From: Peter Zijlstra <peterz@infradead.org>
Date: Tue, 14 Jun 2022 23:15:36 +0200
Subject: x86/retpoline: Use -mfunction-return
Git-commit: 0b53c374b9eff2255a386f1f1cfb9a928e52a5ae
Patch-mainline: v5.19-rc4
References: bsc#1199657 CVE-2022-29900 CVE-2022-29901
Utilize -mfunction-return=thunk-extern when available to have the
compiler replace RET instructions with direct JMPs to the symbol
__x86_return_thunk. This does not affect assembler (.S) sources, only C
sources.
-mfunction-return=thunk-extern has been available since gcc 7.3 and
clang 15.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
---
arch/x86/Makefile | 6 +++++-
arch/x86/entry/vdso/Makefile | 1 +
arch/x86/include/asm/nospec-branch.h | 2 ++
arch/x86/lib/retpoline.S | 10 ++++++++++
4 files changed, 18 insertions(+), 1 deletion(-)
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -66,6 +66,7 @@ endef
$(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE
$(call if_changed,vdso2c)
+RETPOLINE_VDSO_CFLAGS := $(call cc-option,-mindirect-branch=thunk-inline -mindirect-branch-register)
#
# Don't omit frame pointers for ease of userspace debugging, but do
# optimize sibling calls.
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -167,6 +167,8 @@
#ifdef CONFIG_RETPOLINE
#ifdef CONFIG_X86_64
+extern void __x86_return_thunk(void);
+
/*
* Inline asm uses the %V modifier which is only in newer GCC
* which is ensured when CONFIG_RETPOLINE is defined.
--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -46,3 +46,13 @@ GENERATE_THUNK(r13)
GENERATE_THUNK(r14)
GENERATE_THUNK(r15)
#endif
+/*
+ * This function name is magical and is used by -mfunction-return=thunk-extern
+ * for the compiler to generate JMPs to it.
+ */
+ENTRY(__x86_return_thunk)
+ ret
+ int3
+ENDPROC(__x86_return_thunk)
+
+__EXPORT_THUNK(__x86_return_thunk)
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -230,9 +230,13 @@ KBUILD_AFLAGS += $(mflags-y)
# Avoid indirect branches in kernel to deal with Spectre
ifdef CONFIG_RETPOLINE
RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register)
- KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
+ RETPOLINE_CFLAGS += $(call cc-option,-mfunction-return=thunk-extern)
+ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
endif
+# for vdso Makefile to exclude
+export RETPOLINE_CFLAGS
+
ifdef CONFIG_SLS
KBUILD_CFLAGS += $(call cc-option,-mharden-sls=all)
endif