Commit 41bab90b authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Borislav Petkov (AMD)
Browse files

x86/its: Move ITS indirect branch thunks to .text..__x86.indirect_thunk 



The ITS mitigation includes both indirect branch thunks and return
thunks.  Both are currently placed in .text..__x86.return_thunk, which is
appropriate for the latter but not the former.

For consistency with other mitigations, move the indirect branch thunks to
.text..__x86.indirect_thunk.

Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
parent 223ba8ee

arch/x86/lib/retpoline.S

+40 −35
Original line number Diff line number Diff line
@@ -15,7 +15,6 @@ 


	.section .text..__x86.indirect_thunk





.macro POLINE reg

	ANNOTATE_INTRA_FUNCTION_CALL

	call    .Ldo_rop_\@
@@ -73,6 +72,7 @@ SYM_CODE_END(__x86_indirect_thunk_array) 
#undef GEN



#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING



.macro CALL_THUNK reg

	.align RETPOLINE_THUNK_SIZE
@@ -126,7 +126,45 @@ SYM_CODE_END(__x86_indirect_jump_thunk_array) 
#define GEN(reg) __EXPORT_THUNK(__x86_indirect_jump_thunk_ ## reg)

#include <asm/GEN-for-each-reg.h>

#undef GEN

#endif



#endif /* CONFIG_MITIGATION_CALL_DEPTH_TRACKING */



#ifdef CONFIG_MITIGATION_ITS



.macro ITS_THUNK reg



/*

 * If CFI paranoid is used then the ITS thunk starts with opcodes (0xea; jne 1b)

 * that complete the fineibt_paranoid caller sequence.

 */

1:	.byte 0xea

SYM_INNER_LABEL(__x86_indirect_paranoid_thunk_\reg, SYM_L_GLOBAL)

	UNWIND_HINT_UNDEFINED

	ANNOTATE_NOENDBR

	jne 1b

SYM_INNER_LABEL(__x86_indirect_its_thunk_\reg, SYM_L_GLOBAL)

	UNWIND_HINT_UNDEFINED

	ANNOTATE_NOENDBR

	ANNOTATE_RETPOLINE_SAFE

	jmp *%\reg

	int3

	.align 32, 0xcc		/* fill to the end of the line */

	.skip  32 - (__x86_indirect_its_thunk_\reg - 1b), 0xcc /* skip to the next upper half */

.endm



/* ITS mitigation requires thunks be aligned to upper half of cacheline */

.align 64, 0xcc

.skip 29, 0xcc



#define GEN(reg) ITS_THUNK reg

#include <asm/GEN-for-each-reg.h>

#undef GEN



	.align 64, 0xcc

SYM_FUNC_ALIAS(__x86_indirect_its_thunk_array, __x86_indirect_its_thunk_rax)

SYM_CODE_END(__x86_indirect_its_thunk_array)



#endif /* CONFIG_MITIGATION_ITS */



#ifdef CONFIG_MITIGATION_RETHUNK
@@ -370,39 +408,6 @@ SYM_FUNC_END(call_depth_return_thunk) 


#ifdef CONFIG_MITIGATION_ITS



.macro ITS_THUNK reg



/*

 * If CFI paranoid is used then the ITS thunk starts with opcodes (0xea; jne 1b)

 * that complete the fineibt_paranoid caller sequence.

 */

1:	.byte 0xea

SYM_INNER_LABEL(__x86_indirect_paranoid_thunk_\reg, SYM_L_GLOBAL)

	UNWIND_HINT_UNDEFINED

	ANNOTATE_NOENDBR

	jne 1b

SYM_INNER_LABEL(__x86_indirect_its_thunk_\reg, SYM_L_GLOBAL)

	UNWIND_HINT_UNDEFINED

	ANNOTATE_NOENDBR

	ANNOTATE_RETPOLINE_SAFE

	jmp *%\reg

	int3

	.align 32, 0xcc		/* fill to the end of the line */

	.skip  32 - (__x86_indirect_its_thunk_\reg - 1b), 0xcc /* skip to the next upper half */

.endm



/* ITS mitigation requires thunks be aligned to upper half of cacheline */

.align 64, 0xcc

.skip 29, 0xcc



#define GEN(reg) ITS_THUNK reg

#include <asm/GEN-for-each-reg.h>

#undef GEN



	.align 64, 0xcc

SYM_FUNC_ALIAS(__x86_indirect_its_thunk_array, __x86_indirect_its_thunk_rax)

SYM_CODE_END(__x86_indirect_its_thunk_array)



.align 64, 0xcc

.skip 32, 0xcc

SYM_CODE_START(its_return_thunk)