This is a mitigation for the 'variant 2' attack described in https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Using GCC patches available from the gcc-7_2_0-retpoline branch of http://git.infradead.org/users/dwmw2/gcc-retpoline.git and by manually patching assembler code, all vulnerable indirect branches (that occur after userspace first runs) are eliminated from the kernel. They are replaced with a 'retpoline' call sequence which deliberately prevents speculation. v1: Initial post. v2: Add CONFIG_RETPOLINE to build kernel without it. Change warning messages. Hide modpost warning message v3: Update to the latest CET-capable retpoline version Reinstate ALTERNATIVE support v4: Finish reconciling Andi's and my patch sets, bug fixes. Exclude objtool support for now Add 'noretpoline' boot option Add AMD retpoline alternative v5: Silence MODVERSIONS warnings Use pause;jmp loop instead of lfence;jmp Switch to X86_FEATURE_RETPOLINE positive feature logic Emit thunks inline from assembler macros Merge AMD support into initial patch Andi Kleen (4): x86/retpoline/irq32: Convert assembler indirect jumps x86/retpoline: Add boot time option to disable retpoline x86/retpoline: Exclude objtool with retpoline retpoline/modpost: Quieten MODVERSION retpoline build David Woodhouse (8): x86/spectre: Add X86_BUG_SPECTRE_V[12] x86/retpoline: Add initial retpoline support x86/retpoline/crypto: Convert crypto assembler indirect jumps x86/retpoline/entry: Convert entry assembler indirect jumps x86/retpoline/ftrace: Convert ftrace assembler indirect jumps x86/retpoline/hyperv: Convert assembler indirect jumps x86/retpoline/xen: Convert Xen hypercall indirect jumps x86/retpoline/checksum32: Convert assembler indirect jumps Documentation/admin-guide/kernel-parameters.txt | 3 + arch/x86/Kconfig | 17 ++++- arch/x86/Kconfig.debug | 6 +- arch/x86/Makefile | 10 +++ arch/x86/crypto/aesni-intel_asm.S | 5 +- arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 +- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 +- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +- arch/x86/entry/entry_32.S | 5 +- arch/x86/entry/entry_64.S | 12 +++- arch/x86/include/asm/cpufeatures.h | 4 ++ arch/x86/include/asm/mshyperv.h | 18 ++--- arch/x86/include/asm/nospec-branch.h | 91 +++++++++++++++++++++++++ arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/cpu/common.c | 8 +++ arch/x86/kernel/cpu/intel.c | 11 +++ arch/x86/kernel/ftrace_32.S | 6 +- arch/x86/kernel/ftrace_64.S | 8 +-- arch/x86/kernel/irq_32.c | 9 +-- arch/x86/lib/Makefile | 1 + arch/x86/lib/checksum_32.S | 7 +- arch/x86/lib/retpoline.S | 30 ++++++++ scripts/mod/modpost.c | 6 +- 23 files changed, 231 insertions(+), 40 deletions(-) create mode 100644 arch/x86/include/asm/nospec-branch.h create mode 100644 arch/x86/lib/retpoline.S -- 2.7.4
