[PATCH 5.15 14/78] x86/retpoline: Create a retpoline thunk array

From: Greg Kroah-Hartman
Date: Tue Jul 12 2022 - 15:03:02 EST

From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>

commit 1a6f74429c42a3854980359a758e222005712aee upstream.

Stick all the retpolines in a single symbol and have the individual
thunks as inner labels, this should guarantee thunk order and layout.

Previously there were 16 (or rather 15 without rsp) separate symbols and
a toolchain might reasonably expect it could displace them however it
liked, with disregard for their relative position.

However, now they're part of a larger symbol. Any change to their
relative position would disrupt this larger _array symbol and thus not
be sound.

This is the same reasoning used for data symbols. On their own there
is no guarantee about their relative position wrt to one aonther, but
we're still able to do arrays because an array as a whole is a single
larger symbol.

Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Reviewed-by: Borislav Petkov <bp@xxxxxxx>
Acked-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Tested-by: Alexei Starovoitov <ast@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20211026120310.169659320@xxxxxxxxxxxxx
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
arch/x86/include/asm/nospec-branch.h | 8 +++++++-
arch/x86/lib/retpoline.S | 14 +++++++++-----
2 files changed, 16 insertions(+), 6 deletions(-)

--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -12,6 +12,8 @@
#include <asm/msr-index.h>
#include <asm/unwind_hints.h>

* Fill the CPU return stack buffer.
@@ -120,11 +122,15 @@


+typedef u8 retpoline_thunk_t[RETPOLINE_THUNK_SIZE];
#define GEN(reg) \
- extern asmlinkage void __x86_indirect_thunk_ ## reg (void);
+ extern retpoline_thunk_t __x86_indirect_thunk_ ## reg;
#include <asm/GEN-for-each-reg.h>
#undef GEN

+extern retpoline_thunk_t __x86_indirect_thunk_array[];
#ifdef CONFIG_X86_64

--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -28,16 +28,14 @@

.macro THUNK reg

- .align 32
+SYM_INNER_LABEL(__x86_indirect_thunk_\reg, SYM_L_GLOBAL)

ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; jmp *%\reg), \
__stringify(RETPOLINE \reg), X86_FEATURE_RETPOLINE, \
__stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *%\reg; int3), X86_FEATURE_RETPOLINE_LFENCE


@@ -55,10 +53,16 @@ SYM_FUNC_END(__x86_indirect_thunk_\reg)
#define EXPORT_THUNK(reg) __EXPORT_THUNK(__x86_indirect_thunk_ ## reg)

#define GEN(reg) THUNK reg
#include <asm/GEN-for-each-reg.h>
#undef GEN

#define GEN(reg) EXPORT_THUNK(reg)
#include <asm/GEN-for-each-reg.h>
#undef GEN