[thirdparty/kernel/stable-queue.git] / releases / 4.19.7 / x86retpoline_Make_CONFIG_RETPOLINE_depend_on_compiler_support.patch

Subject: x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
From: Zhenzhong Duan zhenzhong.duan@oracle.com
Date: Fri Nov  2 01:45:41 2018 -0700

From: Zhenzhong Duan zhenzhong.duan@oracle.com

commit 4cd24de3a0980bf3100c9dcb08ef65ca7c31af48 upstream

Since retpoline capable compilers are widely available, make
CONFIG_RETPOLINE hard depend on the compiler capability.

Break the build when CONFIG_RETPOLINE is enabled and the compiler does not
support it. Emit an error message in that case:

 "arch/x86/Makefile:226: *** You are building kernel with non-retpoline
  compiler, please update your compiler..  Stop."

[dwmw: Fail the build with non-retpoline compiler]

Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Borislav Petkov <bp@suse.de>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: <srinivas.eeda@oracle.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/cca0cb20-f9e2-4094-840b-fb0f8810cd34@default
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/Kconfig                     |    4 ----
 arch/x86/Makefile                    |    5 +++--
 arch/x86/include/asm/nospec-branch.h |   10 ++++++----
 arch/x86/kernel/cpu/bugs.c           |    2 +-
 scripts/Makefile.build               |    2 --
 5 files changed, 10 insertions(+), 13 deletions(-)

--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -441,10 +441,6 @@ config RETPOLINE
 	  branches. Requires a compiler with -mindirect-branch=thunk-extern
 	  support for full protection. The kernel may run slower.
 
-	  Without compiler support, at least indirect branches in assembler
-	  code are eliminated. Since this includes the syscall entry path,
-	  it is not entirely pointless.
-
 config INTEL_RDT
 	bool "Intel Resource Director Technology support"
 	default n
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -223,9 +223,10 @@ KBUILD_CFLAGS += -fno-asynchronous-unwin
 
 # Avoid indirect branches in kernel to deal with Spectre
 ifdef CONFIG_RETPOLINE
-ifneq ($(RETPOLINE_CFLAGS),)
-  KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
+ifeq ($(RETPOLINE_CFLAGS),)
+  $(error You are building kernel with non-retpoline compiler, please update your compiler.)
 endif
+  KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)
 endif
 
 archscripts: scripts_basic
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -162,11 +162,12 @@
 	_ASM_PTR " 999b\n\t"					\
 	".popsection\n\t"
 
-#if defined(CONFIG_X86_64) && defined(RETPOLINE)
+#ifdef CONFIG_RETPOLINE
+#ifdef CONFIG_X86_64
 
 /*
- * Since the inline asm uses the %V modifier which is only in newer GCC,
- * the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE.
+ * Inline asm uses the %V modifier which is only in newer GCC
+ * which is ensured when CONFIG_RETPOLINE is defined.
  */
 # define CALL_NOSPEC						\
 	ANNOTATE_NOSPEC_ALTERNATIVE				\
@@ -181,7 +182,7 @@
 	X86_FEATURE_RETPOLINE_AMD)
 # define THUNK_TARGET(addr) [thunk_target] "r" (addr)
 
-#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE)
+#else /* CONFIG_X86_32 */
 /*
  * For i386 we use the original ret-equivalent retpoline, because
  * otherwise we'll run out of registers. We don't care about CET
@@ -211,6 +212,7 @@
 	X86_FEATURE_RETPOLINE_AMD)
 
 # define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
+#endif
 #else /* No retpoline for C / inline asm */
 # define CALL_NOSPEC "call *%[thunk_target]\n"
 # define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -252,7 +252,7 @@ static void __init spec2_print_if_secure
 
 static inline bool retp_compiler(void)
 {
-	return __is_defined(RETPOLINE);
+	return __is_defined(CONFIG_RETPOLINE);
 }
 
 static inline bool match_option(const char *arg, int arglen, const char *opt)
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -248,10 +248,8 @@ ifdef CONFIG_GCOV_KERNEL
 objtool_args += --no-unreachable
 endif
 ifdef CONFIG_RETPOLINE
-ifneq ($(RETPOLINE_CFLAGS),)
   objtool_args += --retpoline
 endif
-endif
 
 
 ifdef CONFIG_MODVERSIONS
Commit	Line	Data
f440d5c6 GKH	1	Subject: x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
	2	From: Zhenzhong Duan zhenzhong.duan@oracle.com
	3	Date: Fri Nov 2 01:45:41 2018 -0700
	4
	5	From: Zhenzhong Duan zhenzhong.duan@oracle.com
	6
	7	commit 4cd24de3a0980bf3100c9dcb08ef65ca7c31af48 upstream
	8
	9	Since retpoline capable compilers are widely available, make
	10	CONFIG_RETPOLINE hard depend on the compiler capability.
	11
	12	Break the build when CONFIG_RETPOLINE is enabled and the compiler does not
	13	support it. Emit an error message in that case:
	14
	15	"arch/x86/Makefile:226: *** You are building kernel with non-retpoline
	16	compiler, please update your compiler.. Stop."
	17
	18	[dwmw: Fail the build with non-retpoline compiler]
	19
	20	Suggested-by: Peter Zijlstra <peterz@infradead.org>
	21	Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
	22	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	23	Cc: David Woodhouse <dwmw@amazon.co.uk>
	24	Cc: Borislav Petkov <bp@suse.de>
	25	Cc: Daniel Borkmann <daniel@iogearbox.net>
	26	Cc: H. Peter Anvin <hpa@zytor.com>
	27	Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	28	Cc: Andy Lutomirski <luto@kernel.org>
	29	Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
	30	Cc: Michal Marek <michal.lkml@markovi.net>
	31	Cc: <srinivas.eeda@oracle.com>
	32	Cc: stable@vger.kernel.org
	33	Link: https://lkml.kernel.org/r/cca0cb20-f9e2-4094-840b-fb0f8810cd34@default
	34	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	35	---
	36	arch/x86/Kconfig \| 4 ----
	37	arch/x86/Makefile \| 5 +++--
	38	arch/x86/include/asm/nospec-branch.h \| 10 ++++++----
	39	arch/x86/kernel/cpu/bugs.c \| 2 +-
	40	scripts/Makefile.build \| 2 --
	41	5 files changed, 10 insertions(+), 13 deletions(-)
	42
	43	--- a/arch/x86/Kconfig
	44	+++ b/arch/x86/Kconfig
	45	@@ -441,10 +441,6 @@ config RETPOLINE
	46	branches. Requires a compiler with -mindirect-branch=thunk-extern
	47	support for full protection. The kernel may run slower.
	48
	49	- Without compiler support, at least indirect branches in assembler
	50	- code are eliminated. Since this includes the syscall entry path,
	51	- it is not entirely pointless.
	52	-
	53	config INTEL_RDT
	54	bool "Intel Resource Director Technology support"
	55	default n
	56	--- a/arch/x86/Makefile
	57	+++ b/arch/x86/Makefile
	58	@@ -223,9 +223,10 @@ KBUILD_CFLAGS += -fno-asynchronous-unwin
	59
	60	# Avoid indirect branches in kernel to deal with Spectre
	61	ifdef CONFIG_RETPOLINE
	62	-ifneq ($(RETPOLINE_CFLAGS),)
	63	- KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
	64	+ifeq ($(RETPOLINE_CFLAGS),)
65	+ $(error You are building kernel with non-retpoline compiler, please update your compiler.)
66	endif
67	+ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)
68	endif
69
70	archscripts: scripts_basic
71	--- a/arch/x86/include/asm/nospec-branch.h
72	+++ b/arch/x86/include/asm/nospec-branch.h
73	@@ -162,11 +162,12 @@
74	_ASM_PTR " 999b\n\t" \
75	".popsection\n\t"
76
77	-#if defined(CONFIG_X86_64) && defined(RETPOLINE)
78	+#ifdef CONFIG_RETPOLINE
79	+#ifdef CONFIG_X86_64
80
81	/*
82	- * Since the inline asm uses the %V modifier which is only in newer GCC,
83	- * the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE.
84	+ * Inline asm uses the %V modifier which is only in newer GCC
85	+ * which is ensured when CONFIG_RETPOLINE is defined.
86	*/
87	# define CALL_NOSPEC \
88	ANNOTATE_NOSPEC_ALTERNATIVE \
89	@@ -181,7 +182,7 @@
90	X86_FEATURE_RETPOLINE_AMD)
91	# define THUNK_TARGET(addr) [thunk_target] "r" (addr)
92
93	-#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE)
94	+#else /* CONFIG_X86_32 */
95	/*
96	* For i386 we use the original ret-equivalent retpoline, because
97	* otherwise we'll run out of registers. We don't care about CET
98	@@ -211,6 +212,7 @@
99	X86_FEATURE_RETPOLINE_AMD)
100
101	# define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
102	+#endif
103	#else /* No retpoline for C / inline asm */
104	# define CALL_NOSPEC "call *%[thunk_target]\n"
105	# define THUNK_TARGET(addr) [thunk_target] "rm" (addr)
106	--- a/arch/x86/kernel/cpu/bugs.c
107	+++ b/arch/x86/kernel/cpu/bugs.c
108	@@ -252,7 +252,7 @@ static void __init spec2_print_if_secure
109
110	static inline bool retp_compiler(void)
111	{
112	- return __is_defined(RETPOLINE);
113	+ return __is_defined(CONFIG_RETPOLINE);
114	}
115
116	static inline bool match_option(const char arg, int arglen, const char opt)
117	--- a/scripts/Makefile.build
118	+++ b/scripts/Makefile.build
119	@@ -248,10 +248,8 @@ ifdef CONFIG_GCOV_KERNEL
120	objtool_args += --no-unreachable
121	endif
122	ifdef CONFIG_RETPOLINE
123	-ifneq ($(RETPOLINE_CFLAGS),)
124	objtool_args += --retpoline
125	endif
126	-endif
127
128
129	ifdef CONFIG_MODVERSIONS