Re: [bisected] Kernel v6.9-rc3 fails to boot on a Thinkpad T60 with MITIGATION_RETHUNK=y (regression from v6.8.5)

[Borislav Petkov]

On Sun, Apr 14, 2024 at 10:36:26AM +0200, Borislav Petkov wrote:
> Am looking at the whole thing. Stay tuned...

Something like this, I guess...

Execution goes off somewhere into the weeds during alternatives patching
of the return thunk while it tries to warn about it in the alternatives
code itself and it all ends up in an endless INT3 exceptions due to our
speculation blockers everywhere...

I could chase it as to why exactly but the warning is there for all
those mitigations which need a special return thunk and 32-bit doesn't
need them (and at least the AMD untraining sequences are 64-bit only
so...).

IOW:

diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S
index e674ccf720b9..391059b2c6fb 100644
--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -382,8 +382,15 @@ SYM_FUNC_END(call_depth_return_thunk)
 SYM_CODE_START(__x86_return_thunk)
 	UNWIND_HINT_FUNC
 	ANNOTATE_NOENDBR
+#if defined(CONFIG_MITIGATION_UNRET_ENTRY) || \
+    defined(CONFIG_MITIGATION_SRSO) || \
+    defined(CONFIG_MITIGATION_CALL_DEPTH_TRACKING)
 	ALTERNATIVE __stringify(ANNOTATE_UNRET_SAFE; ret), \
 		   "jmp warn_thunk_thunk", X86_FEATURE_ALWAYS
+#else
+	ANNOTATE_UNRET_SAFE
+	ret
+#endif
 	int3
 SYM_CODE_END(__x86_return_thunk)
 EXPORT_SYMBOL(__x86_return_thunk)

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette