tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'x86/bugs' into x86/core, to pick up pending changes before dependent patches
Merge in pending alternatives patching infrastructure changes, before
applying more patches.
Signed-off-by: Ingo Molnar <mingo@kernel.org>
+288
-268
+4
-4
Documentation/admin-guide/hw-vuln/spectre.rst
+4
-4
Documentation/admin-guide/hw-vuln/spectre.rst
···
473
473
-mindirect-branch=thunk-extern -mindirect-branch-register options.
474
474
If the kernel is compiled with a Clang compiler, the compiler needs
475
475
to support -mretpoline-external-thunk option. The kernel config
476
-
CONFIG_RETPOLINE needs to be turned on, and the CPU needs to run with
477
-
the latest updated microcode.
476
+
CONFIG_MITIGATION_RETPOLINE needs to be turned on, and the CPU needs
477
+
to run with the latest updated microcode.
478
478
479
479
On Intel Skylake-era systems the mitigation covers most, but not all,
480
480
cases. See :ref:`[3] <spec_ref3>` for more details.
···
609
609
Selecting 'on' will, and 'auto' may, choose a
610
610
mitigation method at run time according to the
611
611
CPU, the available microcode, the setting of the
612
-
CONFIG_RETPOLINE configuration option, and the
613
-
compiler with which the kernel was built.
612
+
CONFIG_MITIGATION_RETPOLINE configuration option,
613
+
and the compiler with which the kernel was built.
614
614
615
615
Selecting 'on' will also enable the mitigation
616
616
against user space to user space task attacks.
+2
-2
Documentation/admin-guide/kernel-parameters.txt
+2
-2
Documentation/admin-guide/kernel-parameters.txt
···
6027
6027
Selecting 'on' will, and 'auto' may, choose a
6028
6028
mitigation method at run time according to the
6029
6029
CPU, the available microcode, the setting of the
6030
-
CONFIG_RETPOLINE configuration option, and the
6031
-
compiler with which the kernel was built.
6030
+
CONFIG_MITIGATION_RETPOLINE configuration option,
6031
+
and the compiler with which the kernel was built.
6032
6032
6033
6033
Selecting 'on' will also enable the mitigation
6034
6034
against user space to user space task attacks.
+3
-3
Documentation/arch/x86/pti.rst
+3
-3
Documentation/arch/x86/pti.rst
···
26
26
27
27
This approach helps to ensure that side-channel attacks leveraging
28
28
the paging structures do not function when PTI is enabled. It can be
29
-
enabled by setting CONFIG_PAGE_TABLE_ISOLATION=y at compile time.
30
-
Once enabled at compile-time, it can be disabled at boot with the
31
-
'nopti' or 'pti=' kernel parameters (see kernel-parameters.txt).
29
+
enabled by setting CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y at compile
30
+
time. Once enabled at compile-time, it can be disabled at boot with
31
+
the 'nopti' or 'pti=' kernel parameters (see kernel-parameters.txt).
32
32
33
33
Page Table Management
34
34
=====================
+16
-16
arch/x86/Kconfig
+16
-16
arch/x86/Kconfig
···
2477
2477
2478
2478
config FINEIBT
2479
2479
def_bool y
2480
-
depends on X86_KERNEL_IBT && CFI_CLANG && RETPOLINE
2480
+
depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE
2481
2481
select CALL_PADDING
2482
2482
2483
2483
config HAVE_CALL_THUNKS
2484
2484
def_bool y
2485
-
depends on CC_HAS_ENTRY_PADDING && RETHUNK && OBJTOOL
2485
+
depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL
2486
2486
2487
2487
config CALL_THUNKS
2488
2488
def_bool n
···
2504
2504
2505
2505
if SPECULATION_MITIGATIONS
2506
2506
2507
-
config PAGE_TABLE_ISOLATION
2507
+
config MITIGATION_PAGE_TABLE_ISOLATION
2508
2508
bool "Remove the kernel mapping in user mode"
2509
2509
default y
2510
2510
depends on (X86_64 || X86_PAE)
···
2515
2515
2516
2516
See Documentation/arch/x86/pti.rst for more details.
2517
2517
2518
-
config RETPOLINE
2518
+
config MITIGATION_RETPOLINE
2519
2519
bool "Avoid speculative indirect branches in kernel"
2520
2520
select OBJTOOL if HAVE_OBJTOOL
2521
2521
default y
···
2525
2525
branches. Requires a compiler with -mindirect-branch=thunk-extern
2526
2526
support for full protection. The kernel may run slower.
2527
2527
2528
-
config RETHUNK
2528
+
config MITIGATION_RETHUNK
2529
2529
bool "Enable return-thunks"
2530
-
depends on RETPOLINE && CC_HAS_RETURN_THUNK
2530
+
depends on MITIGATION_RETPOLINE && CC_HAS_RETURN_THUNK
2531
2531
select OBJTOOL if HAVE_OBJTOOL
2532
2532
default y if X86_64
2533
2533
help
···
2536
2536
Requires a compiler with -mfunction-return=thunk-extern
2537
2537
support for full protection. The kernel may run slower.
2538
2538
2539
-
config CPU_UNRET_ENTRY
2539
+
config MITIGATION_UNRET_ENTRY
2540
2540
bool "Enable UNRET on kernel entry"
2541
-
depends on CPU_SUP_AMD && RETHUNK && X86_64
2541
+
depends on CPU_SUP_AMD && MITIGATION_RETHUNK && X86_64
2542
2542
default y
2543
2543
help
2544
2544
Compile the kernel with support for the retbleed=unret mitigation.
2545
2545
2546
-
config CALL_DEPTH_TRACKING
2546
+
config MITIGATION_CALL_DEPTH_TRACKING
2547
2547
bool "Mitigate RSB underflow with call depth tracking"
2548
2548
depends on CPU_SUP_INTEL && HAVE_CALL_THUNKS
2549
2549
select HAVE_DYNAMIC_FTRACE_NO_PATCHABLE
···
2563
2563
2564
2564
config CALL_THUNKS_DEBUG
2565
2565
bool "Enable call thunks and call depth tracking debugging"
2566
-
depends on CALL_DEPTH_TRACKING
2566
+
depends on MITIGATION_CALL_DEPTH_TRACKING
2567
2567
select FUNCTION_ALIGNMENT_32B
2568
2568
default n
2569
2569
help
···
2574
2574
Only enable this when you are debugging call thunks as this
2575
2575
creates a noticeable runtime overhead. If unsure say N.
2576
2576
2577
-
config CPU_IBPB_ENTRY
2577
+
config MITIGATION_IBPB_ENTRY
2578
2578
bool "Enable IBPB on kernel entry"
2579
2579
depends on CPU_SUP_AMD && X86_64
2580
2580
default y
2581
2581
help
2582
2582
Compile the kernel with support for the retbleed=ibpb mitigation.
2583
2583
2584
-
config CPU_IBRS_ENTRY
2584
+
config MITIGATION_IBRS_ENTRY
2585
2585
bool "Enable IBRS on kernel entry"
2586
2586
depends on CPU_SUP_INTEL && X86_64
2587
2587
default y
···
2590
2590
This mitigates both spectre_v2 and retbleed at great cost to
2591
2591
performance.
2592
2592
2593
-
config CPU_SRSO
2593
+
config MITIGATION_SRSO
2594
2594
bool "Mitigate speculative RAS overflow on AMD"
2595
-
depends on CPU_SUP_AMD && X86_64 && RETHUNK
2595
+
depends on CPU_SUP_AMD && X86_64 && MITIGATION_RETHUNK
2596
2596
default y
2597
2597
help
2598
2598
Enable the SRSO mitigation needed on AMD Zen1-4 machines.
2599
2599
2600
-
config SLS
2600
+
config MITIGATION_SLS
2601
2601
bool "Mitigate Straight-Line-Speculation"
2602
2602
depends on CC_HAS_SLS && X86_64
2603
2603
select OBJTOOL if HAVE_OBJTOOL
···
2607
2607
against straight line speculation. The kernel image might be slightly
2608
2608
larger.
2609
2609
2610
-
config GDS_FORCE_MITIGATION
2610
+
config MITIGATION_GDS_FORCE
2611
2611
bool "Force GDS Mitigation"
2612
2612
depends on CPU_SUP_INTEL
2613
2613
default n
+4
-4
arch/x86/Makefile
+4
-4
arch/x86/Makefile
···
22
22
endif
23
23
RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch-cs-prefix)
24
24
25
-
ifdef CONFIG_RETHUNK
25
+
ifdef CONFIG_MITIGATION_RETHUNK
26
26
RETHUNK_CFLAGS := -mfunction-return=thunk-extern
27
27
RETPOLINE_CFLAGS += $(RETHUNK_CFLAGS)
28
28
endif
···
192
192
KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
193
193
194
194
# Avoid indirect branches in kernel to deal with Spectre
195
-
ifdef CONFIG_RETPOLINE
195
+
ifdef CONFIG_MITIGATION_RETPOLINE
196
196
KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)
197
197
# Additionally, avoid generating expensive indirect jumps which
198
198
# are subject to retpolines for small number of switch cases.
···
205
205
endif
206
206
endif
207
207
208
-
ifdef CONFIG_SLS
208
+
ifdef CONFIG_MITIGATION_SLS
209
209
KBUILD_CFLAGS += -mharden-sls=all
210
210
endif
211
211
···
301
301
302
302
archprepare: checkbin
303
303
checkbin:
304
-
ifdef CONFIG_RETPOLINE
304
+
ifdef CONFIG_MITIGATION_RETPOLINE
305
305
ifeq ($(RETPOLINE_CFLAGS),)
306
306
@echo "You are building kernel with non-retpoline compiler." >&2
307
307
@echo "Please update your compiler." >&2
+2
-2
arch/x86/boot/compressed/ident_map_64.c
+2
-2
arch/x86/boot/compressed/ident_map_64.c
···
8
8
* Copyright (C) 2016 Kees Cook
9
9
*/
10
10
11
-
/* No PAGE_TABLE_ISOLATION support needed either: */
12
-
#undef CONFIG_PAGE_TABLE_ISOLATION
11
+
/* No MITIGATION_PAGE_TABLE_ISOLATION support needed either: */
12
+
#undef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
13
13
14
14
#include "error.h"
15
15
#include "misc.h"
+1
-1
arch/x86/configs/i386_defconfig
+1
-1
arch/x86/configs/i386_defconfig
+66
-6
arch/x86/entry/calling.h
+66
-6
arch/x86/entry/calling.h
···
142
142
.endif
143
143
.endm
144
144
145
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
145
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
146
146
147
147
/*
148
-
* PAGE_TABLE_ISOLATION PGDs are 8k. Flip bit 12 to switch between the two
148
+
* MITIGATION_PAGE_TABLE_ISOLATION PGDs are 8k. Flip bit 12 to switch between the two
149
149
* halves:
150
150
*/
151
151
#define PTI_USER_PGTABLE_BIT PAGE_SHIFT
···
160
160
161
161
.macro ADJUST_KERNEL_CR3 reg:req
162
162
ALTERNATIVE "", "SET_NOFLUSH_BIT \reg", X86_FEATURE_PCID
163
-
/* Clear PCID and "PAGE_TABLE_ISOLATION bit", point CR3 at kernel pagetables: */
163
+
/* Clear PCID and "MITIGATION_PAGE_TABLE_ISOLATION bit", point CR3 at kernel pagetables: */
164
164
andq $(~PTI_USER_PGTABLE_AND_PCID_MASK), \reg
165
165
.endm
166
166
···
275
275
.Lend_\@:
276
276
.endm
277
277
278
-
#else /* CONFIG_PAGE_TABLE_ISOLATION=n: */
278
+
#else /* CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=n: */
279
279
280
280
.macro SWITCH_TO_KERNEL_CR3 scratch_reg:req
281
281
.endm
···
303
303
* Assumes x86_spec_ctrl_{base,current} to have SPEC_CTRL_IBRS set.
304
304
*/
305
305
.macro IBRS_ENTER save_reg
306
-
#ifdef CONFIG_CPU_IBRS_ENTRY
306
+
#ifdef CONFIG_MITIGATION_IBRS_ENTRY
307
307
ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_KERNEL_IBRS
308
308
movl $MSR_IA32_SPEC_CTRL, %ecx
309
309
···
332
332
* regs. Must be called after the last RET.
333
333
*/
334
334
.macro IBRS_EXIT save_reg
335
-
#ifdef CONFIG_CPU_IBRS_ENTRY
335
+
#ifdef CONFIG_MITIGATION_IBRS_ENTRY
336
336
ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_KERNEL_IBRS
337
337
movl $MSR_IA32_SPEC_CTRL, %ecx
338
338
···
426
426
.endm
427
427
428
428
#endif /* CONFIG_SMP */
429
+
430
+
#ifdef CONFIG_X86_64
431
+
432
+
/* rdi: arg1 ... normal C conventions. rax is saved/restored. */
433
+
.macro THUNK name, func
434
+
SYM_FUNC_START(\name)
435
+
pushq %rbp
436
+
movq %rsp, %rbp
437
+
438
+
pushq %rdi
439
+
pushq %rsi
440
+
pushq %rdx
441
+
pushq %rcx
442
+
pushq %rax
443
+
pushq %r8
444
+
pushq %r9
445
+
pushq %r10
446
+
pushq %r11
447
+
448
+
call \func
449
+
450
+
popq %r11
451
+
popq %r10
452
+
popq %r9
453
+
popq %r8
454
+
popq %rax
455
+
popq %rcx
456
+
popq %rdx
457
+
popq %rsi
458
+
popq %rdi
459
+
popq %rbp
460
+
RET
461
+
SYM_FUNC_END(\name)
462
+
_ASM_NOKPROBE(\name)
463
+
.endm
464
+
465
+
#else /* CONFIG_X86_32 */
466
+
467
+
/* put return address in eax (arg1) */
468
+
.macro THUNK name, func, put_ret_addr_in_eax=0
469
+
SYM_CODE_START_NOALIGN(\name)
470
+
pushl %eax
471
+
pushl %ecx
472
+
pushl %edx
473
+
474
+
.if \put_ret_addr_in_eax
475
+
/* Place EIP in the arg1 */
476
+
movl 3*4(%esp), %eax
477
+
.endif
478
+
479
+
call \func
480
+
popl %edx
481
+
popl %ecx
482
+
popl %eax
483
+
RET
484
+
_ASM_NOKPROBE(\name)
485
+
SYM_CODE_END(\name)
486
+
.endm
487
+
488
+
#endif
+4
arch/x86/entry/entry.S
+4
arch/x86/entry/entry.S
+3
-3
arch/x86/entry/entry_64.S
+3
-3
arch/x86/entry/entry_64.S
···
562
562
#ifdef CONFIG_XEN_PV
563
563
ALTERNATIVE "", "jmp xenpv_restore_regs_and_return_to_usermode", X86_FEATURE_XENPV
564
564
#endif
565
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
565
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
566
566
ALTERNATIVE "", "jmp .Lpti_restore_regs_and_return_to_usermode", X86_FEATURE_PTI
567
567
#endif
568
568
···
578
578
jnz .Lnative_iret
579
579
ud2
580
580
581
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
581
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
582
582
.Lpti_restore_regs_and_return_to_usermode:
583
583
POP_REGS pop_rdi=0
584
584
···
1096
1096
*
1097
1097
* Registers:
1098
1098
* %r14: Used to save/restore the CR3 of the interrupted context
1099
-
* when PAGE_TABLE_ISOLATION is in use. Do not clobber.
1099
+
* when MITIGATION_PAGE_TABLE_ISOLATION is in use. Do not clobber.
1100
1100
*/
1101
1101
SYM_CODE_START(asm_exc_nmi)
1102
1102
UNWIND_HINT_IRET_ENTRY
+8
-26
arch/x86/entry/thunk_32.S
+8
-26
arch/x86/entry/thunk_32.S
···
4
4
* Copyright 2008 by Steven Rostedt, Red Hat, Inc
5
5
* (inspired by Andi Kleen's thunk_64.S)
6
6
*/
7
-
#include <linux/export.h>
8
-
#include <linux/linkage.h>
9
-
#include <asm/asm.h>
10
7
11
-
/* put return address in eax (arg1) */
12
-
.macro THUNK name, func, put_ret_addr_in_eax=0
13
-
SYM_CODE_START_NOALIGN(\name)
14
-
pushl %eax
15
-
pushl %ecx
16
-
pushl %edx
8
+
#include <linux/export.h>
9
+
#include <linux/linkage.h>
10
+
#include <asm/asm.h>
17
11
18
-
.if \put_ret_addr_in_eax
19
-
/* Place EIP in the arg1 */
20
-
movl 3*4(%esp), %eax
21
-
.endif
12
+
#include "calling.h"
22
13
23
-
call \func
24
-
popl %edx
25
-
popl %ecx
26
-
popl %eax
27
-
RET
28
-
_ASM_NOKPROBE(\name)
29
-
SYM_CODE_END(\name)
30
-
.endm
31
-
32
-
THUNK preempt_schedule_thunk, preempt_schedule
33
-
THUNK preempt_schedule_notrace_thunk, preempt_schedule_notrace
34
-
EXPORT_SYMBOL(preempt_schedule_thunk)
35
-
EXPORT_SYMBOL(preempt_schedule_notrace_thunk)
14
+
THUNK preempt_schedule_thunk, preempt_schedule
15
+
THUNK preempt_schedule_notrace_thunk, preempt_schedule_notrace
16
+
EXPORT_SYMBOL(preempt_schedule_thunk)
17
+
EXPORT_SYMBOL(preempt_schedule_notrace_thunk)
36
18
-33
arch/x86/entry/thunk_64.S
-33
arch/x86/entry/thunk_64.S
···
9
9
#include "calling.h"
10
10
#include <asm/asm.h>
11
11
12
-
/* rdi: arg1 ... normal C conventions. rax is saved/restored. */
13
-
.macro THUNK name, func
14
-
SYM_FUNC_START(\name)
15
-
pushq %rbp
16
-
movq %rsp, %rbp
17
-
18
-
pushq %rdi
19
-
pushq %rsi
20
-
pushq %rdx
21
-
pushq %rcx
22
-
pushq %rax
23
-
pushq %r8
24
-
pushq %r9
25
-
pushq %r10
26
-
pushq %r11
27
-
28
-
call \func
29
-
30
-
popq %r11
31
-
popq %r10
32
-
popq %r9
33
-
popq %r8
34
-
popq %rax
35
-
popq %rcx
36
-
popq %rdx
37
-
popq %rsi
38
-
popq %rdi
39
-
popq %rbp
40
-
RET
41
-
SYM_FUNC_END(\name)
42
-
_ASM_NOKPROBE(\name)
43
-
.endm
44
-
45
12
THUNK preempt_schedule_thunk, preempt_schedule
46
13
THUNK preempt_schedule_notrace_thunk, preempt_schedule_notrace
47
14
EXPORT_SYMBOL(preempt_schedule_thunk)
+2
-2
arch/x86/entry/vdso/Makefile
