| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250607095619.149445852@infradead.org>
Date: Sat, 07 Jun 2025 11:42:34 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org,
peterz@...radead.org,
kees@...nel.org,
acarmina@...hat.com,
jpoimboe@...nel.org,
mark.rutland@....com,
torvalds@...uxfoundation.org
Subject: [PATCH 10/11] x86: Clean up default rethunk warning
Replace the funny __warn_thunk thing with a more regular WARN_ONCE()
and simplify the ifdeffery.
Notably this avoids RET from having recursive RETs (once from the
thunk and once from the C function) -- recurive RET makes my head hurt
for no good reason.
Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
---
arch/x86/entry/entry.S | 4 ----
arch/x86/include/asm/nospec-branch.h | 2 --
arch/x86/kernel/cpu/bugs.c | 5 -----
arch/x86/lib/retpoline.S | 22 +++++++++++++++-------
4 files changed, 15 insertions(+), 18 deletions(-)
--- a/arch/x86/entry/entry.S
+++ b/arch/x86/entry/entry.S
@@ -13,8 +13,6 @@
#include <asm/cpufeatures.h>
#include <asm/nospec-branch.h>
-#include "calling.h"
-
.pushsection .noinstr.text, "ax"
/* Clobbers AX, CX, DX */
@@ -61,8 +59,6 @@ EXPORT_SYMBOL_GPL(mds_verw_sel);
.popsection
-THUNK warn_thunk_thunk, __warn_thunk
-
/*
* Clang's implementation of TLS stack cookies requires the variable in
* question to be a TLS variable. If the variable happens to be defined as an
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -386,8 +386,6 @@ extern void clear_bhb_loop(void);
extern void (*x86_return_thunk)(void);
-extern void __warn_thunk(void);
-
#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING
extern void call_depth_return_thunk(void);
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -3415,8 +3415,3 @@ ssize_t cpu_show_indirect_target_selecti
return cpu_show_common(dev, attr, buf, X86_BUG_ITS);
}
#endif
-
-void __warn_thunk(void)
-{
- WARN_ONCE(1, "Unpatched return thunk in use. This should not happen!\n");
-}
--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -12,6 +12,7 @@
#include <asm/percpu.h>
#include <asm/frame.h>
#include <asm/nops.h>
+#include <asm/bug.h>
.section .text..__x86.indirect_thunk
@@ -416,6 +417,19 @@ EXPORT_SYMBOL(its_return_thunk)
#endif /* CONFIG_MITIGATION_ITS */
+ .pushsection .rodata.str1.1
+.Lwarn:
+ .string "Unpatched return thunk in use.\n"
+ .popsection
+
+/*
+ * Helper that will trip WARN_ONCE() after alternatives have ran.
+ */
+#define ALT_WARN_RETHUNK \
+ ANNOTATE_REACHABLE ; \
+ 1: ALTERNATIVE "", "ud2", X86_FEATURE_ALWAYS ; \
+ ASM_BUGTABLE_FLAGS(1b, .Lwarn, 0, 0, BUGFLAG_WARNING | BUGFLAG_ONCE )
+
/*
* This function name is magical and is used by -mfunction-return=thunk-extern
* for the compiler to generate JMPs to it.
@@ -432,15 +446,9 @@ EXPORT_SYMBOL(its_return_thunk)
SYM_CODE_START(__x86_return_thunk)
UNWIND_HINT_FUNC
ANNOTATE_NOENDBR
-#if defined(CONFIG_MITIGATION_UNRET_ENTRY) || \
- defined(CONFIG_MITIGATION_SRSO) || \
- defined(CONFIG_MITIGATION_CALL_DEPTH_TRACKING)
- ALTERNATIVE __stringify(ANNOTATE_UNRET_SAFE; ret), \
- "jmp warn_thunk_thunk", X86_FEATURE_ALWAYS
-#else
+ ALT_WARN_RETHUNK
ANNOTATE_UNRET_SAFE
ret
-#endif
int3
SYM_CODE_END(__x86_return_thunk)
SYM_PIC_ALIAS(__x86_return_thunk)
Powered by blists - more mailing lists