| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200414103618.12657-9-alexandre.chartre@oracle.com>
Date: Tue, 14 Apr 2020 12:36:17 +0200
From: Alexandre Chartre <alexandre.chartre@...cle.com>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org, jpoimboe@...hat.com,
peterz@...radead.org, jthierry@...hat.com, tglx@...utronix.de,
alexandre.chartre@...cle.com
Subject: [PATCH V3 8/9] x86/speculation: Add return address unwind hints to retpoline and RSB stuffing
The retpoline and RSB stuffing code modify the stack to change return
addresses of intra-function calls. Add return address unwind hints so
that objtool can be aware of these tweaks. This requires a little
refactoring of the __FILL_RETURN_BUFFER macro for adding hints to
assembly and C code.
Signed-off-by: Alexandre Chartre <alexandre.chartre@...cle.com>
---
arch/x86/include/asm/nospec-branch.h | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index b0db793fd083..20594ea99c21 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -9,6 +9,7 @@
#include <asm/alternative-asm.h>
#include <asm/cpufeatures.h>
#include <asm/msr-index.h>
+#include <asm/unwind_hints.h>
/*
* This should be used immediately before a retpoline alternative. It tells
@@ -43,7 +44,7 @@
* the optimal version — two calls, each with their own speculation
* trap should their return address end up getting used, in a loop.
*/
-#define __FILL_RETURN_BUFFER(reg, nr, sp) \
+#define __FILL_RETURN_BUFFER_BEGIN(reg, nr, sp) \
mov $(nr/2), reg; \
771: \
call 772f; \
@@ -58,12 +59,19 @@
lfence; \
jmp 775b; \
774: \
- dec reg; \
+ dec reg;
+
+#define __FILL_RETURN_BUFFER_END(sp) \
add $(BITS_PER_LONG/8) * 2, sp; \
jnz 771b;
#ifdef __ASSEMBLY__
+#define __FILL_RETURN_BUFFER(reg, nr, sp) \
+ __FILL_RETURN_BUFFER_BEGIN(reg, nr, sp) \
+ UNWIND_HINT_RADDR_DELETE 2; \
+ __FILL_RETURN_BUFFER_END(sp)
+
/*
* This should be used immediately before an indirect jump/call. It tells
* objtool the subsequent indirect jump/call is vouched safe for retpoline
@@ -88,6 +96,7 @@
lfence
jmp .Lspec_trap_\@
.Ldo_rop_\@:
+ UNWIND_HINT_RADDR_ALTER
mov \reg, (%_ASM_SP)
ret
.endm
@@ -237,6 +246,11 @@ enum ssb_mitigation {
extern char __indirect_thunk_start[];
extern char __indirect_thunk_end[];
+#define __FILL_RETURN_BUFFER(reg, nr, sp) \
+ __stringify(__FILL_RETURN_BUFFER_BEGIN(reg, nr, sp)) \
+ UNWIND_HINT_RADDR_DELETE(2) \
+ __stringify(__FILL_RETURN_BUFFER_END(sp))
+
/*
* On VMEXIT we must ensure that no RSB predictions learned in the guest
* can be followed in the host, by overwriting the RSB completely. Both
@@ -250,7 +264,7 @@ static inline void vmexit_fill_RSB(void)
asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE
ALTERNATIVE("jmp 910f",
- __stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1)),
+ __FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1),
X86_FEATURE_RETPOLINE)
"910:"
: "=r" (loops), ASM_CALL_CONSTRAINT
--
2.18.2
Powered by blists - more mailing lists