Commit a75bf27f authored by Pawan Gupta's avatar Pawan Gupta Committed by Dave Hansen
Browse files

x86/its: Add support for ITS-safe return thunk 



RETs in the lower half of cacheline may be affected by ITS bug,
specifically when the RSB-underflows. Use ITS-safe return thunk for such
RETs.

RETs that are not patched:

- RET in retpoline sequence does not need to be patched, because the
  sequence itself fills an RSB before RET.
- RET in Call Depth Tracking (CDT) thunks __x86_indirect_{call|jump}_thunk
  and call_depth_return_thunk are not patched because CDT by design
  prevents RSB-underflow.
- RETs in .init section are not reachable after init.
- RETs that are explicitly marked safe with ANNOTATE_UNRET_SAFE.

Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: default avatarAlexandre Chartre <alexandre.chartre@oracle.com>
parent 8754e67a

arch/x86/include/asm/alternative.h

+14 −0
Original line number Diff line number Diff line
@@ -124,6 +124,20 @@ static __always_inline int x86_call_depth_emit_accounting(u8 **pprog, 
}

#endif



#if defined(CONFIG_MITIGATION_RETHUNK) && defined(CONFIG_OBJTOOL)

extern bool cpu_wants_rethunk(void);

extern bool cpu_wants_rethunk_at(void *addr);

#else

static __always_inline bool cpu_wants_rethunk(void)

{

	return false;

}

static __always_inline bool cpu_wants_rethunk_at(void *addr)

{

	return false;

}

#endif



#ifdef CONFIG_SMP

extern void alternatives_smp_module_add(struct module *mod, char *name,

					void *locks, void *locks_end,

arch/x86/include/asm/nospec-branch.h

+6 −0
Original line number Diff line number Diff line
@@ -367,6 +367,12 @@ static inline void srso_return_thunk(void) {} 
static inline void srso_alias_return_thunk(void) {}

#endif



#ifdef CONFIG_MITIGATION_ITS

extern void its_return_thunk(void);

#else

static inline void its_return_thunk(void) {}

#endif



extern void retbleed_return_thunk(void);

extern void srso_return_thunk(void);

extern void srso_alias_return_thunk(void);

arch/x86/kernel/alternative.c

+17 −2
Original line number Diff line number Diff line
@@ -814,6 +814,21 @@ void __init_or_module noinline apply_retpolines(s32 *start, s32 *end) 


#ifdef CONFIG_MITIGATION_RETHUNK



bool cpu_wants_rethunk(void)

{

	return cpu_feature_enabled(X86_FEATURE_RETHUNK);

}



bool cpu_wants_rethunk_at(void *addr)

{

	if (!cpu_feature_enabled(X86_FEATURE_RETHUNK))

		return false;

	if (x86_return_thunk != its_return_thunk)

		return true;



	return !((unsigned long)addr & 0x20);

}



/*

 * Rewrite the compiler generated return thunk tail-calls.

 *
@@ -830,7 +845,7 @@ static int patch_return(void *addr, struct insn *insn, u8 *bytes) 
	int i = 0;



	/* Patch the custom return thunks... */

	if (cpu_feature_enabled(X86_FEATURE_RETHUNK)) {

	if (cpu_wants_rethunk_at(addr)) {

		i = JMP32_INSN_SIZE;

		__text_gen_insn(bytes, JMP32_INSN_OPCODE, addr, x86_return_thunk, i);

	} else {
@@ -847,7 +862,7 @@ void __init_or_module noinline apply_returns(s32 *start, s32 *end) 
{

	s32 *s;



	if (cpu_feature_enabled(X86_FEATURE_RETHUNK))

	if (cpu_wants_rethunk())

		static_call_force_reinit();



	for (s = start; s < end; s++) {

arch/x86/kernel/ftrace.c

+1 −1
Original line number Diff line number Diff line
@@ -354,7 +354,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size) 
		goto fail;



	ip = trampoline + size;

	if (cpu_feature_enabled(X86_FEATURE_RETHUNK))

	if (cpu_wants_rethunk_at(ip))

		__text_gen_insn(ip, JMP32_INSN_OPCODE, ip, x86_return_thunk, JMP32_INSN_SIZE);

	else

		memcpy(ip, retq, sizeof(retq));

arch/x86/kernel/static_call.c

+2 −2
Original line number Diff line number Diff line
@@ -81,7 +81,7 @@ static void __ref __static_call_transform(void *insn, enum insn_type type, 
		break;



	case RET:

		if (cpu_feature_enabled(X86_FEATURE_RETHUNK))

		if (cpu_wants_rethunk_at(insn))

			code = text_gen_insn(JMP32_INSN_OPCODE, insn, x86_return_thunk);

		else

			code = &retinsn;
@@ -90,7 +90,7 @@ static void __ref __static_call_transform(void *insn, enum insn_type type, 
	case JCC:

		if (!func) {

			func = __static_call_return;

			if (cpu_feature_enabled(X86_FEATURE_RETHUNK))

			if (cpu_wants_rethunk())

				func = x86_return_thunk;

		}