|
 |
e293be |
diff -up ./arch/x86/kernel/entry_32.S.spec32 ./arch/x86/kernel/entry_32.S
|
|
|
e293be |
--- ./arch/x86/kernel/entry_32.S.spec32 2018-10-24 20:12:20.000000000 +0900
|
|
|
e293be |
+++ ./arch/x86/kernel/entry_32.S 2018-10-24 20:19:21.000000000 +0900
|
|
|
e293be |
@@ -58,6 +58,7 @@
|
|
|
e293be |
#include <asm/alternative-asm.h>
|
|
|
e293be |
#include <asm/asm.h>
|
|
|
e293be |
#include <asm/smap.h>
|
|
|
e293be |
+#include <asm/nospec-branch.h>
|
|
|
e293be |
|
|
|
e293be |
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
|
|
|
e293be |
#include <linux/elf-em.h>
|
|
|
e293be |
@@ -308,7 +309,8 @@ ENTRY(ret_from_kernel_thread)
|
|
|
e293be |
pushl_cfi $0x0202 # Reset kernel eflags
|
|
|
e293be |
popfl_cfi
|
|
|
e293be |
movl PT_EBP(%esp),%eax
|
|
|
e293be |
- call *PT_EBX(%esp)
|
|
|
e293be |
+ movl PT_EBX(%esp), %edx
|
|
|
e293be |
+ CALL_NOSPEC %edx
|
|
|
e293be |
movl $0,PT_EAX(%esp)
|
|
|
e293be |
jmp syscall_exit
|
|
|
e293be |
CFI_ENDPROC
|
|
|
e293be |
@@ -435,7 +437,14 @@ sysenter_past_esp:
|
|
|
e293be |
sysenter_do_call:
|
|
|
e293be |
cmpl $(NR_syscalls), %eax
|
|
|
e293be |
jae syscall_badsys
|
|
|
e293be |
+ sbb %edx, %edx /* array_index_mask_nospec() */
|
|
|
e293be |
+ and %edx, %eax
|
|
|
e293be |
+#ifdef CONFIG_RETPOLINE
|
|
|
e293be |
+ movl sys_call_table(,%eax,4),%eax
|
|
|
e293be |
+ call __x86_indirect_thunk_eax
|
|
|
e293be |
+#else
|
|
|
e293be |
call *sys_call_table(,%eax,4)
|
|
|
e293be |
+#endif
|
|
|
e293be |
movl %eax,PT_EAX(%esp)
|
|
|
e293be |
LOCKDEP_SYS_EXIT
|
|
|
e293be |
DISABLE_INTERRUPTS(CLBR_ANY)
|
|
|
e293be |
@@ -513,7 +522,14 @@ ENTRY(system_call)
|
|
|
e293be |
cmpl $(NR_syscalls), %eax
|
|
|
e293be |
jae syscall_badsys
|
|
|
e293be |
syscall_call:
|
|
|
e293be |
+ sbb %edx, %edx /* array_index_mask_nospec() */
|
|
|
e293be |
+ and %edx, %eax
|
|
|
e293be |
+#ifdef CONFIG_RETPOLINE
|
|
|
e293be |
+ movl sys_call_table(,%eax,4),%eax
|
|
|
e293be |
+ call __x86_indirect_thunk_eax
|
|
|
e293be |
+#else
|
|
|
e293be |
call *sys_call_table(,%eax,4)
|
|
|
e293be |
+#endif
|
|
|
e293be |
movl %eax,PT_EAX(%esp) # store the return value
|
|
|
e293be |
syscall_exit:
|
|
|
e293be |
LOCKDEP_SYS_EXIT
|
|
|
e293be |
@@ -1190,7 +1206,8 @@ trace:
|
|
|
e293be |
movl 0x4(%ebp), %edx
|
|
|
e293be |
subl $MCOUNT_INSN_SIZE, %eax
|
|
|
e293be |
|
|
|
e293be |
- call *ftrace_trace_function
|
|
|
e293be |
+ movl ftrace_trace_function, %ecx
|
|
|
e293be |
+ CALL_NOSPEC %ecx
|
|
|
e293be |
|
|
|
e293be |
popl %edx
|
|
|
e293be |
popl %ecx
|
|
|
e293be |
@@ -1225,7 +1242,7 @@ return_to_handler:
|
|
|
e293be |
movl %eax, %ecx
|
|
|
e293be |
popl %edx
|
|
|
e293be |
popl %eax
|
|
|
e293be |
- jmp *%ecx
|
|
|
e293be |
+ JMP_NOSPEC %ecx
|
|
|
e293be |
#endif
|
|
|
e293be |
|
|
|
e293be |
/*
|
|
|
e293be |
@@ -1285,7 +1302,7 @@ error_code:
|
|
|
e293be |
movl %ecx, %es
|
|
|
e293be |
TRACE_IRQS_OFF
|
|
|
e293be |
movl %esp,%eax # pt_regs pointer
|
|
|
e293be |
- call *%edi
|
|
|
e293be |
+ CALL_NOSPEC %edi
|
|
|
e293be |