+2
-2
arch/x86/entry/vdso/Makefile
···
87
87
-fno-omit-frame-pointer -foptimize-sibling-calls \
88
88
-DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
89
89
90
-
ifdef CONFIG_RETPOLINE
90
+
ifdef CONFIG_MITIGATION_RETPOLINE
91
91
ifneq ($(RETPOLINE_VDSO_CFLAGS),)
92
92
CFL += $(RETPOLINE_VDSO_CFLAGS)
93
93
endif
···
164
164
KBUILD_CFLAGS_32 += -fno-omit-frame-pointer
165
165
KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING
166
166
167
-
ifdef CONFIG_RETPOLINE
167
+
ifdef CONFIG_MITIGATION_RETPOLINE
168
168
ifneq ($(RETPOLINE_VDSO_CFLAGS),)
169
169
KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS)
170
170
endif
+1
-1
arch/x86/include/asm/current.h
+1
-1
arch/x86/include/asm/current.h
+5
-5
arch/x86/include/asm/disabled-features.h
+5
-5
arch/x86/include/asm/disabled-features.h
···
44
44
# define DISABLE_LA57 (1<<(X86_FEATURE_LA57 & 31))
45
45
#endif
46
46
47
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
47
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
48
48
# define DISABLE_PTI 0
49
49
#else
50
50
# define DISABLE_PTI (1 << (X86_FEATURE_PTI & 31))
51
51
#endif
52
52
53
-
#ifdef CONFIG_RETPOLINE
53
+
#ifdef CONFIG_MITIGATION_RETPOLINE
54
54
# define DISABLE_RETPOLINE 0
55
55
#else
56
56
# define DISABLE_RETPOLINE ((1 << (X86_FEATURE_RETPOLINE & 31)) | \
57
57
(1 << (X86_FEATURE_RETPOLINE_LFENCE & 31)))
58
58
#endif
59
59
60
-
#ifdef CONFIG_RETHUNK
60
+
#ifdef CONFIG_MITIGATION_RETHUNK
61
61
# define DISABLE_RETHUNK 0
62
62
#else
63
63
# define DISABLE_RETHUNK (1 << (X86_FEATURE_RETHUNK & 31))
64
64
#endif
65
65
66
-
#ifdef CONFIG_CPU_UNRET_ENTRY
66
+
#ifdef CONFIG_MITIGATION_UNRET_ENTRY
67
67
# define DISABLE_UNRET 0
68
68
#else
69
69
# define DISABLE_UNRET (1 << (X86_FEATURE_UNRET & 31))
70
70
#endif
71
71
72
-
#ifdef CONFIG_CALL_DEPTH_TRACKING
72
+
#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING
73
73
# define DISABLE_CALL_DEPTH_TRACKING 0
74
74
#else
75
75
# define DISABLE_CALL_DEPTH_TRACKING (1 << (X86_FEATURE_CALL_DEPTH & 31))
+8
-8
arch/x86/include/asm/linkage.h
+8
-8
arch/x86/include/asm/linkage.h
···
40
40
41
41
#ifdef __ASSEMBLY__
42
42
43
-
#if defined(CONFIG_RETHUNK) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO)
43
+
#if defined(CONFIG_MITIGATION_RETHUNK) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO)
44
44
#define RET jmp __x86_return_thunk
45
-
#else /* CONFIG_RETPOLINE */
46
-
#ifdef CONFIG_SLS
45
+
#else /* CONFIG_MITIGATION_RETPOLINE */
46
+
#ifdef CONFIG_MITIGATION_SLS
47
47
#define RET ret; int3
48
48
#else
49
49
#define RET ret
50
50
#endif
51
-
#endif /* CONFIG_RETPOLINE */
51
+
#endif /* CONFIG_MITIGATION_RETPOLINE */
52
52
53
53
#else /* __ASSEMBLY__ */
54
54
55
-
#if defined(CONFIG_RETHUNK) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO)
55
+
#if defined(CONFIG_MITIGATION_RETHUNK) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO)
56
56
#define ASM_RET "jmp __x86_return_thunk\n\t"
57
-
#else /* CONFIG_RETPOLINE */
58
-
#ifdef CONFIG_SLS
57
+
#else /* CONFIG_MITIGATION_RETPOLINE */
58
+
#ifdef CONFIG_MITIGATION_SLS
59
59
#define ASM_RET "ret; int3\n\t"
60
60
#else
61
61
#define ASM_RET "ret\n\t"
62
62
#endif
63
-
#endif /* CONFIG_RETPOLINE */
63
+
#endif /* CONFIG_MITIGATION_RETPOLINE */
64
64
65
65
#endif /* __ASSEMBLY__ */
66
66
+17
-15
arch/x86/include/asm/nospec-branch.h
+17
-15
arch/x86/include/asm/nospec-branch.h
···
73
73
# define CALL_THUNKS_DEBUG_INC_CTXSW
74
74
#endif
75
75
76
-
#if defined(CONFIG_CALL_DEPTH_TRACKING) && !defined(COMPILE_OFFSETS)
76
+
#if defined(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) && !defined(COMPILE_OFFSETS)
77
77
78
78
#include <asm/asm-offsets.h>
79
79
···
203
203
*/
204
204
.macro VALIDATE_UNRET_END
205
205
#if defined(CONFIG_NOINSTR_VALIDATION) && \
206
-
(defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CPU_SRSO))
206
+
(defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO))
207
207
ANNOTATE_RETPOLINE_SAFE
208
208
nop
209
209
#endif
···
232
232
* instruction irrespective of kCFI.
233
233
*/
234
234
.macro JMP_NOSPEC reg:req
235
-
#ifdef CONFIG_RETPOLINE
235
+
#ifdef CONFIG_MITIGATION_RETPOLINE
236
236
__CS_PREFIX \reg
237
237
jmp __x86_indirect_thunk_\reg
238
238
#else
···
242
242
.endm
243
243
244
244
.macro CALL_NOSPEC reg:req
245
-
#ifdef CONFIG_RETPOLINE
245
+
#ifdef CONFIG_MITIGATION_RETPOLINE
246
246
__CS_PREFIX \reg
247
247
call __x86_indirect_thunk_\reg
248
248
#else
···
262
262
.Lskip_rsb_\@:
263
263
.endm
264
264
265
-
#if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CPU_SRSO)
265
+
#if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO)
266
266
#define CALL_UNTRAIN_RET "call entry_untrain_ret"
267
267
#else
268
268
#define CALL_UNTRAIN_RET ""
···
280
280
* where we have a stack but before any RET instruction.
281
281
*/
282
282
.macro __UNTRAIN_RET ibpb_feature, call_depth_insns
283
-
#if defined(CONFIG_RETHUNK) || defined(CONFIG_CPU_IBPB_ENTRY)
283
+
#if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY)
284
284
VALIDATE_UNRET_END
285
285
ALTERNATIVE_3 "", \
286
286
CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \
···
300
300
301
301
302
302
.macro CALL_DEPTH_ACCOUNT
303
-
#ifdef CONFIG_CALL_DEPTH_TRACKING
303
+
#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING
304
304
ALTERNATIVE "", \
305
305
__stringify(INCREMENT_CALL_DEPTH), X86_FEATURE_CALL_DEPTH
306
306
#endif
···
319
319
extern retpoline_thunk_t __x86_indirect_call_thunk_array[];
320
320
extern retpoline_thunk_t __x86_indirect_jump_thunk_array[];
321
321
322
-
#ifdef CONFIG_RETHUNK
322
+
#ifdef CONFIG_MITIGATION_RETHUNK
323
323
extern void __x86_return_thunk(void);
324
324
#else
325
325
static inline void __x86_return_thunk(void) {}
326
326
#endif
327
327
328
-
#ifdef CONFIG_CPU_UNRET_ENTRY
328
+
#ifdef CONFIG_MITIGATION_UNRET_ENTRY
329
329
extern void retbleed_return_thunk(void);
330
330
#else
331
331
static inline void retbleed_return_thunk(void) {}
332
332
#endif
333
333
334
-
#ifdef CONFIG_CPU_SRSO
334
+
#ifdef CONFIG_MITIGATION_SRSO
335
335
extern void srso_return_thunk(void);
336
336
extern void srso_alias_return_thunk(void);
337
337
#else
···
348
348
349
349
extern void (*x86_return_thunk)(void);
350
350
351
-
#ifdef CONFIG_CALL_DEPTH_TRACKING
351
+
extern void __warn_thunk(void);
352
+
353
+
#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING
352
354
extern void call_depth_return_thunk(void);
353
355
354
356
#define CALL_DEPTH_ACCOUNT \
···
364
362
DECLARE_PER_CPU(u64, __x86_stuffs_count);
365
363
DECLARE_PER_CPU(u64, __x86_ctxsw_count);
366
364
#endif
367
-
#else /* !CONFIG_CALL_DEPTH_TRACKING */
365
+
#else /* !CONFIG_MITIGATION_CALL_DEPTH_TRACKING */
368
366
369
367
static inline void call_depth_return_thunk(void) {}
370
368
#define CALL_DEPTH_ACCOUNT ""
371
369
372
-
#endif /* CONFIG_CALL_DEPTH_TRACKING */
370
+
#endif /* CONFIG_MITIGATION_CALL_DEPTH_TRACKING */
373
371
374
-
#ifdef CONFIG_RETPOLINE
372
+
#ifdef CONFIG_MITIGATION_RETPOLINE
375
373
376
374
#define GEN(reg) \
377
375
extern retpoline_thunk_t __x86_indirect_thunk_ ## reg;
···
392
390
393
391
/*
394
392
* Inline asm uses the %V modifier which is only in newer GCC
395
-
* which is ensured when CONFIG_RETPOLINE is defined.
393
+
* which is ensured when CONFIG_MITIGATION_RETPOLINE is defined.
396
394
*/
397
395
# define CALL_NOSPEC \
398
396
ALTERNATIVE_2( \
+1
-1
arch/x86/include/asm/pgalloc.h
+1
-1
arch/x86/include/asm/pgalloc.h
+1
-1
arch/x86/include/asm/pgtable-3level.h
+1
-1
arch/x86/include/asm/pgtable-3level.h
···
52
52
53
53
static inline void native_set_pud(pud_t *pudp, pud_t pud)
54
54
{
55
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
55
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
56
56
pud.p4d.pgd = pti_set_user_pgtbl(&pudp->p4d.pgd, pud.p4d.pgd);
57
57
#endif
58
58
pxx_xchg64(pud, pudp, native_pud_val(pud));
+9
-9
arch/x86/include/asm/pgtable.h
+9
-9
arch/x86/include/asm/pgtable.h
···
909
909
pmd_t *populate_extra_pmd(unsigned long vaddr);
910
910
pte_t *populate_extra_pte(unsigned long vaddr);
911
911
912
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
912
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
913
913
pgd_t __pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd);
914
914
915
915
/*
···
923
923
return pgd;
924
924
return __pti_set_user_pgtbl(pgdp, pgd);
925
925
}
926
-
#else /* CONFIG_PAGE_TABLE_ISOLATION */
926
+
#else /* CONFIG_MITIGATION_PAGE_TABLE_ISOLATION */
927
927
static inline pgd_t pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd)
928
928
{
929
929
return pgd;
930
930
}
931
-
#endif /* CONFIG_PAGE_TABLE_ISOLATION */
931
+
#endif /* CONFIG_MITIGATION_PAGE_TABLE_ISOLATION */
932
932
933
933
#endif /* __ASSEMBLY__ */
934
934
···
1131
1131
{
1132
1132
unsigned long ignore_flags = _KERNPG_TABLE | _PAGE_USER;
1133
1133
1134
-
if (IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION))
1134
+
if (IS_ENABLED(CONFIG_MITIGATION_PAGE_TABLE_ISOLATION))
1135
1135
ignore_flags |= _PAGE_NX;
1136
1136
1137
1137
return (p4d_flags(p4d) & ~ignore_flags) != 0;
···
1177
1177
if (!pgtable_l5_enabled())
1178
1178
return 0;
1179
1179
1180
-
if (IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION))
1180
+
if (IS_ENABLED(CONFIG_MITIGATION_PAGE_TABLE_ISOLATION))
1181
1181
ignore_flags |= _PAGE_NX;
1182
1182
1183
1183
return (pgd_flags(pgd) & ~ignore_flags) != _KERNPG_TABLE;
···
1422
1422
#define pgd_leaf pgd_large
1423
1423
static inline int pgd_large(pgd_t pgd) { return 0; }
1424
1424
1425
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
1425
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
1426
1426
/*
1427
-
* All top-level PAGE_TABLE_ISOLATION page tables are order-1 pages
1427
+
* All top-level MITIGATION_PAGE_TABLE_ISOLATION page tables are order-1 pages
1428
1428
* (8k-aligned and 8k in size). The kernel one is at the beginning 4k and
1429
1429
* the user one is in the last 4k. To switch between them, you
1430
1430
* just need to flip the 12th bit in their addresses.
···
1469
1469
{
1470
1470
return ptr_clear_bit(p4dp, PTI_PGTABLE_SWITCH_BIT);
1471
1471
}
1472
-
#endif /* CONFIG_PAGE_TABLE_ISOLATION */
1472
+
#endif /* CONFIG_MITIGATION_PAGE_TABLE_ISOLATION */
1473
1473
1474
1474
/*
1475
1475
* clone_pgd_range(pgd_t *dst, pgd_t *src, int count);
···
1484
1484
static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
1485
1485
{
1486
1486
memcpy(dst, src, count * sizeof(pgd_t));
1487
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
1487
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
1488
1488
if (!static_cpu_has(X86_FEATURE_PTI))
1489
1489
return;
1490
1490
/* Clone the user space pgd as well */
+2
-1
arch/x86/include/asm/pgtable_64.h
+2
-1
arch/x86/include/asm/pgtable_64.h
+1
-1
arch/x86/include/asm/processor-flags.h
+1
-1
arch/x86/include/asm/processor-flags.h
+1
-1
arch/x86/include/asm/pti.h
+1
-1
arch/x86/include/asm/pti.h
+1
-1
arch/x86/include/asm/static_call.h
+1
-1
arch/x86/include/asm/static_call.h
···
46
46
#define ARCH_DEFINE_STATIC_CALL_TRAMP(name, func) \
47
47
__ARCH_DEFINE_STATIC_CALL_TRAMP(name, ".byte 0xe9; .long " #func " - (. + 4)")
48
48
49
-
#ifdef CONFIG_RETHUNK
49
+
#ifdef CONFIG_MITIGATION_RETHUNK
50
50
#define ARCH_DEFINE_STATIC_CALL_NULL_TRAMP(name) \
51
51
__ARCH_DEFINE_STATIC_CALL_TRAMP(name, "jmp __x86_return_thunk")
52
52
#else
+7
-7
arch/x86/kernel/alternative.c
+7
-7
arch/x86/kernel/alternative.c
···
544
544
return insn->opcode.bytes[0] == 0x0f && (insn->opcode.bytes[1] & 0xf0) == 0x80;
545
545
}
546
546
547
-
#if defined(CONFIG_RETPOLINE) && defined(CONFIG_OBJTOOL)
547
+
#if defined(CONFIG_MITIGATION_RETPOLINE) && defined(CONFIG_OBJTOOL)
548
548
549
549
/*
550
550
* CALL/JMP *%\reg
···
708
708
/*
709
709
* The compiler is supposed to EMIT an INT3 after every unconditional
710
710
* JMP instruction due to AMD BTC. However, if the compiler is too old
711
-
* or SLS isn't enabled, we still need an INT3 after indirect JMPs
712
-
* even on Intel.
711
+
* or MITIGATION_SLS isn't enabled, we still need an INT3 after
712
+
* indirect JMPs even on Intel.
713
713
*/
714
714
if (op == JMP32_INSN_OPCODE && i < insn->length)
715
715
bytes[i++] = INT3_INSN_OPCODE;
···
769
769
}
770
770
}
771
771
772
-
#ifdef CONFIG_RETHUNK
772
+
#ifdef CONFIG_MITIGATION_RETHUNK
773
773
774
774
/*
775
775
* Rewrite the compiler generated return thunk tail-calls.
···
842
842
}
843
843
#else
844
844
void __init_or_module noinline apply_returns(s32 *start, s32 *end) { }
845
-
#endif /* CONFIG_RETHUNK */
845
+
#endif /* CONFIG_MITIGATION_RETHUNK */
846
846
847
-
#else /* !CONFIG_RETPOLINE || !CONFIG_OBJTOOL */
847
+
#else /* !CONFIG_MITIGATION_RETPOLINE || !CONFIG_OBJTOOL */
848
848
849
849
void __init_or_module noinline apply_retpolines(s32 *start, s32 *end) { }
850
850
void __init_or_module noinline apply_returns(s32 *start, s32 *end) { }
851
851
852
-
#endif /* CONFIG_RETPOLINE && CONFIG_OBJTOOL */
852
+
#endif /* CONFIG_MITIGATION_RETPOLINE && CONFIG_OBJTOOL */
853
853
854
854
#ifdef CONFIG_X86_KERNEL_IBT
855
855
+1
-1
arch/x86/kernel/asm-offsets.c
+1
-1
arch/x86/kernel/asm-offsets.c
···
109
109
OFFSET(TSS_sp2, tss_struct, x86_tss.sp2);
110
110
OFFSET(X86_top_of_stack, pcpu_hot, top_of_stack);
111
111
OFFSET(X86_current_task, pcpu_hot, current_task);
112
-
#ifdef CONFIG_CALL_DEPTH_TRACKING
112
+
#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING
113
113
OFFSET(X86_call_depth, pcpu_hot, call_depth);
114
114
#endif
115
115
#if IS_ENABLED(CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64)
+1
-1
arch/x86/kernel/cpu/amd.c
+1
-1
arch/x86/kernel/cpu/amd.c
+27
-21
arch/x86/kernel/cpu/bugs.c
+27
-21
arch/x86/kernel/cpu/bugs.c
···
671
671
GDS_MITIGATION_HYPERVISOR,
672
672
};
673
673
674
-
#if IS_ENABLED(CONFIG_GDS_FORCE_MITIGATION)
674
+
#if IS_ENABLED(CONFIG_MITIGATION_GDS_FORCE)
675
675
static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FORCE;
676
676
#else
677
677
static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL;
···
982
982
return;
983
983
984
984
case RETBLEED_CMD_UNRET:
985
-
if (IS_ENABLED(CONFIG_CPU_UNRET_ENTRY)) {
985
+
if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
986
986
retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
987
987
} else {
988
-
pr_err("WARNING: kernel not compiled with CPU_UNRET_ENTRY.\n");
988
+
pr_err("WARNING: kernel not compiled with MITIGATION_UNRET_ENTRY.\n");
989
989
goto do_cmd_auto;
990
990
}
991
991
break;
···
994
994
if (!boot_cpu_has(X86_FEATURE_IBPB)) {
995
995
pr_err("WARNING: CPU does not support IBPB.\n");
996
996
goto do_cmd_auto;
997
-
} else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
997
+
} else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
998
998
retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
999
999
} else {
1000
-
pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
1000
+
pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
1001
1001
goto do_cmd_auto;
1002
1002
}
1003
1003
break;
1004
1004
1005
1005
case RETBLEED_CMD_STUFF:
1006
-
if (IS_ENABLED(CONFIG_CALL_DEPTH_TRACKING) &&
1006
+
if (IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) &&
1007
1007
spectre_v2_enabled == SPECTRE_V2_RETPOLINE) {
1008
1008
retbleed_mitigation = RETBLEED_MITIGATION_STUFF;
1009
1009
1010
1010
} else {
1011
-
if (IS_ENABLED(CONFIG_CALL_DEPTH_TRACKING))
1011
+
if (IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING))
1012
1012
pr_err("WARNING: retbleed=stuff depends on spectre_v2=retpoline\n");
1013
1013
else
1014
-
pr_err("WARNING: kernel not compiled with CALL_DEPTH_TRACKING.\n");
1014
+
pr_err("WARNING: kernel not compiled with MITIGATION_CALL_DEPTH_TRACKING.\n");
1015
1015
1016
1016
goto do_cmd_auto;
1017
1017
}
···
1021
1021
case RETBLEED_CMD_AUTO:
1022
1022
if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
1023
1023
boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) {
1024
-
if (IS_ENABLED(CONFIG_CPU_UNRET_ENTRY))
1024
+
if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY))
1025
1025
retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
1026
-
else if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY) && boot_cpu_has(X86_FEATURE_IBPB))
1026
+
else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY) &&
1027
+
boot_cpu_has(X86_FEATURE_IBPB))
1027
1028
retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
1028
1029
}
1029
1030
···
1103
1102
static enum spectre_v2_user_mitigation spectre_v2_user_ibpb __ro_after_init =
1104
1103
SPECTRE_V2_USER_NONE;
1105
1104
1106
-
#ifdef CONFIG_RETPOLINE
1105
+
#ifdef CONFIG_MITIGATION_RETPOLINE
1107
1106
static bool spectre_v2_bad_module;
1108
1107
1109
1108
bool retpoline_module_ok(bool has_retpoline)
···
1416
1415
cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC ||
1417
1416
cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
1418
1417
cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
1419
-
!IS_ENABLED(CONFIG_RETPOLINE)) {
1418
+
!IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) {
1420
1419
pr_err("%s selected but not compiled in. Switching to AUTO select\n",
1421
1420
mitigation_options[i].option);
1422
1421
return SPECTRE_V2_CMD_AUTO;
···
1439
1438
return SPECTRE_V2_CMD_AUTO;
1440
1439
}
1441
1440
1442
-
if (cmd == SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_CPU_IBRS_ENTRY)) {
1441
+
if (cmd == SPECTRE_V2_CMD_IBRS && !IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY)) {
1443
1442
pr_err("%s selected but not compiled in. Switching to AUTO select\n",
1444
1443
mitigation_options[i].option);
1445
1444
return SPECTRE_V2_CMD_AUTO;
···
1470
1469
1471
1470
static enum spectre_v2_mitigation __init spectre_v2_select_retpoline(void)
1472
1471
{
1473
-
if (!IS_ENABLED(CONFIG_RETPOLINE)) {
1472
+
if (!IS_ENABLED(CONFIG_MITIGATION_RETPOLINE)) {
1474
1473
pr_err("Kernel not compiled with retpoline; no mitigation available!");
1475
1474
return SPECTRE_V2_NONE;
1476
1475
}
···
1565
1564
break;
1566
1565
}
1567
1566
1568
-
if (IS_ENABLED(CONFIG_CPU_IBRS_ENTRY) &&
1567
+
if (IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY) &&
1569
1568
boot_cpu_has_bug(X86_BUG_RETBLEED) &&
1570
1569
retbleed_cmd != RETBLEED_CMD_OFF &&
1571
1570
retbleed_cmd != RETBLEED_CMD_STUFF &&
···
2458
2457
break;
2459
2458
2460
2459
case SRSO_CMD_SAFE_RET:
2461
-
if (IS_ENABLED(CONFIG_CPU_SRSO)) {
2460
+
if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) {
2462
2461
/*
2463
2462
* Enable the return thunk for generated code
2464
2463
* like ftrace, static_call, etc.
···
2478
2477
else
2479
2478
srso_mitigation = SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED;
2480
2479
} else {
2481
-
pr_err("WARNING: kernel not compiled with CPU_SRSO.\n");
2480
+
pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
2482
2481
}
2483
2482
break;
2484
2483
2485
2484
case SRSO_CMD_IBPB:
2486
-
if (IS_ENABLED(CONFIG_CPU_IBPB_ENTRY)) {
2485
+
if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
2487
2486
if (has_microcode) {
2488
2487
setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
2489
2488
srso_mitigation = SRSO_MITIGATION_IBPB;
2490
2489
}
2491
2490
} else {
2492
-
pr_err("WARNING: kernel not compiled with CPU_IBPB_ENTRY.\n");
2491
+
pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
2493
2492
}
2494
2493
break;
2495
2494
2496
2495
case SRSO_CMD_IBPB_ON_VMEXIT:
2497
-
if (IS_ENABLED(CONFIG_CPU_SRSO)) {
2496
+
if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) {
2498
2497
if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) {
2499
2498
setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT);
2500
2499
srso_mitigation = SRSO_MITIGATION_IBPB_ON_VMEXIT;
2501
2500
}
2502
2501
} else {
2503
-
pr_err("WARNING: kernel not compiled with CPU_SRSO.\n");
2502
+
pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n");
2504
2503
}
2505
2504
break;
2506
2505
}
···
2850
2849
return cpu_show_common(dev, attr, buf, X86_BUG_GDS);
2851
2850
}
2852
2851
#endif
2852
+
2853
+
void __warn_thunk(void)
2854
+
{
2855
+
WARN_ONCE(1, "Unpatched return thunk in use. This should not happen!\n");
2856
+
}
+1
-1
arch/x86/kernel/dumpstack.c
+1
-1
arch/x86/kernel/dumpstack.c
···
410
410
IS_ENABLED(CONFIG_SMP) ? " SMP" : "",
411
411
debug_pagealloc_enabled() ? " DEBUG_PAGEALLOC" : "",
412
412
IS_ENABLED(CONFIG_KASAN) ? " KASAN" : "",
413
-
IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION) ?
413
+
IS_ENABLED(CONFIG_MITIGATION_PAGE_TABLE_ISOLATION) ?
414
414
(boot_cpu_has(X86_FEATURE_PTI) ? " PTI" : " NOPTI") : "");
415
415
}
416
416
NOKPROBE_SYMBOL(__die_header);
+2
-1
arch/x86/kernel/ftrace.c
+2
-1
arch/x86/kernel/ftrace.c
···
307
307
} __attribute__((packed));
308
308
};
309
309
310
-
#define RET_SIZE (IS_ENABLED(CONFIG_RETPOLINE) ? 5 : 1 + IS_ENABLED(CONFIG_SLS))
310
+
#define RET_SIZE \
311
+
(IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) ? 5 : 1 + IS_ENABLED(CONFIG_MITIGATION_SLS))
311
312
312
313
static unsigned long
313
314
create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+2
-2
arch/x86/kernel/head_32.S
+2
-2
arch/x86/kernel/head_32.S
···
414
414
.align 4
415
415
SYM_DATA(initial_code, .long i386_start_kernel)
416
416
417
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
417
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
418
418
#define PGD_ALIGN (2 * PAGE_SIZE)
419
419
#define PTI_USER_PGD_FILL 1024
420
420
#else
···
474
474
# endif
475
475
.align PAGE_SIZE /* needs to be page-sized too */
476
476
477
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
477
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
478
478
/*
479
479
* PTI needs another page so sync_initial_pagetable() works correctly
480
480
* and does not scribble over the data which is placed behind the
+1
-1
arch/x86/kernel/head_64.S
+1
-1
arch/x86/kernel/head_64.S
···
622
622
#define SYM_DATA_START_PAGE_ALIGNED(name) \
623
623
SYM_START(name, SYM_L_GLOBAL, .balign PAGE_SIZE)
624
624
625
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
625
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
626
626
/*
627
627
* Each PGD needs to be 8k long and 8k aligned. We do not
628
628
* ever go out to userspace with these, so we do not
+1
-1
arch/x86/kernel/kprobes/opt.c
+1
-1
arch/x86/kernel/kprobes/opt.c
···
324
324
* However, the kernel built with retpolines or IBT has jump
325
325
* tables disabled so the check can be skipped altogether.
