4.9/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch
queue-4.9/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch
queue-4.9/x86-cpufeatures-add-x86_bug_cpu_insecure.patch
queue-4.9/x86-cpufeatures-make-cpu-bugs-sticky.patch
queue-4.9/x86-cpu-amd-make-lfence-a-serializing-instruction.patch
queue-4.9/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch
queue-4.9/objtool-allow-alternatives-to-be-ignored.patch
queue-4.9/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch
queue-4.9/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch
queue-4.9/x86-cpu-factor-out-application-of-forced-cpu-caps.patch
queue-4.9/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch
queue-4.9/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch
queue-4.9/x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch
queue-4.9/sysfs-cpu-add-vulnerability-folder.patch
queue-4.9/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch
queue-4.9/x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch
queue-4.9/x86-retpoline-remove-compile-time-warning.patch
queue-4.9/x86-alternatives-fix-optimize_nops-checking.patch
queue-4.9/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch
queue-4.9/x86-retpoline-add-initial-retpoline-support.patch






