Merge branch 'x86/pti' into x86/mm, to pick up dependencies
authorIngo Molnar <mingo@kernel.org>
Mon, 12 Mar 2018 11:10:03 +0000 (12:10 +0100)
committerIngo Molnar <mingo@kernel.org>
Mon, 12 Mar 2018 11:10:03 +0000 (12:10 +0100)
Signed-off-by: Ingo Molnar <mingo@kernel.org>
12 files changed:
1  2 
Makefile
arch/x86/Kconfig
arch/x86/entry/entry_64.S
arch/x86/include/asm/nospec-branch.h
arch/x86/include/asm/paravirt.h
arch/x86/include/asm/pgtable.h
arch/x86/include/asm/pgtable_32.h
arch/x86/include/asm/pgtable_64.h
arch/x86/kernel/head_64.S
arch/x86/kernel/setup.c
arch/x86/mm/fault.c
include/linux/compiler-gcc.h

diff --cc Makefile
Simple merge
Simple merge
Simple merge
index 81a1be3265711acea06a2538b6b1fdd332b0ab19,b7063cfa19f97f763f3b45cd8050e41cdf69f0a9..d0dabeae05059883844ae2228af62c27885cdbfa
@@@ -163,55 -238,41 +238,78 @@@ static inline void vmexit_fill_RSB(void
  #endif
  }
  
+ #define alternative_msr_write(_msr, _val, _feature)           \
+       asm volatile(ALTERNATIVE("",                            \
+                                "movl %[msr], %%ecx\n\t"       \
+                                "movl %[val], %%eax\n\t"       \
+                                "movl $0, %%edx\n\t"           \
+                                "wrmsr",                       \
+                                _feature)                      \
+                    : : [msr] "i" (_msr), [val] "i" (_val)     \
+                    : "eax", "ecx", "edx", "memory")
  static inline void indirect_branch_prediction_barrier(void)
  {
-       asm volatile(ALTERNATIVE("",
-                                "movl %[msr], %%ecx\n\t"
-                                "movl %[val], %%eax\n\t"
-                                "movl $0, %%edx\n\t"
-                                "wrmsr",
-                                X86_FEATURE_USE_IBPB)
-                    : : [msr] "i" (MSR_IA32_PRED_CMD),
-                        [val] "i" (PRED_CMD_IBPB)
-                    : "eax", "ecx", "edx", "memory");
+       alternative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB,
+                             X86_FEATURE_USE_IBPB);
  }
  
+ /*
+  * With retpoline, we must use IBRS to restrict branch prediction
+  * before calling into firmware.
+  *
+  * (Implemented as CPP macros due to header hell.)
+  */
+ #define firmware_restrict_branch_speculation_start()                  \
+ do {                                                                  \
+       preempt_disable();                                              \
+       alternative_msr_write(MSR_IA32_SPEC_CTRL, SPEC_CTRL_IBRS,       \
+                             X86_FEATURE_USE_IBRS_FW);                 \
+ } while (0)
+ #define firmware_restrict_branch_speculation_end()                    \
+ do {                                                                  \
+       alternative_msr_write(MSR_IA32_SPEC_CTRL, 0,                    \
+                             X86_FEATURE_USE_IBRS_FW);                 \
+       preempt_enable();                                               \
+ } while (0)
  #endif /* __ASSEMBLY__ */
 +
 +/*
 + * Below is used in the eBPF JIT compiler and emits the byte sequence
 + * for the following assembly:
 + *
 + * With retpolines configured:
 + *
 + *    callq do_rop
 + *  spec_trap:
 + *    pause
 + *    lfence
 + *    jmp spec_trap
 + *  do_rop:
 + *    mov %rax,(%rsp)
 + *    retq
 + *
 + * Without retpolines configured:
 + *
 + *    jmp *%rax
 + */
 +#ifdef CONFIG_RETPOLINE
 +# define RETPOLINE_RAX_BPF_JIT_SIZE   17
 +# define RETPOLINE_RAX_BPF_JIT()                              \
 +      EMIT1_off32(0xE8, 7);    /* callq do_rop */             \
 +      /* spec_trap: */                                        \
 +      EMIT2(0xF3, 0x90);       /* pause */                    \
 +      EMIT3(0x0F, 0xAE, 0xE8); /* lfence */                   \
 +      EMIT2(0xEB, 0xF9);       /* jmp spec_trap */            \
 +      /* do_rop: */                                           \
 +      EMIT4(0x48, 0x89, 0x04, 0x24); /* mov %rax,(%rsp) */    \
 +      EMIT1(0xC3);             /* retq */
 +#else
 +# define RETPOLINE_RAX_BPF_JIT_SIZE   2
 +# define RETPOLINE_RAX_BPF_JIT()                              \
 +      EMIT2(0xFF, 0xE0);       /* jmp *%rax */
 +#endif
 +
  #endif /* _ASM_X86_NOSPEC_BRANCH_H_ */
Simple merge
Simple merge
index b838c51d8c78e5172a2dc1fc194abb6a337cdd44,b3ec519e39827e58eaeb8a567303e37a6bc2e919..88a056b01db48838d4b064f4e945fa5b283c4f85
@@@ -32,9 -32,8 +32,10 @@@ extern pmd_t initial_pg_pmd[]
  static inline void pgtable_cache_init(void) { }
  static inline void check_pgt_cache(void) { }
  void paging_init(void);
+ void sync_initial_page_table(void);
  
 +static inline int pgd_large(pgd_t pgd) { return 0; }
 +
  /*
   * Define this if things work differently on an i386 and an i486:
   * it will (on an i486) warn about kernel memory accesses that are
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge