[PATCH 4.14 126/140] x86/speculation, objtool: Annotate indirect calls/jumps for objtool

[Greg Kroah-Hartman]

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Peter Zijlstra 

commit 9e0e3c5130e949c389caabc8033e9799b129e429 upstream.

Annotate the indirect calls/jumps in the CALL_NOSPEC/JUMP_NOSPEC
alternatives.

Signed-off-by: Peter Zijlstra (Intel) 
Reviewed-by: David Woodhouse 
Acked-by: Thomas Gleixner 
Acked-by: Josh Poimboeuf 
Cc: Andy Lutomirski 
Cc: Arjan van de Ven 
Cc: Borislav Petkov 
Cc: Dan Williams 
Cc: Dave Hansen 
Cc: David Woodhouse 
Cc: Greg Kroah-Hartman 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Signed-off-by: Ingo Molnar 
Signed-off-by: Greg Kroah-Hartman 

---
 arch/x86/include/asm/nospec-branch.h |   27 +++
 1 file changed, 23 insertions(+), 4 deletions(-)

--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -68,6 +68,18 @@
 .endm
 
 /*
+ * This should be used immediately before an indirect jump/call. It tells
+ * objtool the subsequent indirect jump/call is vouched safe for retpoline
+ * builds.
+ */
+.macro ANNOTATE_RETPOLINE_SAFE
+   .Lannotate_\@:
+   .pushsection .discard.retpoline_safe
+   _ASM_PTR .Lannotate_\@
+   .popsection
+.endm
+
+/*
  * These are the bare retpoline primitives for indirect jmp and call.
  * Do not use these directly; they only exist to make the ALTERNATIVE
  * invocation below less ugly.
@@ -103,9 +115,9 @@
 .macro JMP_NOSPEC reg:req
 #ifdef CONFIG_RETPOLINE
ANNOTATE_NOSPEC_ALTERNATIVE
-   ALTERNATIVE_2 __stringify(jmp *\reg),   \
+   ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; jmp *\reg),  \
__stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE, \
-   __stringify(lfence; jmp *\reg), X86_FEATURE_RETPOLINE_AMD
+   __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *\reg), 
X86_FEATURE_RETPOLINE_AMD
 #else
jmp *\reg
 #endif
@@ -114,9 +126,9 @@
 .macro CALL_NOSPEC reg:req
 #ifdef CONFIG_RETPOLINE
ANNOTATE_NOSPEC_ALTERNATIVE
-   ALTERNATIVE_2 __stringify(call *\reg),  \
+   ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; call *\reg), \
__stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\
-   __stringify(lfence; call *\reg), X86_FEATURE_RETPOLINE_AMD
+   __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; call *\reg), 
X86_FEATURE_RETPOLINE_AMD
 #else
call*\reg
 #endif
@@ -144,6 +156,12 @@
".long 999b - .\n\t"\
".popsection\n\t"
 
+#define ANNOTATE_RETPOLINE_SAFE\
+   "999:\n\t"  \
+   ".pushsection .discard.retpoline_safe\n\t"  \
+   _ASM_PTR " 999b\n\t"\
+   ".popsection\n\t"
+
 #if defined(CONFIG_X86_64) && defined(RETPOLINE)
 
 /*
@@ -153,6 +171,7 @@
 # define CALL_NOSPEC   \
ANNOTATE_NOSPEC_ALTERNATIVE \
ALTERNATIVE(\
+   ANNOTATE_RETPOLINE_SAFE \
"call *%[thunk_target]\n",  \
"call __x86_indirect_thunk_%V[thunk_target]\n", \
X86_FEATURE_RETPOLINE)

[PATCH 4.14 126/140] x86/speculation, objtool: Annotate indirect calls/jumps for objtool

[Greg Kroah-Hartman]

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Peter Zijlstra 

commit 9e0e3c5130e949c389caabc8033e9799b129e429 upstream.

Annotate the indirect calls/jumps in the CALL_NOSPEC/JUMP_NOSPEC
alternatives.

Signed-off-by: Peter Zijlstra (Intel) 
Reviewed-by: David Woodhouse 
Acked-by: Thomas Gleixner 
Acked-by: Josh Poimboeuf 
Cc: Andy Lutomirski 
Cc: Arjan van de Ven 
Cc: Borislav Petkov 
Cc: Dan Williams 
Cc: Dave Hansen 
Cc: David Woodhouse 
Cc: Greg Kroah-Hartman 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Signed-off-by: Ingo Molnar 
Signed-off-by: Greg Kroah-Hartman 

---
 arch/x86/include/asm/nospec-branch.h |   27 +++
 1 file changed, 23 insertions(+), 4 deletions(-)

--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -68,6 +68,18 @@
 .endm
 
 /*
+ * This should be used immediately before an indirect jump/call. It tells
+ * objtool the subsequent indirect jump/call is vouched safe for retpoline
+ * builds.
+ */
+.macro ANNOTATE_RETPOLINE_SAFE
+   .Lannotate_\@:
+   .pushsection .discard.retpoline_safe
+   _ASM_PTR .Lannotate_\@
+   .popsection
+.endm
+
+/*
  * These are the bare retpoline primitives for indirect jmp and call.
  * Do not use these directly; they only exist to make the ALTERNATIVE
  * invocation below less ugly.
@@ -103,9 +115,9 @@
 .macro JMP_NOSPEC reg:req
 #ifdef CONFIG_RETPOLINE
ANNOTATE_NOSPEC_ALTERNATIVE
-   ALTERNATIVE_2 __stringify(jmp *\reg),   \
+   ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; jmp *\reg),  \
__stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE, \
-   __stringify(lfence; jmp *\reg), X86_FEATURE_RETPOLINE_AMD
+   __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *\reg), 
X86_FEATURE_RETPOLINE_AMD
 #else
jmp *\reg
 #endif
@@ -114,9 +126,9 @@
 .macro CALL_NOSPEC reg:req
 #ifdef CONFIG_RETPOLINE
ANNOTATE_NOSPEC_ALTERNATIVE
-   ALTERNATIVE_2 __stringify(call *\reg),  \
+   ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; call *\reg), \
__stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\
-   __stringify(lfence; call *\reg), X86_FEATURE_RETPOLINE_AMD
+   __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; call *\reg), 
X86_FEATURE_RETPOLINE_AMD
 #else
call*\reg
 #endif
@@ -144,6 +156,12 @@
".long 999b - .\n\t"\
".popsection\n\t"
 
+#define ANNOTATE_RETPOLINE_SAFE\
+   "999:\n\t"  \
+   ".pushsection .discard.retpoline_safe\n\t"  \
+   _ASM_PTR " 999b\n\t"\
+   ".popsection\n\t"
+
 #if defined(CONFIG_X86_64) && defined(RETPOLINE)
 
 /*
@@ -153,6 +171,7 @@
 # define CALL_NOSPEC   \
ANNOTATE_NOSPEC_ALTERNATIVE \
ALTERNATIVE(\
+   ANNOTATE_RETPOLINE_SAFE \
"call *%[thunk_target]\n",  \
"call __x86_indirect_thunk_%V[thunk_target]\n", \
X86_FEATURE_RETPOLINE)