From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org,
"Arjan van de Ven" <arjan@linux.intel.com>,
"Rik van Riel" <riel@redhat.com>,
"Kees Cook" <keescook@google.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"Greg Kroah-Hartman" <gregkh@linux-foundation.org>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Jiri Kosina" <jikos@kernel.org>,
thomas.lendacky@amd.com, "Ingo Molnar" <mingo@kernel.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
gnomes@lxorguk.ukuu.org.uk,
"Andy Lutomirski" <luto@amacapital.net>,
"Peter Zijlstra" <peterz@infradead.org>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Tim Chen" <tim.c.chen@linux.intel.com>,
"Paul Turner" <pjt@google.com>, "Andi Kleen" <ak@linux.intel.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>
Subject: [PATCH 3.16 25/76] x86/retpoline/crypto: Convert crypto assembler indirect jumps
Date: Mon, 12 Mar 2018 03:06:12 +0000 [thread overview]
Message-ID: <lsq.1520823972.28219259@decadent.org.uk> (raw)
In-Reply-To: <lsq.1520823971.5976735@decadent.org.uk>
3.16.56-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: David Woodhouse <dwmw@amazon.co.uk>
commit 9697fa39efd3fc3692f2949d4045f393ec58450b upstream.
Convert all indirect jumps in crypto assembler code to use non-speculative
sequences when CONFIG_RETPOLINE is enabled.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Kees Cook <keescook@google.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/1515707194-20531-6-git-send-email-dwmw@amazon.co.uk
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/crypto/aesni-intel_asm.S | 5 +++--
arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 ++-
arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 ++-
arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 ++-
4 files changed, 9 insertions(+), 5 deletions(-)
--- a/arch/x86/crypto/aesni-intel_asm.S
+++ b/arch/x86/crypto/aesni-intel_asm.S
@@ -31,6 +31,7 @@
#include <linux/linkage.h>
#include <asm/inst.h>
+#include <asm/nospec-branch.h>
#ifdef __x86_64__
.data
@@ -2703,7 +2704,7 @@ ENTRY(aesni_xts_crypt8)
pxor INC, STATE4
movdqu IV, 0x30(OUTP)
- call *%r11
+ CALL_NOSPEC %r11
movdqu 0x00(OUTP), INC
pxor INC, STATE1
@@ -2748,7 +2749,7 @@ ENTRY(aesni_xts_crypt8)
_aesni_gf128mul_x_ble()
movups IV, (IVP)
- call *%r11
+ CALL_NOSPEC %r11
movdqu 0x40(OUTP), INC
pxor INC, STATE1
--- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S
+++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
@@ -16,6 +16,7 @@
*/
#include <linux/linkage.h>
+#include <asm/nospec-branch.h>
#define CAMELLIA_TABLE_BYTE_LEN 272
@@ -1210,7 +1211,7 @@ camellia_xts_crypt_16way:
vpxor 14 * 16(%rax), %xmm15, %xmm14;
vpxor 15 * 16(%rax), %xmm15, %xmm15;
- call *%r9;
+ CALL_NOSPEC %r9;
addq $(16 * 16), %rsp;
--- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
+++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
@@ -11,6 +11,7 @@
*/
#include <linux/linkage.h>
+#include <asm/nospec-branch.h>
#define CAMELLIA_TABLE_BYTE_LEN 272
@@ -1323,7 +1324,7 @@ camellia_xts_crypt_32way:
vpxor 14 * 32(%rax), %ymm15, %ymm14;
vpxor 15 * 32(%rax), %ymm15, %ymm15;
- call *%r9;
+ CALL_NOSPEC %r9;
addq $(16 * 32), %rsp;
--- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
+++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
@@ -45,6 +45,7 @@
#include <asm/inst.h>
#include <linux/linkage.h>
+#include <asm/nospec-branch.h>
## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction
@@ -171,7 +172,7 @@ continue_block:
movzxw (bufp, %rax, 2), len
offset=crc_array-jump_table
lea offset(bufp, len, 1), bufp
- jmp *bufp
+ JMP_NOSPEC bufp
################################################################
## 2a) PROCESS FULL BLOCKS:
next prev parent reply other threads:[~2018-03-12 3:06 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 3:06 [PATCH 3.16 00/76] 3.16.56-rc1 review Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 48/76] x86/bugs: Drop one "mitigation" from dmesg Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 47/76] x86/nospec: Fix header guards names Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 31/76] x86/retpoline/irq32: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 58/76] nl80211: Sanitize array index in parse_txq_params Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 68/76] nospec: Move array_index_nospec() parameter checking into separate macro Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 01/76] kvm: vmx: Scrub hardware GPRs at VM-exit Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 38/76] x86/pti: Document fix wrong index Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 30/76] x86/retpoline/checksum32: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 04/76] x86/cpufeatures: Make CPU bugs sticky Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 20/76] kconfig.h: use __is_defined() to check if MODULE is defined Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 41/76] x86/retpoline: Fill RSB on context switch for affected CPUs Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 69/76] nospec: Kill array_index_nospec_mask_check() Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 46/76] module/retpoline: Warn about missing retpoline in module Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 65/76] x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 72/76] x86: fix SMAP in 32-bit environments Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 67/76] x86/spectre: Fix an error message Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 16/76] x86/alternatives: Fix optimize_nops() checking Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 28/76] x86/retpoline/hyperv: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 21/76] x86: Clean up current_stack_pointer Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 05/76] x86/cpufeatures: Add X86_BUG_CPU_INSECURE Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 14/76] x86/alternatives: Fix ALTERNATIVE_2 padding generation properly Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 42/76] x86/cpu: Change type of x86_cache_size variable to unsigned int Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 18/76] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 35/76] retpoline: Introduce start/end markers of indirect thunk Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 66/76] x86/cpufeatures: Clean up Spectre v2 related CPUID flags Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 36/76] kprobes/x86: Blacklist indirect thunk functions for kprobes Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 43/76] x86/retpoline: Remove the esp/rsp thunk Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 49/76] x86/cpu/bugs: Make retpoline module warning conditional Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 17/76] x86/cpu/AMD: Make LFENCE a serializing instruction Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 40/76] x86/cpu/intel: Introduce macros for Intel family numbers Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 55/76] x86/get_user: Use pointer masking to limit speculation Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 09/76] x86/cpu: Merge bugs.c and bugs_64.c Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 51/76] Documentation: Document array_index_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 22/76] x86/asm: Use register variable to get stack pointer value Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 45/76] KVM: VMX: Make indirect call speculation safe Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 54/76] x86: Introduce barrier_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 33/76] x86/retpoline: Remove compile time warning Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 75/76] x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 10/76] sysfs/cpu: Add vulnerability folder Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 08/76] x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 71/76] x86: reorganize SMAP handling in user space accesses Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 52/76] array_index_nospec: Sanitize speculative array de-references Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 56/76] x86/syscall: Sanitize syscall table de-references under speculation Ben Hutchings
2018-03-12 7:32 ` Jiri Slaby
2018-03-19 0:59 ` Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 13/76] x86/alternatives: Guard NOPs optimization Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 74/76] x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 19/76] x86/asm: Make asm/alternative.h safe from assembly Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 73/76] x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 06/76] x86/cpu, x86/pti: Do not enable PTI on AMD processors Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 03/76] x86/cpu: Factor out application of forced CPU caps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 12/76] sysfs/cpu: Fix typos in vulnerability documentation Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 37/76] kprobes/x86: Disable optimizing on the function jumps to indirect thunk Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 11/76] x86/cpu: Implement CPU vulnerabilites sysfs functions Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 26/76] x86/retpoline/entry: Convert entry assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 24/76] x86/spectre: Add boot time option to select Spectre v2 mitigation Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 29/76] x86/retpoline/xen: Convert Xen hypercall indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 32/76] x86/retpoline: Fill return stack buffer on vmexit Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 15/76] x86/alternatives: Make optimize_nops() interrupt safe and synced Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 57/76] vfs, fdtable: Prevent bounds-check bypass via speculative execution Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 53/76] x86: Implement array_index_mask_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 63/76] x86/retpoline: Avoid retpolines for built-in __init functions Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 59/76] x86/spectre: Report get_user mitigation for spectre_v1 Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 70/76] nospec: Include <asm/barrier.h> dependency Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 44/76] KVM: x86: Make indirect calls in emulator speculation safe Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 64/76] x86/spectre: Simplify spectre_v2 command line parsing Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 07/76] x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 60/76] x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 23/76] x86/retpoline: Add initial retpoline support Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 61/76] x86/paravirt: Remove 'noreplace-paravirt' cmdline option Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 02/76] x86/Documentation: Add PTI description Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 27/76] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 62/76] x86/kvm: Update spectre-v1 mitigation Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 34/76] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros Ben Hutchings
2018-03-12 3:06 ` Ben Hutchings [this message]
2018-03-12 3:06 ` [PATCH 3.16 39/76] x86/retpoline: Optimize inline assembler for vmexit_fill_RSB Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 76/76] x86: fix build warnign with 32-bit PAE Ben Hutchings
2018-03-12 15:00 ` [PATCH 3.16 00/76] 3.16.56-rc1 review Guenter Roeck
2018-03-12 16:45 ` Guenter Roeck
2018-03-20 17:25 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1520823972.28219259@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@linux.intel.com \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=gregkh@linux-foundation.org \
--cc=jikos@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=riel@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox