On Thu, Jan 11, 2018 at 04:55:18PM +0000, David Woodhouse wrote:
> On Thu, 2018-01-11 at 10:48 -0600, Josh Poimboeuf wrote:
> >
> > The above macro is protected by '#ifdef RETPOLINE', and I seriously
> > doubt 0-day is testing with an unreleased version of GCC. So you
> > shouldn't see a 0-day warning.
>
> It's actually #ifdef CONFIG_RETPOLINE isn't it?
>
> If you enable CONFIG_RETPOLINE but don't have a new compiler, you still
> get all the asm thunks (which are the easy-to-attack targets). Only if
> you have a new compiler is RETPOLINE also set.
#if defined(CONFIG_X86_64) && defined(RETPOLINE)
#define ANNOTATE_NOSPEC_ALTERNATIVE \
".Lannotate_%=:\n\t" \
".pushsection .discard.nospec\n\t" \
".long .Lannotate_%= - .\n\t" \
".popsection\n\t"
/*
* Since the inline asm uses the %V modifier which is only in newer GCC,
* the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE.
*/
# define CALL_NOSPEC \
...
> Also, the RSB stuffing we're looking at here is also needed for the
> IBRS-based mitigation, so won't even be under CONFIG_RETPOLINE by the
> time the IBRS patch set is beaten into shape on top. It'll probably be
> unconditional unless we get a CONFIG_IBRS_SUPPORT (which hasn't been
> suggested so far).
True. Maybe try changing the above to CONFIG_RETPOLINE and see if 0-day
complains.
> > I think I heard that retpolines won't be ported to anything older than
> > GCC 4.9, so maybe it's safe to use '%='. I don't remember when it was
> > introduced into GCC though.
>
> Hm. Peter? This is all your fault, right? Did you know you were making
> us ditch compatibility for older GCC?
>
> Precisely when *did* %= get added to GCC?
I'm still scratching my head about this one. From what I can tell, even
4.4 has it. I can't find any notes or old 0-day warnings which would
tell me, but I remember running into the problem multiple times, so I'm
pretty sure I'm not hallucinating.
> Note that we can also just resort to using .macro even from inline asm.
> It just takes a rather icky asm(".include ..."). :)
Ew :-)
--
Josh