326
326
*/
327
-
if (!IS_ENABLED(CONFIG_RETPOLINE) &&
327
+
if (!IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) &&
328
328
!IS_ENABLED(CONFIG_X86_KERNEL_IBT) &&
329
329
insn_is_indirect_jump(&insn))
330
330
return 0;
+4
-4
arch/x86/kernel/ldt.c
+4
-4
arch/x86/kernel/ldt.c
···
184
184
return new_ldt;
185
185
}
186
186
187
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
187
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
188
188
189
189
static void do_sanity_check(struct mm_struct *mm,
190
190
bool had_kernel_mapping,
···
377
377
flush_tlb_mm_range(mm, va, va + nr_pages * PAGE_SIZE, PAGE_SHIFT, false);
378
378
}
379
379
380
-
#else /* !CONFIG_PAGE_TABLE_ISOLATION */
380
+
#else /* !CONFIG_MITIGATION_PAGE_TABLE_ISOLATION */
381
381
382
382
static int
383
383
map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot)
···
388
388
static void unmap_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt)
389
389
{
390
390
}
391
-
#endif /* CONFIG_PAGE_TABLE_ISOLATION */
391
+
#endif /* CONFIG_MITIGATION_PAGE_TABLE_ISOLATION */
392
392
393
393
static void free_ldt_pgtables(struct mm_struct *mm)
394
394
{
395
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
395
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
396
396
struct mmu_gather tlb;
397
397
unsigned long start = LDT_BASE_ADDR;
398
398
unsigned long end = LDT_END_ADDR;
+1
-1
arch/x86/kernel/static_call.c
+1
-1
arch/x86/kernel/static_call.c
···
172
172
}
173
173
EXPORT_SYMBOL_GPL(arch_static_call_transform);
174
174
175
-
#ifdef CONFIG_RETHUNK
175
+
#ifdef CONFIG_MITIGATION_RETHUNK
176
176
/*
177
177
* This is called by apply_returns() to fix up static call trampolines,
178
178
* specifically ARCH_DEFINE_STATIC_CALL_NULL_TRAMP which is recorded as
+5
-5
arch/x86/kernel/vmlinux.lds.S
+5
-5
arch/x86/kernel/vmlinux.lds.S
···
133
133
LOCK_TEXT
134
134
KPROBES_TEXT
135
135
SOFTIRQENTRY_TEXT
136
-
#ifdef CONFIG_RETPOLINE
136
+
#ifdef CONFIG_MITIGATION_RETPOLINE
137
137
*(.text..__x86.indirect_thunk)
138
138
*(.text..__x86.return_thunk)
139
139
#endif
···
143
143
*(.text..__x86.rethunk_untrain)
144
144
ENTRY_TEXT
145
145
146
-
#ifdef CONFIG_CPU_SRSO
146
+
#ifdef CONFIG_MITIGATION_SRSO
147
147
/*
148
148
* See the comment above srso_alias_untrain_ret()'s
149
149
* definition.
···
268
268
}
269
269
#endif
270
270
271
-
#ifdef CONFIG_RETPOLINE
271
+
#ifdef CONFIG_MITIGATION_RETPOLINE
272
272
/*
273
273
* List of instructions that call/jmp/jcc to retpoline thunks
274
274
* __x86_indirect_thunk_*(). These instructions can be patched along
···
505
505
"fixed_percpu_data is not at start of per-cpu area");
506
506
#endif
507
507
508
-
#ifdef CONFIG_CPU_UNRET_ENTRY
508
+
#ifdef CONFIG_MITIGATION_UNRET_ENTRY
509
509
. = ASSERT((retbleed_return_thunk & 0x3f) == 0, "retbleed_return_thunk not cacheline-aligned");
510
510
#endif
511
511
512
-
#ifdef CONFIG_CPU_SRSO
512
+
#ifdef CONFIG_MITIGATION_SRSO
513
513
. = ASSERT((srso_safe_ret & 0x3f) == 0, "srso_safe_ret not cacheline-aligned");
514
514
/*
515
515
* GNU ld cannot do XOR until 2.41.
+1
-1
arch/x86/kvm/mmu/mmu.c
+1
-1
arch/x86/kvm/mmu/mmu.c
···
263
263
static inline unsigned long kvm_mmu_get_guest_pgd(struct kvm_vcpu *vcpu,
264
264
struct kvm_mmu *mmu)
265
265
{
266
-
if (IS_ENABLED(CONFIG_RETPOLINE) && mmu->get_guest_pgd == get_guest_cr3)
266
+
if (IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) && mmu->get_guest_pgd == get_guest_cr3)
267
267
return kvm_read_cr3(vcpu);
268
268
269
269
return mmu->get_guest_pgd(vcpu);
+1
-1
arch/x86/kvm/mmu/mmu_internal.h
+1
-1
arch/x86/kvm/mmu/mmu_internal.h
···
315
315
if (!prefetch)
316
316
vcpu->stat.pf_taken++;
317
317
318
-
if (IS_ENABLED(CONFIG_RETPOLINE) && fault.is_tdp)
318
+
if (IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) && fault.is_tdp)
319
319
r = kvm_tdp_page_fault(vcpu, &fault);
320
320
else
321
321
r = vcpu->arch.mmu->page_fault(vcpu, &fault);
+1
-1
arch/x86/kvm/svm/svm.c
+1
-1
arch/x86/kvm/svm/svm.c
···
3455
3455
if (!svm_check_exit_valid(exit_code))
3456
3456
return svm_handle_invalid_exit(vcpu, exit_code);
3457
3457
3458
-
#ifdef CONFIG_RETPOLINE
3458
+
#ifdef CONFIG_MITIGATION_RETPOLINE
3459
3459
if (exit_code == SVM_EXIT_MSR)
3460
3460
return msr_interception(vcpu);
3461
3461
else if (exit_code == SVM_EXIT_VINTR)
+2
-2
arch/x86/kvm/svm/vmenter.S
+2
-2
arch/x86/kvm/svm/vmenter.S
···
207
207
7: vmload %_ASM_AX
208
208
8:
209
209
210
-
#ifdef CONFIG_RETPOLINE
210
+
#ifdef CONFIG_MITIGATION_RETPOLINE
211
211
/* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */
212
212
FILL_RETURN_BUFFER %_ASM_AX, RSB_CLEAR_LOOPS, X86_FEATURE_RETPOLINE
213
213
#endif
···
344
344
/* Pop @svm to RDI, guest registers have been saved already. */
345
345
pop %_ASM_DI
346
346
347
-
#ifdef CONFIG_RETPOLINE
347
+
#ifdef CONFIG_MITIGATION_RETPOLINE
348
348
/* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */
349
349
FILL_RETURN_BUFFER %_ASM_AX, RSB_CLEAR_LOOPS, X86_FEATURE_RETPOLINE
350
350
#endif
+1
-1
arch/x86/kvm/vmx/vmx.c
+1
-1
arch/x86/kvm/vmx/vmx.c
···
6543
6543
6544
6544
if (exit_reason.basic >= kvm_vmx_max_exit_handlers)
6545
6545
goto unexpected_vmexit;
6546
-
#ifdef CONFIG_RETPOLINE
6546
+
#ifdef CONFIG_MITIGATION_RETPOLINE
6547
6547
if (exit_reason.basic == EXIT_REASON_MSR_WRITE)
6548
6548
return kvm_emulate_wrmsr(vcpu);
6549
6549
else if (exit_reason.basic == EXIT_REASON_PREEMPTION_TIMER)
+1
-1
arch/x86/lib/Makefile
+1
-1
arch/x86/lib/Makefile
···
49
49
lib-$(CONFIG_INSTRUCTION_DECODER) += insn.o inat.o insn-eval.o
50
50
lib-$(CONFIG_RANDOMIZE_BASE) += kaslr.o
51
51
lib-$(CONFIG_FUNCTION_ERROR_INJECTION) += error-inject.o
52
-
lib-$(CONFIG_RETPOLINE) += retpoline.o
52
+
lib-$(CONFIG_MITIGATION_RETPOLINE) += retpoline.o
53
53
54
54
obj-y += msr.o msr-reg.o msr-reg-export.o hweight.o
55
55
obj-y += iomem.o
+19
-22
arch/x86/lib/retpoline.S
+19
-22
arch/x86/lib/retpoline.S
···
71
71
#include <asm/GEN-for-each-reg.h>
72
72
#undef GEN
73
73
74
-
#ifdef CONFIG_CALL_DEPTH_TRACKING
74
+
#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING
75
75
.macro CALL_THUNK reg
76
76
.align RETPOLINE_THUNK_SIZE
77
77
···
127
127
#undef GEN
128
128
#endif
129
129
130
-
#ifdef CONFIG_RETHUNK
130
+
#ifdef CONFIG_MITIGATION_RETHUNK
131
131
132
132
/*
133
133
* Be careful here: that label cannot really be removed because in
···
138
138
*/
139
139
.section .text..__x86.return_thunk
140
140
141
-
#ifdef CONFIG_CPU_SRSO
141
+
#ifdef CONFIG_MITIGATION_SRSO
142
142
143
143
/*
144
144
* srso_alias_untrain_ret() and srso_alias_safe_ret() are placed at
···
225
225
226
226
#define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret"
227
227
#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret"
228
-
#else /* !CONFIG_CPU_SRSO */
228
+
#else /* !CONFIG_MITIGATION_SRSO */
229
229
#define JMP_SRSO_UNTRAIN_RET "ud2"
230
230
#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2"
231
-
#endif /* CONFIG_CPU_SRSO */
231
+
#endif /* CONFIG_MITIGATION_SRSO */
232
232
233
-
#ifdef CONFIG_CPU_UNRET_ENTRY
233
+
#ifdef CONFIG_MITIGATION_UNRET_ENTRY
234
234
235
235
/*
236
236
* Some generic notes on the untraining sequences:
···
312
312
SYM_FUNC_END(retbleed_untrain_ret)
313
313
314
314
#define JMP_RETBLEED_UNTRAIN_RET "jmp retbleed_untrain_ret"
315
-
#else /* !CONFIG_CPU_UNRET_ENTRY */
315
+
#else /* !CONFIG_MITIGATION_UNRET_ENTRY */
316
316
#define JMP_RETBLEED_UNTRAIN_RET "ud2"
317
-
#endif /* CONFIG_CPU_UNRET_ENTRY */
317
+
#endif /* CONFIG_MITIGATION_UNRET_ENTRY */
318
318
319
-
#if defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CPU_SRSO)
319
+
#if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO)
320
320
321
321
SYM_FUNC_START(entry_untrain_ret)
322
322
ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \
···
325
325
SYM_FUNC_END(entry_untrain_ret)
326
326
__EXPORT_THUNK(entry_untrain_ret)
327
327
328
-
#endif /* CONFIG_CPU_UNRET_ENTRY || CONFIG_CPU_SRSO */
328
+
#endif /* CONFIG_MITIGATION_UNRET_ENTRY || CONFIG_MITIGATION_SRSO */
329
329
330
-
#ifdef CONFIG_CALL_DEPTH_TRACKING
330
+
#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING
331
331
332
332
.align 64
333
333
SYM_FUNC_START(call_depth_return_thunk)
···
359
359
int3
360
360
SYM_FUNC_END(call_depth_return_thunk)
361
361
362
-
#endif /* CONFIG_CALL_DEPTH_TRACKING */
362
+
#endif /* CONFIG_MITIGATION_CALL_DEPTH_TRACKING */
363
363
364
364
/*
365
365
* This function name is magical and is used by -mfunction-return=thunk-extern
···
369
369
* 'JMP __x86_return_thunk' sites are changed to something else by
370
370
* apply_returns().
371
371
*
372
-
* This should be converted eventually to call a warning function which
373
-
* should scream loudly when the default return thunk is called after
374
-
* alternatives have been applied.
375
-
*
376
-
* That warning function cannot BUG() because the bug splat cannot be
377
-
* displayed in all possible configurations, leading to users not really
378
-
* knowing why the machine froze.
372
+
* The ALTERNATIVE below adds a really loud warning to catch the case
373
+
* where the insufficient default return thunk ends up getting used for
374
+
* whatever reason like miscompilation or failure of
375
+
* objtool/alternatives/etc to patch all the return sites.
379
376
*/
380
377
SYM_CODE_START(__x86_return_thunk)
381
378
UNWIND_HINT_FUNC
382
379
ANNOTATE_NOENDBR
383
-
ANNOTATE_UNRET_SAFE
384
-
ret
380
+
ALTERNATIVE __stringify(ANNOTATE_UNRET_SAFE; ret), \
381
+
"jmp warn_thunk_thunk", X86_FEATURE_ALWAYS
385
382
int3
386
383
SYM_CODE_END(__x86_return_thunk)
387
384
EXPORT_SYMBOL(__x86_return_thunk)
388
385
389
-
#endif /* CONFIG_RETHUNK */
386
+
#endif /* CONFIG_MITIGATION_RETHUNK */
+1
-1
arch/x86/mm/Makefile
+1
-1
arch/x86/mm/Makefile
···
60
60
61
61
obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
62
62
obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
63
-
obj-$(CONFIG_PAGE_TABLE_ISOLATION) += pti.o
63
+
obj-$(CONFIG_MITIGATION_PAGE_TABLE_ISOLATION) += pti.o
64
64
65
65
obj-$(CONFIG_X86_MEM_ENCRYPT) += mem_encrypt.o
66
66
obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_amd.o
+2
-2
arch/x86/mm/debug_pagetables.c
+2
-2
arch/x86/mm/debug_pagetables.c
···
22
22
23
23
DEFINE_SHOW_ATTRIBUTE(ptdump_curknl);
24
24
25
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
25
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
26
26
static int ptdump_curusr_show(struct seq_file *m, void *v)
27
27
{
28
28
if (current->mm->pgd)
···
54
54
debugfs_create_file("current_kernel", 0400, dir, NULL,
55
55
&ptdump_curknl_fops);
56
56
57
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
57
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
58
58
debugfs_create_file("current_user", 0400, dir, NULL,
59
59
&ptdump_curusr_fops);
60
60
#endif
+2
-2
arch/x86/mm/dump_pagetables.c
+2
-2
arch/x86/mm/dump_pagetables.c
···
408
408
bool user)
409
409
{
410
410
pgd_t *pgd = mm->pgd;
411
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
411
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
412
412
if (user && boot_cpu_has(X86_FEATURE_PTI))
413
413
pgd = kernel_to_user_pgdp(pgd);
414
414
#endif
···
418
418
419
419
void ptdump_walk_user_pgd_level_checkwx(void)
420
420
{
421
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
421
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
422
422
pgd_t *pgd = INIT_PGD;
423
423
424
424
if (!(__supported_pte_mask & _PAGE_NX) ||
+2
-2
arch/x86/mm/pgtable.c
+2
-2
arch/x86/mm/pgtable.c
···
293
293
for (i = 0; i < PREALLOCATED_PMDS; i++)
294
294
mop_up_one_pmd(mm, &pgdp[i]);
295
295
296
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
296
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
297
297
298
298
if (!boot_cpu_has(X86_FEATURE_PTI))
299
299
return;
···
325
325
}
326
326
}
327
327
328
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
328
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
329
329
static void pgd_prepopulate_user_pmd(struct mm_struct *mm,
330
330
pgd_t *k_pgd, pmd_t *pmds[])
331
331
{
+5
-5
arch/x86/mm/tlb.c
+5
-5
arch/x86/mm/tlb.c
···
89
89
#define CR3_HW_ASID_BITS 12
90
90
91
91
/*
92
-
* When enabled, PAGE_TABLE_ISOLATION consumes a single bit for
92
+
* When enabled, MITIGATION_PAGE_TABLE_ISOLATION consumes a single bit for
93
93
* user/kernel switches
94
94
*/
95
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
95
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
96
96
# define PTI_CONSUMED_PCID_BITS 1
97
97
#else
98
98
# define PTI_CONSUMED_PCID_BITS 0
···
114
114
{
115
115
VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE);
116
116
117
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
117
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
118
118
/*
119
119
* Make sure that the dynamic ASID space does not conflict with the
120
120
* bit we are using to switch between user and kernel ASIDs.
···
149
149
static inline u16 user_pcid(u16 asid)
150
150
{
151
151
u16 ret = kern_pcid(asid);
152
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
152
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
153
153
ret |= 1 << X86_CR3_PTI_PCID_USER_BIT;
154
154
#endif
155
155
return ret;
···
262
262
static inline void invalidate_user_asid(u16 asid)
263
263
{
264
264
/* There is no user ASID if address space separation is off */
265
-
if (!IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION))
265
+
if (!IS_ENABLED(CONFIG_MITIGATION_PAGE_TABLE_ISOLATION))
266
266
return;
267
267
268
268
/*
+2
-2
arch/x86/net/bpf_jit_comp.c
+2
-2
arch/x86/net/bpf_jit_comp.c
···
553
553
emit_jump(&prog, &__x86_indirect_thunk_array[reg], ip);
554
554
} else {
555
555
EMIT2(0xFF, 0xE0 + reg); /* jmp *%\reg */
556
-
if (IS_ENABLED(CONFIG_RETPOLINE) || IS_ENABLED(CONFIG_SLS))
556
+
if (IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) || IS_ENABLED(CONFIG_MITIGATION_SLS))
557
557
EMIT1(0xCC); /* int3 */
558
558
}
559
559
···
568
568
emit_jump(&prog, x86_return_thunk, ip);
569
569
} else {
570
570
EMIT1(0xC3); /* ret */
571
-
if (IS_ENABLED(CONFIG_SLS))
571
+
if (IS_ENABLED(CONFIG_MITIGATION_SLS))
572
572
EMIT1(0xCC); /* int3 */
573
573
}
574
574
+1
-1
arch/x86/net/bpf_jit_comp32.c
+1
-1
arch/x86/net/bpf_jit_comp32.c
+1
-1
arch/x86/purgatory/Makefile
+1
-1
arch/x86/purgatory/Makefile
+1
-1
include/linux/compiler-gcc.h
+1
-1
include/linux/compiler-gcc.h
+1
-1
include/linux/indirect_call_wrapper.h
+1
-1
include/linux/indirect_call_wrapper.h
+1
-1
include/linux/module.h
+1
-1
include/linux/module.h
···
885
885
static inline void module_bug_cleanup(struct module *mod) {}
886
886
#endif /* CONFIG_GENERIC_BUG */
887
887
888
-
#ifdef CONFIG_RETPOLINE
888
+
#ifdef CONFIG_MITIGATION_RETPOLINE
889
889
extern bool retpoline_module_ok(bool has_retpoline);
890
890
#else
891
891
static inline bool retpoline_module_ok(bool has_retpoline)
+1
-1
include/linux/objtool.h
+1
-1
include/linux/objtool.h
···
131
131
*/
132
132
.macro VALIDATE_UNRET_BEGIN
133
133
#if defined(CONFIG_NOINSTR_VALIDATION) && \
134
-
(defined(CONFIG_CPU_UNRET_ENTRY) || defined(CONFIG_CPU_SRSO))
134
+
(defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO))
135
135
.Lhere_\@:
136
136
.pushsection .discard.validate_unret
137
137
.long .Lhere_\@ - .
+1
-1
include/linux/pti.h
+1
-1
include/linux/pti.h
+1
-1
include/net/netfilter/nf_tables_core.h
+1
-1
include/net/netfilter/nf_tables_core.h
···
93
93
extern const struct nft_set_type nft_set_pipapo_type;
94
94
extern const struct nft_set_type nft_set_pipapo_avx2_type;
95
95
96
-
#ifdef CONFIG_RETPOLINE
96
+
#ifdef CONFIG_MITIGATION_RETPOLINE
97
97
bool nft_rhash_lookup(const struct net *net, const struct nft_set *set,
98
98
const u32 *key, const struct nft_set_ext **ext);
99
99
bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set,
+1
-1
include/net/tc_wrapper.h
+1
-1
include/net/tc_wrapper.h
+1
-1
kernel/trace/ring_buffer.c
+1
-1
kernel/trace/ring_buffer.c
···
1009
1009
u64 ts;
1010
1010
1011
1011
/* Skip retpolines :-( */
1012
-
if (IS_ENABLED(CONFIG_RETPOLINE) && likely(buffer->clock == trace_clock_local))
1012
+
if (IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) && likely(buffer->clock == trace_clock_local))
1013
1013
ts = trace_clock_local();
1014
1014
else
1015
1015
ts = buffer->clock();
+1
-1
net/netfilter/Makefile
+1
-1
net/netfilter/Makefile
+3
-3
net/netfilter/nf_tables_core.c
+3
-3
net/netfilter/nf_tables_core.c
···
21
21
#include <net/netfilter/nf_log.h>
22
22
#include <net/netfilter/nft_meta.h>
23
23
24
-
#if defined(CONFIG_RETPOLINE) && defined(CONFIG_X86)
24
+
#if defined(CONFIG_MITIGATION_RETPOLINE) && defined(CONFIG_X86)
25
25
26
26
static struct static_key_false nf_tables_skip_direct_calls;
27
27
···
207
207
struct nft_regs *regs,
208
208
struct nft_pktinfo *pkt)
209
209
{
210
-
#ifdef CONFIG_RETPOLINE
210
+
#ifdef CONFIG_MITIGATION_RETPOLINE
211
211
unsigned long e;
212
212
213
213
if (nf_skip_indirect_calls())
···
236
236
X(e, nft_objref_map_eval);
237
237
#undef X
238
238
indirect_call:
239
-
#endif /* CONFIG_RETPOLINE */
239
+
#endif /* CONFIG_MITIGATION_RETPOLINE */
240
240
expr->ops->eval(expr, regs, pkt);
241
241
}
242
242
+2
-2
net/netfilter/nft_ct.c
+2
-2
net/netfilter/nft_ct.c
···
754
754
return false;
755
755
}
756
756
757
-
#ifdef CONFIG_RETPOLINE
757
+
#ifdef CONFIG_MITIGATION_RETPOLINE
758
758
static const struct nft_expr_ops nft_ct_get_fast_ops = {
759
759
.type = &nft_ct_type,
760
760
.size = NFT_EXPR_SIZE(sizeof(struct nft_ct)),
···
799
799
return ERR_PTR(-EINVAL);
800
800
801
801
if (tb[NFTA_CT_DREG]) {
802
-
#ifdef CONFIG_RETPOLINE
802
+
#ifdef CONFIG_MITIGATION_RETPOLINE
803
803
u32 k = ntohl(nla_get_be32(tb[NFTA_CT_KEY]));
804
804
805
805
switch (k) {
+1
-1
net/netfilter/nft_lookup.c
+1
-1
net/netfilter/nft_lookup.c
+1
-1
net/sched/sch_api.c
+1
-1
net/sched/sch_api.c
+4
-4
scripts/Makefile.lib
+4
-4
scripts/Makefile.lib
···
254
254
255
255
objtool-args-$(CONFIG_HAVE_JUMP_LABEL_HACK) += --hacks=jump_label
256
256
objtool-args-$(CONFIG_HAVE_NOINSTR_HACK) += --hacks=noinstr
257
-
objtool-args-$(CONFIG_CALL_DEPTH_TRACKING) += --hacks=skylake
257
+
objtool-args-$(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) += --hacks=skylake
258
258
objtool-args-$(CONFIG_X86_KERNEL_IBT) += --ibt
259
259
objtool-args-$(CONFIG_FINEIBT) += --cfi
260
260
objtool-args-$(CONFIG_FTRACE_MCOUNT_USE_OBJTOOL) += --mcount
···
262
262
objtool-args-$(CONFIG_HAVE_OBJTOOL_NOP_MCOUNT) += --mnop
263
263
endif
264
264
objtool-args-$(CONFIG_UNWINDER_ORC) += --orc
265
-
objtool-args-$(CONFIG_RETPOLINE) += --retpoline
266
-
objtool-args-$(CONFIG_RETHUNK) += --rethunk
267
-
objtool-args-$(CONFIG_SLS) += --sls
265
+
objtool-args-$(CONFIG_MITIGATION_RETPOLINE) += --retpoline
266
+
objtool-args-$(CONFIG_MITIGATION_RETHUNK) += --rethunk
267
+
objtool-args-$(CONFIG_MITIGATION_SLS) += --sls
268
268
objtool-args-$(CONFIG_STACK_VALIDATION) += --stackval
269
269
objtool-args-$(CONFIG_HAVE_STATIC_CALL_INLINE) += --static-call
270
270
objtool-args-$(CONFIG_HAVE_UACCESS_VALIDATION) += --uaccess
+1
-1
scripts/Makefile.vmlinux_o
+1
-1
scripts/Makefile.vmlinux_o
···
38
38
vmlinux-objtool-args-$(delay-objtool) += $(objtool-args-y)
39
39
vmlinux-objtool-args-$(CONFIG_GCOV_KERNEL) += --no-unreachable
40
40
vmlinux-objtool-args-$(CONFIG_NOINSTR_VALIDATION) += --noinstr \
41
-
$(if $(or $(CONFIG_CPU_UNRET_ENTRY),$(CONFIG_CPU_SRSO)), --unret)
41
+
$(if $(or $(CONFIG_MITIGATION_UNRET_ENTRY),$(CONFIG_MITIGATION_SRSO)), --unret)
42
42
43
43
objtool-args = $(vmlinux-objtool-args-y) --link
44
44
+1
-1
scripts/generate_rust_target.rs
+1
-1
scripts/generate_rust_target.rs
···
155
155
"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128",
156
156
);
157
157
let mut features = "-3dnow,-3dnowa,-mmx,+soft-float".to_string();
158
-
if cfg.has("RETPOLINE") {
158
+
if cfg.has("MITIGATION_RETPOLINE") {
159
159
features += ",+retpoline-external-thunk";
160
160
}
161
161
ts.push("features", features);
+1
-1
scripts/mod/modpost.c
+1
-1
scripts/mod/modpost.c
+5
-5
tools/arch/x86/include/asm/disabled-features.h
+5
-5
tools/arch/x86/include/asm/disabled-features.h
···
44
44
# define DISABLE_LA57 (1<<(X86_FEATURE_LA57 & 31))
45
45
#endif
46
46
47
-
#ifdef CONFIG_PAGE_TABLE_ISOLATION
47
+
#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
48
48
# define DISABLE_PTI 0
49
49
#else
50
50
# define DISABLE_PTI (1 << (X86_FEATURE_PTI & 31))
51
51
#endif
52
52
53
-
#ifdef CONFIG_RETPOLINE
53
+
#ifdef CONFIG_MITIGATION_RETPOLINE
54
54
# define DISABLE_RETPOLINE 0
55
55
#else
56
56
# define DISABLE_RETPOLINE ((1 << (X86_FEATURE_RETPOLINE & 31)) | \
57
57
(1 << (X86_FEATURE_RETPOLINE_LFENCE & 31)))
58
58
#endif
59
59
60
-
#ifdef CONFIG_RETHUNK
60
+
#ifdef CONFIG_MITIGATION_RETHUNK
61
61
# define DISABLE_RETHUNK 0
62
62
#else
63
63
# define DISABLE_RETHUNK (1 << (X86_FEATURE_RETHUNK & 31))
64
64
#endif
65
65
66
-
#ifdef CONFIG_CPU_UNRET_ENTRY
66
+
#ifdef CONFIG_MITIGATION_UNRET_ENTRY
67
67
# define DISABLE_UNRET 0
68
68
#else
69
69
# define DISABLE_UNRET (1 << (X86_FEATURE_UNRET & 31))
70
70
#endif
71
71
72
-
#ifdef CONFIG_CALL_DEPTH_TRACKING
72
+
#ifdef CONFIG_MITIGATION_CALL_DEPTH_TRACKING
73
73
# define DISABLE_CALL_DEPTH_TRACKING 0
74
74
#else
75
75
# define DISABLE_CALL_DEPTH_TRACKING (1 << (X86_FEATURE_CALL_DEPTH & 31))
+1
-1
tools/objtool/arch/x86/special.c
+1
-1
tools/objtool/arch/x86/special.c
···
83
83
* TODO: Once we have DWARF CFI and smarter instruction decoding logic,
84
84
* ensure the same register is used in the mov and jump instructions.
85
85
*
86
-
* NOTE: RETPOLINE made it harder still to decode dynamic jumps.
86
+
* NOTE: MITIGATION_RETPOLINE made it harder still to decode dynamic jumps.
87
87
*/
88
88
struct reloc *arch_find_switch_table(struct objtool_file *file,
89
89
struct instruction *insn)
+2
-2
tools/objtool/check.c
+2
-2
tools/objtool/check.c
···
3980
3980
3981
3981
if (insn->type == INSN_RETURN) {
3982
3982
if (opts.rethunk) {
3983
-
WARN_INSN(insn, "'naked' return found in RETHUNK build");
3983
+
WARN_INSN(insn, "'naked' return found in MITIGATION_RETHUNK build");
3984
3984
} else
3985
3985
continue;
3986
3986
} else {
3987
-
WARN_INSN(insn, "indirect %s found in RETPOLINE build",
3987
+
WARN_INSN(insn, "indirect %s found in MITIGATION_RETPOLINE build",
3988
3988
insn->type == INSN_JUMP_DYNAMIC ? "jump" : "call");
3989
3989
}
3990
3990