Re: [PATCH v5 02/12] x86/retpoline: Add initial retpoline support
From: Eric Biggers
Date: Sat Jan 06 2018 - 13:35:51 EST
On Sat, Jan 06, 2018 at 11:49:24AM +0000, David Woodhouse wrote:
> +/*
> + * NOSPEC_JMP and NOSPEC_CALL macros can be used instead of a simple
> + * indirect jmp/call which may be susceptible to the Spectre variant 2
> + * attack.
> + */
Can be, or must be?
> +.macro NOSPEC_JMP reg:req
> +#ifdef CONFIG_RETPOLINE
> + ALTERNATIVE_2 __stringify(jmp *\reg), \
> + __stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE, \
> + __stringify(lfence; jmp *\reg), X86_FEATURE_RETPOLINE_AMD
> +#else
> + jmp *\reg
> +#endif
> +.endm
> +
> +.macro NOSPEC_CALL reg:req
> +#ifdef CONFIG_RETPOLINE
> + ALTERNATIVE_2 __stringify(call *\reg), \
> + __stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\
> + __stringify(lfence; call *\reg), X86_FEATURE_RETPOLINE_AMD
> +#else
> + call *\reg
> +#endif
> +.endm
Would it make any sense to name these INDIRECT_JMP and INDIRECT_CALL instead?
NOSPEC_ seems to describe how it needs to be implemented on some CPUs, as
opposed to what the user wants to do (make an indirect jump or call).
Eric