Select Git revision
Search by author
- Any Author
- authors
-
72162444 72162444 gaochangning
-
Aakash Dave aakash.dave
-
Aaron Kim akim
-
Aaron Kloc akloc
-
Aaron Lan aaron.lan
-
Aaron Nabil aaronna
-
Aaron Pohle aaron.pohle
-
Abbott Chung chung.abbott
-
Abdallah Omar abdallah_omar
-
Abdessamii Chalbi abdessamii.chalbi
-
Abdul Hussain Sirajudeen abdul.hussain
-
Abdullah Alghamdi a.alghamdi
-
Abdullah Elmarghany abdullah_elmarghany
-
Abel Fang abel_fang
-
Abhijeet Badurkar abhijeet.badurkar
-
Abhijit Adsule adsule
-
Abhijit Murthy abhijit
-
Abhi Khanal akhanal
-
Abhilash Sahoo abhilashsahoo
-
Abhimanyu Raj abhimanyu.raj
- Jul 29, 2022
-
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 6cf3e4c0 Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 8 Mar 2022 16:30:21 +0100 x86/entry: Cleanup PARAVIRT Since commit 5c8f6a2e ("x86/xen: Add xenpv_restore_regs_and_return_to_usermode()") Xen will no longer reach this code and we can do away with the paravirt SWAPGS/INTERRUPT_RETURN. Suggested-by:
Andrew Cooper <Andrew.Cooper3@citrix.com> Signed-off-by:
Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by:
Josh Poimboeuf <jpoimboe@redhat.com> Link: https://lore.kernel.org/r/20220308154317.756014488@infradead.org Signed-off-by:
Waiman Long <longman@redhat.com>
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit c8c301ab Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 8 Mar 2022 16:30:18 +0100 x86/ibt: Add ANNOTATE_NOENDBR In order to have objtool warn about code references to !ENDBR instruction, we need an annotation to allow this for non-control-flow instances -- consider text range checks, text patching, or return trampolines etc. Signed-off-by:
Kees Cook <keescook@chromium.org> Acked-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Upstream Status: RHEL-only As we are not backporting the complete set of X86_KERNEL_IBT patches, we can't enable it at the moment. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 156ff4a5 Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 8 Mar 2022 16:30:17 +0100 x86/ibt: Base IBT bits Add Kconfig, Makefile and basic instruction support for x86 IBT. (Ab)use __DISABLE_EXPORTS to disable IBT since it's already employed to mark compressed and purgatory. Additionally mark realmode with it as well to avoid inserting ENDBR instructions there. While ENDBR is technically a NOP, inserting them was causing some grief due to code growth. There's also a problem with using __noendbr in code compiled without -fcf-protection=branch. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 537da1ed Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 8 Mar 2022 16:30:15 +0100 objtool,efi: Update __efi64_thunk annotation The current annotation relies on not running objtool on the file; this won't work when running objtool on vmlinux.o. Instead explicitly mark __efi64_thunk() to be ignored. This preserves the status quo, which is somewhat unfortunate. Luckily this code is hardly ever used. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 82880283 Author: Sergei Trofimovich <slyich@gmail.com> Date: Thu, 20 Jan 2022 23:37:48 +0000 objtool: Fix truncated string warning On GCC 12, the build fails due to a possible truncated string: check.c: In function 'validate_call': check.c:2865:58: error: '%d' directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=] 2865 | snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); | ^~ In theory it's a valid bug: static char pvname[16]; int idx; ... idx = (rel->addend / sizeof(void *)); snprintf(pvname, sizeof(pvname), "pv_ops[%d]", idx); There are only 7 chars for %d while it could take up to 9, so the printed "pv_ops[%d]" string could get truncated. In reality the bug should never happen, because pv_ops only has ~80 entries, so 7 chars for the integer is more than enough. Still, it's worth fixing. Bump the buffer size by 2 bytes to silence the warning. [ jpoimboe: changed size to 19; massaged changelog ] Fixes: db2b0c5d ("objtool: Support pv_opsindirect calls for noinstr") Reported-by:
Adam Borowski <kilobyte@angband.pl> Reported-by:
Martin Liška <mliska@suse.cz> Signed-off-by:
Sergei Trofimovich <slyich@gmail.com> Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Upstream Status: RHEL-only SLS (Straight Line Speculation) can be enabled as the compiler do have support for that. However, it is default to n. With a future patch that adds and enable CONFIG_RETHUNK, it does mitigates any straight line speculation problem with the return instruction. So it is not enabled for now. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Conflicts: Merge conflict in arch/x86/lib/retpoline.S due to the presence of a later upstream commit d45476d9 ("x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE"). commit e463a09a Author: Peter Zijlstra <peterz@infradead.org> Date: Sat, 4 Dec 2021 14:43:44 +0100 x86: Add straight-line-speculation mitigation Make use of an upcoming GCC feature to mitigate straight-line-speculation for x86: https://gcc.gnu.org/g:53a643f8568067d7700a9f2facc8ba39974973d3 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102952 https://bugs.llvm.org/show_bug.cgi?id=52323 It's built tested on x86_64-allyesconfig using GCC-12 and GCC-11. Maintenance overhead of this should be fairly low due to objtool validation. Size overhead of all these additional int3 instructions comes to: text data bss dec hex filename 22267751 6933356 2011368 31212475 1dc43bb defconfig-build/vmlinux 22804126 6933356 1470696 31208178 1dc32f2 defconfig-build/vmlinux.sls Or roughly 2.4% additional text. Signed-off-by:
Borislav Petkov <bp@suse.de> Link: https://lore.kernel.org/r/20211204134908.140103474@infradead.org Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 26c44b77 Author: Peter Zijlstra <peterz@infradead.org> Date: Sat, 4 Dec 2021 14:43:43 +0100 x86/alternative: Relax text_poke_bp() constraint Currently, text_poke_bp() is very strict to only allow patching a single instruction; however with straight-line-speculation it will be required to patch: ret; int3, which is two instructions. As such, relax the constraints a little to allow int3 padding for all instructions that do not imply the execution of the next instruction, ie: RET, JMP.d8 and JMP.d32. While there, rename the text_poke_loc::rel32 field to ::disp. Note: this fills up the text_poke_loc structure which is now a round 16 bytes big. [ bp: Put comments ontop instead of on the side. ] Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 1cc1e4c8 Author: Peter Zijlstra <peterz@infradead.org> Date: Sat, 4 Dec 2021 14:43:42 +0100 objtool: Add straight-line-speculation validation Teach objtool to validate the straight-line-speculation constraints: - speculation trap after indirect calls - speculation trap after RET Notable: when an instruction is annotated RETPOLINE_SAFE, indicating speculation isn't a problem, also don't care about sls for that instruction. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Conflicts: Include an additional kvm_crash_shutdown() hunk for arch/x86/kernel/kvm.c to replace ret to ASM_RET in upstream merge commit a4cfff3f ("Merge branch 'kvm-older-features' into HEAD"). commit b17c2baa Author: Peter Zijlstra <peterz@infradead.org> Date: Sat, 4 Dec 2021 14:43:41 +0100 x86: Prepare inline-asm for straight-line-speculation Replace all ret/retq instructions with ASM_RET in preparation of making it more than a single instruction. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Conflicts: 1) Merge conflicts in arch/x86/xen/xen-asm.S due to missing upstream commit d7bfc7d5 ("x86/xen: Make irq_enable() noinstr") and commit 20125c87 ("x86/xen: Make save_fl() noinstr"). 2) The hunks for arch/x86/crypto/sm4-aesni-avx-asm_64.S and arch/x86/crypto/sm4-aesni-avx2-asm_64.S are dropped as RHEL9 doesn't have those. 3) Fuzz in arch/x86/lib/copy_user_64.S due to missing upstream commit acba44d2 ("x86/copy_user_64: Remove .fixup usage"). 