Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 55151142 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86 pti fixes from Thomas Gleixner:
 "A small set of fixes for the meltdown/spectre mitigations:

   - Make kprobes aware of retpolines to prevent probes in the retpoline
     thunks.

   - Make the machine check exception speculation protected. MCE used to
     issue an indirect call directly from the ASM entry code. Convert
     that to a direct call into a C-function and issue the indirect call
     from there so the compiler can add the retpoline protection,

   - Make the vmexit_fill_RSB() assembly less stupid

   - Fix a typo in the PTI documentation"

* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
  x86/pti: Document fix wrong index
  kprobes/x86: Disable optimizing on the function jumps to indirect thunk
  kprobes/x86: Blacklist indirect thunk functions for kprobes
  retpoline: Introduce start/end markers of indirect thunk
  x86/mce: Make machine check speculation protected
parents 319f1e04 3f7d8755

Documentation/x86/pti.txt

+1 −1
Original line number Diff line number Diff line
@@ -78,7 +78,7 @@ this protection comes at a cost: 
     non-PTI SYSCALL entry code, so requires mapping fewer

     things into the userspace page tables.  The downside is

     that stacks must be switched at entry time.

  d. Global pages are disabled for all kernel structures not

  c. Global pages are disabled for all kernel structures not

     mapped into both kernel and userspace page tables.  This

     feature of the MMU allows different processes to share TLB

     entries mapping the kernel.  Losing the feature means more

arch/x86/entry/entry_64.S

+1 −1
Original line number Diff line number Diff line
@@ -1264,7 +1264,7 @@ idtentry async_page_fault do_async_page_fault has_error_code=1 
#endif



#ifdef CONFIG_X86_MCE

idtentry machine_check					has_error_code=0	paranoid=1 do_sym=*machine_check_vector(%rip)

idtentry machine_check		do_mce			has_error_code=0	paranoid=1

#endif



/*

arch/x86/include/asm/nospec-branch.h

+7 −3
Original line number Diff line number Diff line
@@ -194,6 +194,9 @@ enum spectre_v2_mitigation { 
	SPECTRE_V2_IBRS,

};



extern char __indirect_thunk_start[];

extern char __indirect_thunk_end[];



/*

 * On VMEXIT we must ensure that no RSB predictions learned in the guest

 * can be followed in the host, by overwriting the RSB completely. Both
@@ -203,16 +206,17 @@ enum spectre_v2_mitigation { 
static inline void vmexit_fill_RSB(void)

{

#ifdef CONFIG_RETPOLINE

	unsigned long loops = RSB_CLEAR_LOOPS / 2;

	unsigned long loops;



	asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE

		      ALTERNATIVE("jmp 910f",

				  __stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1)),

				  X86_FEATURE_RETPOLINE)

		      "910:"

		      : "=&r" (loops), ASM_CALL_CONSTRAINT

		      : "r" (loops) : "memory" );

		      : "=r" (loops), ASM_CALL_CONSTRAINT

		      : : "memory" );

#endif

}



#endif /* __ASSEMBLY__ */

#endif /* __NOSPEC_BRANCH_H__ */

arch/x86/include/asm/traps.h

+1 −0
Original line number Diff line number Diff line
@@ -88,6 +88,7 @@ dotraplinkage void do_simd_coprocessor_error(struct pt_regs *, long); 
#ifdef CONFIG_X86_32

dotraplinkage void do_iret_error(struct pt_regs *, long);

#endif

dotraplinkage void do_mce(struct pt_regs *, long);



static inline int get_si_code(unsigned long condition)

{

arch/x86/kernel/cpu/mcheck/mce.c

+5 −0
Original line number Diff line number Diff line
@@ -1785,6 +1785,11 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) 
void (*machine_check_vector)(struct pt_regs *, long error_code) =

						unexpected_machine_check;



dotraplinkage void do_mce(struct pt_regs *regs, long error_code)

{

	machine_check_vector(regs, error_code);

}



/*

 * Called for each booted CPU to set up machine checks.

 * Must be called with preempt off: