From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:43078 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932563AbeAOI4M (ORCPT
        <rfc822;stable@vger.kernel.org>); Mon, 15 Jan 2018 03:56:12 -0500
Subject: Patch "x86/retpoline/ftrace: Convert ftrace assembler indirect jumps" has been added to the 4.14-stable tree
To: dwmw@amazon.co.uk, ak@linux.intel.com, arjan@linux.intel.com,
        dave.hansen@intel.com, gregkh@linux-foundation.org,
        gregkh@linuxfoundation.org, jikos@kernel.org, jpoimboe@redhat.com,
        keescook@google.com, luto@amacapital.net, mingo@kernel.org,
        peterz@infradead.org, pjt@google.com, riel@redhat.com,
        tglx@linutronix.de, tim.c.chen@linux.intel.com,
        torvalds@linux-foundation.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Mon, 15 Jan 2018 09:54:54 +0100
Message-ID: <1516006494221179@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    x86/retpoline/ftrace: Convert ftrace assembler indirect jumps

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From 9351803bd803cdbeb9b5a7850b7b6f464806e3db Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 11 Jan 2018 21:46:29 +0000
Subject: x86/retpoline/ftrace: Convert ftrace assembler indirect jumps

From: David Woodhouse <dwmw@amazon.co.uk>

commit 9351803bd803cdbeb9b5a7850b7b6f464806e3db upstream.

Convert all indirect jumps in ftrace assembler code to use non-speculative
sequences when CONFIG_RETPOLINE is enabled.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-8-git-send-email-dwmw@amazon.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/ftrace_32.S |    6 ++++--
 arch/x86/kernel/ftrace_64.S |    8 ++++----
 2 files changed, 8 insertions(+), 6 deletions(-)

--- a/arch/x86/kernel/ftrace_32.S
+++ b/arch/x86/kernel/ftrace_32.S
@@ -8,6 +8,7 @@
 #include <asm/segment.h>
 #include <asm/export.h>
 #include <asm/ftrace.h>
+#include <asm/nospec-branch.h>
 
 #ifdef CC_USING_FENTRY
 # define function_hook	__fentry__
@@ -197,7 +198,8 @@ ftrace_stub:
 	movl	0x4(%ebp), %edx
 	subl	$MCOUNT_INSN_SIZE, %eax
 
-	call	*ftrace_trace_function
+	movl	ftrace_trace_function, %ecx
+	CALL_NOSPEC %ecx
 
 	popl	%edx
 	popl	%ecx
@@ -241,5 +243,5 @@ return_to_handler:
 	movl	%eax, %ecx
 	popl	%edx
 	popl	%eax
-	jmp	*%ecx
+	JMP_NOSPEC %ecx
 #endif
--- a/arch/x86/kernel/ftrace_64.S
+++ b/arch/x86/kernel/ftrace_64.S
@@ -7,7 +7,7 @@
 #include <asm/ptrace.h>
 #include <asm/ftrace.h>
 #include <asm/export.h>
-
+#include <asm/nospec-branch.h>
 
 	.code64
 	.section .entry.text, "ax"
@@ -286,8 +286,8 @@ trace:
 	 * ip and parent ip are used and the list function is called when
 	 * function tracing is enabled.
 	 */
-	call   *ftrace_trace_function
-
+	movq ftrace_trace_function, %r8
+	CALL_NOSPEC %r8
 	restore_mcount_regs
 
 	jmp fgraph_trace
@@ -329,5 +329,5 @@ GLOBAL(return_to_handler)
 	movq 8(%rsp), %rdx
 	movq (%rsp), %rax
 	addq $24, %rsp
-	jmp *%rdi
+	JMP_NOSPEC %rdi
 #endif


Patches currently in stable-queue which might be from dwmw@amazon.co.uk are

queue-4.14/x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch
queue-4.14/x86-retpoline-irq32-convert-assembler-indirect-jumps.patch
queue-4.14/objtool-detect-jumps-to-retpoline-thunks.patch
queue-4.14/x86-cpufeatures-add-x86_bug_spectre_v.patch
queue-4.14/x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch
queue-4.14/x86-mm-pti-remove-dead-logic-in-pti_user_pagetable_walk.patch
queue-4.14/x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch
queue-4.14/sysfs-cpu-fix-typos-in-vulnerability-documentation.patch
queue-4.14/x86-pti-fix-pcid-and-sanitize-defines.patch
queue-4.14/x86-cpu-amd-make-lfence-a-serializing-instruction.patch
queue-4.14/x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch
queue-4.14/objtool-allow-alternatives-to-be-ignored.patch
queue-4.14/x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch
queue-4.14/x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch
queue-4.14/x86-tboot-unbreak-tboot-with-pti-enabled.patch
queue-4.14/x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch
queue-4.14/x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch
queue-4.14/x86-pti-make-unpoison-of-pgd-for-trusted-boot-work-for-real.patch
queue-4.14/sysfs-cpu-add-vulnerability-folder.patch
queue-4.14/x86-retpoline-fill-return-stack-buffer-on-vmexit.patch
queue-4.14/x86-retpoline-remove-compile-time-warning.patch
queue-4.14/x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch
queue-4.14/x86-retpoline-add-initial-retpoline-support.patch