4) Fuzzes in arch/x86/kernel/ftrace_64.S and arch/x86/kernel/irqflags.S. 5) Include a hunk in arch/x86/kernel/ftrace_64.S caught by running the script in the patch description. commit f94909ce Author: Peter Zijlstra <peterz@infradead.org> Date: Sat, 4 Dec 2021 14:43:40 +0100 x86: Prepare asm files for straight-line-speculation Replace all ret/retq instructions with RET in preparation of making RET a macro. Since AS is case insensitive it's a big no-op without RET defined. find arch/x86/ -name \*.S | while read file do sed -i 's/\<ret[q]*\>/RET/' $file done Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 33761363 Author: Youquan Song <youquan.song@intel.com> Date: Thu, 23 Dec 2021 12:07:01 -0800 x86/mce: Reduce number of machine checks taken during recovery When any of the copy functions in arch/x86/lib/copy_user_64.S take a fault, the fixup code copies the remaining byte count from %ecx to %edx and unconditionally jumps to .Lcopy_user_handle_tail to continue the copy in case any more bytes can be copied. If the fault was #PF this may copy more bytes (because the page fault handler might have fixed the fault). But when the fault is a machine check the original copy code will have copied all the way to the poisoned cache line. So .Lcopy_user_handle_tail will just take another machine check for no good reason. Every code path to .Lcopy_user_handle_tail comes from an exception fixup path, so add a check there to check the trap type (in %eax) and simply return the count of remaining bytes if the trap was a machine check. Doing this reduces the number of machine checks taken during synthetic tests from four to three. As well as reducing the number of machine checks, this also allows Skylake generation Xeons to recover some cases that currently fail. The is because REP; MOVSB is only recoverable when source and destination are well aligned and the byte count is large. That useless call to .Lcopy_user_handle_tail may violate one or more of these conditions and generate a fatal machine check. [ Tony: Add more details to commit message. ] [ bp: Fixup comment. Also, another tip patchset which is adding straight-line speculation mitigation changes the "ret" instruction to an all-caps macro "RET". But, since gas is case-insensitive, use "RET" in the newly added asm block already in order to simplify tip branch merging on its way upstream. ] Signed-off-by:
Youquan Song <youquan.song@intel.com> Signed-off-by:
Tony Luck <tony.luck@intel.com> Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 22da5a07 Author: Peter Zijlstra <peterz@infradead.org> Date: Sat, 4 Dec 2021 14:43:39 +0100 x86/lib/atomic64_386_32: Rename things Principally, in order to get rid of #define RET in this code to make place for a new RET, but also to clarify the code, rename a bunch of things: s/UNLOCK/IRQ_RESTORE/ s/LOCK/IRQ_SAVE/ s/BEGIN/BEGIN_IRQ_SAVE/ s/\<RET\>/RET_IRQ_RESTORE/ s/RET_ENDP/\tRET_IRQ_RESTORE\rENDP/ which then leaves RET unused so it can be removed. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 68cf4f2a Author: Peter Zijlstra <peterz@infradead.org> Date: Fri, 19 Nov 2021 17:50:25 +0100 x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds In order to further enable commit: bbe2df3f ("x86/alternative: Try inline spectre_v2=retpoline,amd") add the new GCC flag -mindirect-branch-cs-prefix: https://gcc.gnu.org/g:2196a681d7810ad8b227bf983f38ba716620545e https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102952 https://bugs.llvm.org/show_bug.cgi?id=52323 to RETPOLINE=y builds. This should allow fully inlining retpoline,amd for GCC builds. Signed-off-by:
Nick Desaulniers <ndesaulniers@google.com> Link: https://lkml.kernel.org/r/20211119165630.276205624@infradead.org Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit b2f825bf Author: Peter Zijlstra <peterz@infradead.org> Date: Fri, 19 Nov 2021 17:50:24 +0100 x86: Move RETPOLINE*_CFLAGS to arch Makefile Currently, RETPOLINE*_CFLAGS are defined in the top-level Makefile but only x86 makes use of them. Move them there. If ever another architecture finds the need, it can be reconsidered. [ bp: Massage a bit. ] Suggested-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Conflcits: Fuzz in arch/x86/xen/xen-asm.S due to missing upstream commit 09c41307 ("x86/xen: Make irq_disable() noinstr"). commit 5c8f6a2e Author: Lai Jiangshan <laijs@linux.alibaba.com> Date: Fri, 26 Nov 2021 18:11:23 +0800 x86/xen: Add xenpv_restore_regs_and_return_to_usermode() In the native case, PER_CPU_VAR(cpu_tss_rw + TSS_sp0) is the trampoline stack. But XEN pv doesn't use trampoline stack, so PER_CPU_VAR(cpu_tss_rw + TSS_sp0) is also the kernel stack. In that case, source and destination stacks are identical, which means that reusing swapgs_restore_regs_and_return_to_usermode() in XEN pv would cause %rsp to move up to the top of the kernel stack and leave the IRET frame below %rsp. This is dangerous as it can be corrupted if #NMI / #MC hit as either of these events occurring in the middle of the stack pushing would clobber data on the (original) stack. And, with XEN pv, swapgs_restore_regs_and_return_to_usermode() pushing the IRET frame on to the original address is useless and error-prone when there is any future attempt to modify the code. [ bp: Massage commit message. ] Fixes: 7f2590a1 ("x86/entry/64: Use a per-CPU trampoline stack for IDT entries") Signed-off-by:
Lai Jiangshan <laijs@linux.alibaba.com> Signed-off-by:
Boris Ostrovsky <boris.ostrovsky@oracle.com> Link: https://lkml.kernel.org/r/20211126101209.8613-4-jiangshanlai@gmail.com Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 1367afaa Author: Lai Jiangshan <laijs@linux.alibaba.com> Date: Fri, 26 Nov 2021 18:11:22 +0800 x86/entry: Use the correct fence macro after swapgs in kernel CR3 The commit c7589070 ("x86/entry/64: Remove unneeded kernel CR3 switching") removed a CR3 write in the faulting path of load_gs_index(). But the path's FENCE_SWAPGS_USER_ENTRY has no fence operation if PTI is enabled, see spectre_v1_select_mitigation(). Rather, it depended on the serializing CR3 write of SWITCH_TO_KERNEL_CR3 and since it got removed, add a FENCE_SWAPGS_KERNEL_ENTRY call to make sure speculation is blocked. [ bp: Massage commit message and comment. ] Fixes: c7589070 ("x86/entry/64: Remove unneeded kernel CR3 switching") Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit c07e4555 Author: Lai Jiangshan <laijs@linux.alibaba.com> Date: Fri, 26 Nov 2021 18:11:21 +0800 x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() Commit 18ec54fd ("x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations") added FENCE_SWAPGS_{KERNEL|USER}_ENTRY for conditional SWAPGS. In paranoid_entry(), it uses only FENCE_SWAPGS_KERNEL_ENTRY for both branches. This is because the fence is required for both cases since the CR3 write is conditional even when PTI is enabled. But 96b23714 ("x86/entry/64: Switch CR3 before SWAPGS in paranoid entry") changed the order of SWAPGS and the CR3 write. And it missed the needed FENCE_SWAPGS_KERNEL_ENTRY for the user gsbase case. Add it back by changing the branches so that FENCE_SWAPGS_KERNEL_ENTRY can cover both branches. [ bp: Massage, fix typos, remove obsolete comment while at it. ] Fixes: 96b23714 ("x86/entry/64: Switch CR3 before SWAPGS in paranoid entry") Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 988f0168 Author: Peter Zijlstra <peterz@infradead.org> Date: Thu, 2 Dec 2021 21:45:34 +0100 objtool: Fix pv_ops noinstr validation Boris reported that in one of his randconfig builds, objtool got infinitely stuck. Turns out there's trivial list corruption in the pv_ops tracking when a function is both in a static table and in a code assignment. Avoid re-adding function to the pv_ops[] lists when they're already on it. Fixes: db2b0c5d ("objtool: Support pv_opsindirect calls for noinstr") Reported-by:
Borislav Petkov <bp@alien8.de> Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 2105a927 Author: Peter Zijlstra <peterz@infradead.org> Date: Sat, 30 Oct 2021 09:47:58 +0200 static_call,x86: Robustify trampoline patching Add a few signature bytes after the static call trampoline and verify those bytes match before patching the trampoline. This avoids patching random other JMPs (such as CFI jump-table entries) instead. These bytes decode as: d: 53 push %rbx e: 43 54 rex.XB push %r12 And happen to spell "SCT". Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Conflicts: Merge conflict in the first hunk of arch/x86/xen/irq.c due to missing upstream commit 20125c87 ("x86/xen: Make save_fl() noinstr"), commit d7bfc7d5 ("x86/xen: Make irq_enable() noinstr") and commit 09c41307 ("x86/xen: Make irq_disable() noinstr"). commit e453f872 Author: Juergen Gross <jgross@suse.com> Date: Thu, 28 Oct 2021 09:27:48 +0200 x86/xen: switch initial pvops IRQ functions to dummy ones The initial pvops functions handling irq flags will only ever be called before interrupts are being enabled. So switch them to be dummy functions: - xen_save_fl() can always return 0 - xen_irq_disable() is a nop - xen_irq_enable() can BUG() Add some generic paravirt functions for that purpose. Signed-off-by:
Juergen Gross <jgross@suse.com> Acked-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Conflicts: X86_FEATURE_RETPOLINE_AMD is replaced by X86_FEATURE_RETPOLINE_LFENCE due to the presence of a later upstream commit d45476d9 ("x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE"). commit 87c87ecd Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:48 +0200 bpf,x86: Respect X86_FEATURE_RETPOLINE* Current BPF codegen doesn't respect X86_FEATURE_RETPOLINE* flags and unconditionally emits a thunk call, this is sub-optimal and doesn't match the regular, compiler generated, code. Update the i386 JIT to emit code equal to what the compiler emits for the regular kernel text (IOW. a plain THUNK call). Update the x86_64 JIT to emit code similar to the result of compiler and kernel rewrites as according to X86_FEATURE_RETPOLINE* flags. Inlining RETPOLINE_AMD (lfence; jmp *%reg) and !RETPOLINE (jmp *%reg), while doing a THUNK call for RETPOLINE. This removes the hard-coded retpoline thunks and shrinks the generated code. Leaving a single retpoline thunk definition in the kernel. Signed-off-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit d4b5a5c9 Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:45 +0200 x86/alternative: Add debug prints to apply_retpolines() Make sure we can see the text changes when booting with 'debug-alternative'. Example output: [ ] SMP alternatives: retpoline at: __traceiter_initcall_level+0x1f/0x30 (ffffffff8100066f) len: 5 to: __x86_indirect_thunk_rax+0x0/0x20 [ ] SMP alternatives: ffffffff82603e58: [2:5) optimized NOPs: ff d0 0f 1f 00 [ ] SMP alternatives: ffffffff8100066f: orig: e8 cc 30 00 01 [ ] SMP alternatives: ffffffff8100066f: repl: ff d0 0f 1f 00 Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Conflicts: X86_FEATURE_RETPOLINE_AMD is replaced by X86_FEATURE_RETPOLINE_LFENCE due to the presence of a later upstream commit d45476d9 ("x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE"). commit bbe2df3f Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:44 +0200 x86/alternative: Try inline spectre_v2=retpoline,amd Try and replace retpoline thunk calls with: LFENCE CALL *%\reg for spectre_v2=retpoline,amd. Specifically, the sequence above is 5 bytes for the low 8 registers, but 6 bytes for the high 8 registers. This means that unless the compilers prefix stuff the call with higher registers this replacement will fail. Luckily GCC strongly favours RAX for the indirect calls and most (95%+ for defconfig-x86_64) will be converted. OTOH clang strongly favours R11 and almost nothing gets converted. Note: it will also generate a correct replacement for the Jcc.d32 case, except unless the compilers start to prefix stuff that, it'll never fit. Specifically: Jncc.d8 1f LFENCE JMP *%\reg 1: is 7-8 bytes long, where the original instruction in unpadded form is only 6 bytes. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 2f0cbb2a Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:43 +0200 x86/alternative: Handle Jcc __x86_indirect_thunk_\reg Handle the rare cases where the compiler (clang) does an indirect conditional tail-call using: Jcc __x86_indirect_thunk_\reg For the !RETPOLINE case this can be rewritten to fit the original (6 byte) instruction like: Jncc.d8 1f JMP *%\reg NOP 1: Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 75085009 Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:42 +0200 x86/alternative: Implement .retpoline_sites support Rewrite retpoline thunk call sites to be indirect calls for spectre_v2=off. This ensures spectre_v2=off is as near to a RETPOLINE=n build as possible. This is the replacement for objtool writing alternative entries to ensure the same and achieves feature-parity with the previous approach. One noteworthy feature is that it relies on the thunks to be in machine order to compute the register index. Specifically, this does not yet address the Jcc __x86_indirect_thunk_* calls generated by clang, a future patch will add this. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 Conflicts: Merge conflict in arch/x86/lib/retpoline.S due to the presence of a later upstream commit d45476d9 ("x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE"). commit 1a6f7442 Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:41 +0200 x86/retpoline: Create a retpoline thunk array Stick all the retpolines in a single symbol and have the individual thunks as inner labels, this should guarantee thunk order and layout. Previously there were 16 (or rather 15 without rsp) separate symbols and a toolchain might reasonably expect it could displace them however it liked, with disregard for their relative position. However, now they're part of a larger symbol. Any change to their relative position would disrupt this larger _array symbol and thus not be sound. This is the same reasoning used for data symbols. On their own there is no guarantee about their relative position wrt to one aonther, but we're still able to do arrays because an array as a whole is a single larger symbol. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 6fda8a38 Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:40 +0200 x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h Because it makes no sense to split the retpoline gunk over multiple headers. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit b6d3d994 Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:39 +0200 x86/asm: Fixup odd GEN-for-each-reg.h usage Currently GEN-for-each-reg.h usage leaves GEN defined, relying on any subsequent usage to start with #undef, which is rude. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit a92ede2d Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:38 +0200 x86/asm: Fix register order Ensure the register order is correct; this allows for easy translation between register number and trampoline and vice-versa. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 4fe79e71 Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:37 +0200 x86/retpoline: Remove unused replacement symbols Now that objtool no longer creates alternatives, these replacement symbols are no longer needed, remove them. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 134ab5bd Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:36 +0200 objtool,x86: Replace alternatives with .retpoline_sites Instead of writing complete alternatives, simply provide a list of all the retpoline thunk calls. Then the kernel is free to do with them as it pleases. Simpler code all-round. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit c509331b Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:35 +0200 objtool: Shrink struct instruction Any one instruction can only ever call a single function, therefore insn->mcount_loc_node is superfluous and can use insn->call_node. This shrinks struct instruction, which is by far the most numerous structure objtool creates. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit dd003ede Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:34 +0200 objtool: Explicitly avoid self modifying code in .altinstr_replacement Assume ALTERNATIVE()s know what they're doing and do not change, or cause to change, instructions in .altinstr_replacement sections. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 1739c66e Author: Peter Zijlstra <peterz@infradead.org> Date: Tue, 26 Oct 2021 14:01:33 +0200 objtool: Classify symbols In order to avoid calling str*cmp() on symbol names, over and over, do them all once upfront and store the result. Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 4d8b3596 Author: Josh Poimboeuf <jpoimboe@kernel.org> Date: Mon, 4 Oct 2021 10:07:50 -0700 objtool: Remove reloc symbol type checks in get_alt_entry() Converting a special section's relocation reference to a symbol is straightforward. No need for objtool to complain that it doesn't know how to handle it. Just handle it. This fixes the following warning: arch/x86/kvm/emulate.o: warning: objtool: __ex_table+0x4: don't know how to handle reloc symbol type: kvm_fastop_exception Fixes: 24ff6525 ("objtool: Teach get_alt_entry() about more relocation types") Reported-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 7fab1c12 Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Sun, 3 Oct 2021 13:45:48 -0700 objtool: print out the symbol type when complaining about it The objtool warning that the kvm instruction emulation code triggered wasn't very useful: arch/x86/kvm/emulate.o: warning: objtool: __ex_table+0x4: don't know how to handle reloc symbol type: kvm_fastop_exception in that it helpfully tells you which symbol name it had trouble figuring out the relocation for, but it doesn't actually say what the unknown symbol type was that triggered it all. In this case it was because of missing type information (type 0, aka STT_NOTYPE), but on the whole it really should just have printed that out as part of the message. Because if this warning triggers, that's very much the first thing you want to know - why did reloc2sec_off() return failure for that symbol? So rather than just saying you can't handle some type of symbol without saying what the type _was_, just print out the type number too. Fixes: 24ff6525 ("objtool: Teach get_alt_entry() about more relocation types") Link: https://lore.kernel.org/lkml/CAHk-=wiZwq-0LknKhXN4M+T8jbxn_2i9mcKpO+OaBSSq_Eh7tg@mail.gmail.com/ Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 24ff6525 Author: Peter Zijlstra <peterz@infradead.org> Date: Thu, 30 Sep 2021 12:43:10 +0200 objtool: Teach get_alt_entry() about more relocation types Occasionally objtool encounters symbol (as opposed to section) relocations in .altinstructions. Typically they are the alternatives written by elf_add_alternative() as encountered on a noinstr validation run on vmlinux after having already ran objtool on the individual .o files. Basically this is the counterpart of commit 44f6a7c0 ("objtool: Fix seg fault with Clang non-section symbols"), because when these new assemblers (binutils now also does this) strip the section symbols, elf_add_reloc_to_insn() is forced to emit symbol based relocations. As such, teach get_alt_entry() about different relocation types. Fixes: 9bc0bb50 ("objtool/x86: Rewrite retpoline thunk calls") Reported-by:
Stephen Rothwell <sfr@canb.auug.org.au> Reported-by:
Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/r/YVWUvknIEVNkPvnP@hirez.programming.kicks-ass.net Signed-off-by:
-
Waiman Long authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2090231 commit 90a35349 Author: Masahiro Yamada <masahiroy@kernel.org> Date: Tue, 31 Aug 2021 16:39:57 +0900 kbuild: reuse $(cmd_objtool) for cmd_cc_lto_link_modules For CONFIG_LTO_CLANG=y, the objtool processing is not possible at the compilation, hence postponed by the link time. Reuse $(cmd_objtool) for CONFIG_LTO_CLANG=y by defining objtool-enabled properly. For CONFIG_LTO_CLANG=y: objtool-enabled is off for %.o compilation objtool-enabled is on for %.lto link For CONFIG_LTO_CLANG=n: objtool-enabled is on for %.o compilation (but, it depends on OBJECT_FILE_NON_STANDARD) Set part-of-module := y for %.lto.o to avoid repeating --module. Signed-off-by:
Masahiro Yamada <masahiroy@kernel.org> Reviewed-by:
-
