[PATCH 1/3] Revert "x86/retpoline: Remove .text..__x86.return_thunk section"

From: David Kaplan
Date: Tue Oct 10 2023 - 13:10:48 EST

Next message: David Kaplan: "[PATCH 3/3] x86/retpoline: Ensure default return thunk isn't used at runtime"
Previous message: Rob Herring: "Re: [PATCH 1/5] media: dt-bindings: media: imx335: Add supply bindings"
In reply to: David Kaplan: "[PATCH 0/3] Ensure default return thunk isn't used at runtime"
Next in thread: Peter Zijlstra: "Re: [PATCH 1/3] Revert "x86/retpoline: Remove .text..__x86.return_thunk section""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This reverts commit e92626af3234708fe30f53b269d210d202b95206.

This commit broke patching of the return thunk jmp in the retpoline
sequence.

Before (broken sequence):

objdump -d -r arch/x86/lib/retpoline.o:
0000000000000000 <__x86_indirect_thunk_array>:
...
a: e9 d1 02 00 00 jmpq 2e0 <__x86_return_thunk>

live disassembly at runtime:
0xffffffff81d12a8a <+10>: jmpq 0xffffffff81d12d60
<__x86_return_thunk>

This jmp to the default return thunk should not happen after alternatives
patching.

After reverting this:

objdump -d -r arch/x86/lib/retpoline.o:
0000000000000000 <__x86_indirect_thunk_array>:
...
a: e9 00 00 00 00 jmpq f <__x86_indirect_thunk_array+0xf>
b: R_X86_64_PLT32 __x86_return_thunk-0x4

live disassembly at runtime:
0xffffffff81d12a8a <+10>: jmpq 0xffffffff81f0410b
<srso_alias_return_thunk>

This is correct as the jmp is written to the correct return sequence.

objtool (add_jump_destinations()) only recognizes return thunk jmps that have
relocation entries, which will not occur if the return thunk is in the
same section as the indirect thunks.

Signed-off-by: David Kaplan <david.kaplan@xxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
---
arch/x86/kernel/vmlinux.lds.S | 3 +++
arch/x86/lib/retpoline.S | 2 ++
2 files changed, 5 insertions(+)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 9cdb1a7332c4..54a5596adaa6 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -132,7 +132,10 @@ SECTIONS
LOCK_TEXT
KPROBES_TEXT
SOFTIRQENTRY_TEXT
+#ifdef CONFIG_RETPOLINE
*(.text..__x86.indirect_thunk)
+ *(.text..__x86.return_thunk)
+#endif
STATIC_CALL_TEXT

ALIGN_ENTRY_TEXT_BEGIN
diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S
index db813113e637..3da768a71cf9 100644
--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -129,6 +129,8 @@ SYM_CODE_END(__x86_indirect_jump_thunk_array)

#ifdef CONFIG_RETHUNK

+ .section .text..__x86.return_thunk
+
#ifdef CONFIG_CPU_SRSO

/*
--
2.25.1

Next message: David Kaplan: "[PATCH 3/3] x86/retpoline: Ensure default return thunk isn't used at runtime"
Previous message: Rob Herring: "Re: [PATCH 1/5] media: dt-bindings: media: imx335: Add supply bindings"
In reply to: David Kaplan: "[PATCH 0/3] Ensure default return thunk isn't used at runtime"
Next in thread: Peter Zijlstra: "Re: [PATCH 1/3] Revert "x86/retpoline: Remove .text..__x86.return_thunk section""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]