This is a fix for the 'variant 2' attack described in https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Using GCC patches available from the gcc-7_2_0-retpoline branch of http://git.infradead.org/users/dwmw2/gcc-retpoline.git and by manually patching assembler code, all indirect branches (that occur after userspace first runs) are eliminated from the kernel. They are replaced with a 'retpoline' call sequence which deliberately prevents speculation. Now that the thunks are exported, we need to fix MODVERSIONS support, because genksyms can't generate the crc for the symbols. Still working on that... v1: Initial post. v2: Add CONFIG_RETPOLINE to build kernel without it. Change warning messages. Hide modpost warning message v3: Update to the latest CET-capable retpoline version Reinstate ALTERNATIVE support v4: Finish reconciling Andi's and my patch sets, bug fixes. Exclude objtool support for now Add 'noretpoline' boot option Add AMD retpoline alternative Andi Kleen (4): x86/retpoline/irq32: Convert assembler indirect jumps retpoline/taint: Taint kernel for missing retpoline in compiler x86/retpoline: Add boot time option to disable retpoline x86/retpoline: Exclude objtool with retpoline David Woodhouse (9): x86/retpoline: Add initial retpoline support x86/retpoline/crypto: Convert crypto assembler indirect jumps x86/retpoline/entry: Convert entry assembler indirect jumps x86/retpoline/ftrace: Convert ftrace assembler indirect jumps x86/retpoline/hyperv: Convert assembler indirect jumps x86/retpoline/xen: Convert Xen hypercall indirect jumps x86/retpoline/checksum32: Convert assembler indirect jumps x86/alternatives: Add missing \n at end of ALTERNATIVE inline asm x86/retpoline: Simplify AMD variant of retpoline thunk Documentation/admin-guide/kernel-parameters.txt | 3 ++ Documentation/admin-guide/tainted-kernels.rst | 3 ++ arch/x86/Kconfig | 17 +++++++- arch/x86/Kconfig.debug | 6 +-- arch/x86/Makefile | 10 +++++ arch/x86/crypto/aesni-intel_asm.S | 5 ++- arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 +- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 +- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 4 +- arch/x86/entry/entry_32.S | 5 ++- arch/x86/entry/entry_64.S | 22 ++++++++-- arch/x86/include/asm/alternative.h | 4 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/mshyperv.h | 18 ++++---- arch/x86/include/asm/nospec-branch.h | 58 +++++++++++++++++++++++++ arch/x86/include/asm/xen/hypercall.h | 5 ++- arch/x86/kernel/cpu/intel.c | 10 +++++ arch/x86/kernel/ftrace_32.S | 6 ++- arch/x86/kernel/ftrace_64.S | 8 ++-- arch/x86/kernel/irq_32.c | 9 ++-- arch/x86/kernel/setup.c | 6 +++ arch/x86/lib/Makefile | 1 + arch/x86/lib/checksum_32.S | 7 +-- arch/x86/lib/retpoline.S | 53 ++++++++++++++++++++++ include/linux/kernel.h | 4 +- kernel/module.c | 11 ++++- kernel/panic.c | 1 + scripts/mod/modpost.c | 9 ++++ 28 files changed, 250 insertions(+), 42 deletions(-) create mode 100644 arch/x86/include/asm/nospec-branch.h create mode 100644 arch/x86/lib/retpoline.S -- 2.7.4