jmp ret_from_exception
|
|
|
e293be |
CFI_ENDPROC
|
|
|
e293be |
END(page_fault)
|
|
|
e293be |
diff -up ./arch/x86/kernel/irq_32.c.spec32 ./arch/x86/kernel/irq_32.c
|
|
|
e293be |
--- ./arch/x86/kernel/irq_32.c.spec32 2018-10-24 20:12:21.000000000 +0900
|
|
|
e293be |
+++ ./arch/x86/kernel/irq_32.c 2018-10-24 20:12:23.000000000 +0900
|
|
|
e293be |
@@ -20,6 +20,7 @@
|
|
|
e293be |
#include <linux/mm.h>
|
|
|
e293be |
|
|
|
e293be |
#include <asm/apic.h>
|
|
|
e293be |
+#include <asm/nospec-branch.h>
|
|
|
e293be |
|
|
|
e293be |
DEFINE_PER_CPU_SHARED_ALIGNED(irq_cpustat_t, irq_stat);
|
|
|
e293be |
EXPORT_PER_CPU_SYMBOL(irq_stat);
|
|
|
e293be |
@@ -64,11 +65,11 @@ DEFINE_PER_CPU(struct irq_stack *, softi
|
|
|
e293be |
static void call_on_stack(void *func, void *stack)
|
|
|
e293be |
{
|
|
|
e293be |
asm volatile("xchgl %%ebx,%%esp \n"
|
|
|
e293be |
- "call *%%edi \n"
|
|
|
e293be |
+ CALL_NOSPEC
|
|
|
e293be |
"movl %%ebx,%%esp \n"
|
|
|
e293be |
: "=b" (stack)
|
|
|
e293be |
: "0" (stack),
|
|
|
e293be |
- "D"(func)
|
|
|
e293be |
+ [thunk_target] "D"(func)
|
|
|
e293be |
: "memory", "cc", "edx", "ecx", "eax");
|
|
|
e293be |
}
|
|
|
e293be |
|
|
|
e293be |
@@ -108,11 +109,11 @@ execute_on_irq_stack(int overflow, struc
|
|
|
e293be |
call_on_stack(print_stack_overflow, isp);
|
|
|
e293be |
|
|
|
e293be |
asm volatile("xchgl %%ebx,%%esp \n"
|
|
|
e293be |
- "call *%%edi \n"
|
|
|
e293be |
+ CALL_NOSPEC
|
|
|
e293be |
"movl %%ebx,%%esp \n"
|
|
|
e293be |
: "=a" (arg1), "=d" (arg2), "=b" (isp)
|
|
|
e293be |
: "0" (irq), "1" (desc), "2" (isp),
|
|
|
e293be |
- "D" (desc->handle_irq)
|
|
|
e293be |
+ [thunk_target] "D" (desc->handle_irq)
|
|
|
e293be |
: "memory", "cc", "ecx");
|
|
|
e293be |
return 1;
|
|
|
e293be |
}
|
|
|
e293be |
diff -up ./arch/x86/lib/checksum_32.S.spec32 ./arch/x86/lib/checksum_32.S
|
|
|
e293be |
--- ./arch/x86/lib/checksum_32.S.spec32 2018-09-21 17:18:28.000000000 +0900
|
|
|
e293be |
+++ ./arch/x86/lib/checksum_32.S 2018-10-24 20:24:00.000000000 +0900
|
|
|
e293be |
@@ -29,7 +29,8 @@
|
|
|
e293be |
#include <asm/dwarf2.h>
|
|
|
e293be |
#include <asm/errno.h>
|
|
|
e293be |
#include <asm/asm.h>
|
|
|
e293be |
-
|
|
|
e293be |
+#include <asm/nospec-branch.h>
|
|
|
e293be |
+
|
|
|
e293be |
/*
|
|
|
e293be |
* computes a partial checksum, e.g. for TCP/UDP fragments
|
|
|
e293be |
*/
|
|
|
e293be |
@@ -165,7 +166,7 @@ ENTRY(csum_partial)
|
|
|
e293be |
negl %ebx
|
|
|
e293be |
lea 45f(%ebx,%ebx,2), %ebx
|
|
|
e293be |
testl %esi, %esi
|
|
|
e293be |
- jmp *%ebx
|
|
|
e293be |
+ JMP_NOSPEC %ebx
|
|
|
e293be |
|
|
|
e293be |
# Handle 2-byte-aligned regions
|
|
|
e293be |
20: addw (%esi), %ax
|
|
|
e293be |
@@ -463,7 +464,7 @@ ENTRY(csum_partial_copy_generic)
|
|
|
e293be |
andl $-32,%edx
|
|
|
e293be |
lea 3f(%ebx,%ebx), %ebx
|
|
|
e293be |
testl %esi, %esi
|
|
|
e293be |
- jmp *%ebx
|
|
|
e293be |
+ JMP_NOSPEC %ebx
|
|
|
e293be |
1: addl $64,%esi
|
|
|
e293be |
addl $64,%edi
|
|
|
e293be |
SRC(movb -32(%edx),%bl) ; SRC(movb (%edx),%bl)
|