Commit 9bb2ec60 authored by Peter Zijlstra's avatar Peter Zijlstra Committed by Borislav Petkov
Browse files

objtool: Update Retpoline validation 



Update retpoline validation with the new CONFIG_RETPOLINE requirement of
not having bare naked RET instructions.

Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
parent bf5835bc

arch/x86/include/asm/nospec-branch.h

+6 −0
Original line number Diff line number Diff line
@@ -75,6 +75,12 @@ 
	.popsection

.endm



/*

 * (ab)use RETPOLINE_SAFE on RET to annotate away 'bare' RET instructions

 * vs RETBleed validation.

 */

#define ANNOTATE_UNRET_SAFE ANNOTATE_RETPOLINE_SAFE



/*

 * JMP_NOSPEC and CALL_NOSPEC macros can be used instead of a simple

 * indirect jmp/call which may be susceptible to the Spectre variant 2

arch/x86/mm/mem_encrypt_boot.S

+2 −0
Original line number Diff line number Diff line
@@ -66,6 +66,7 @@ SYM_FUNC_START(sme_encrypt_execute) 
	pop	%rbp



	/* Offset to __x86_return_thunk would be wrong here */

	ANNOTATE_UNRET_SAFE

	ret

	int3

SYM_FUNC_END(sme_encrypt_execute)
@@ -154,6 +155,7 @@ SYM_FUNC_START(__enc_copy) 
	pop	%r15



	/* Offset to __x86_return_thunk would be wrong here */

	ANNOTATE_UNRET_SAFE

	ret

	int3

.L__enc_copy_end:

arch/x86/xen/xen-head.S

+1 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ SYM_CODE_START(hypercall_page) 
	.rept (PAGE_SIZE / 32)

		UNWIND_HINT_FUNC

		ANNOTATE_NOENDBR

		ANNOTATE_UNRET_SAFE

		ret

		/*

		 * Xen will write the hypercall page, and sort out ENDBR.

tools/objtool/check.c

+13 −6
Original line number Diff line number Diff line
@@ -2115,8 +2115,9 @@ static int read_retpoline_hints(struct objtool_file *file) 
		}



		if (insn->type != INSN_JUMP_DYNAMIC &&

		    insn->type != INSN_CALL_DYNAMIC) {

			WARN_FUNC("retpoline_safe hint not an indirect jump/call",

		    insn->type != INSN_CALL_DYNAMIC &&

		    insn->type != INSN_RETURN) {

			WARN_FUNC("retpoline_safe hint not an indirect jump/call/ret",

				  insn->sec, insn->offset);

			return -1;

		}
@@ -3526,7 +3527,8 @@ static int validate_retpoline(struct objtool_file *file) 


	for_each_insn(file, insn) {

		if (insn->type != INSN_JUMP_DYNAMIC &&

		    insn->type != INSN_CALL_DYNAMIC)

		    insn->type != INSN_CALL_DYNAMIC &&

		    insn->type != INSN_RETURN)

			continue;



		if (insn->retpoline_safe)
@@ -3541,9 +3543,14 @@ static int validate_retpoline(struct objtool_file *file) 
		if (!strcmp(insn->sec->name, ".init.text") && !opts.module)

			continue;



		if (insn->type == INSN_RETURN) {

			WARN_FUNC("'naked' return found in RETPOLINE build",

				  insn->sec, insn->offset);

		} else {

			WARN_FUNC("indirect %s found in RETPOLINE build",

				  insn->sec, insn->offset,

				  insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call");

		}



		warnings++;

	}