The interrupt resume (Xdoreti) and recurse (Xspllower) paths are

invoked using indirect branches and should have endbr64's.

ok deraadt@

diff --git a/sys/arch/amd64/amd64/spl.S b/sys/arch/amd64/amd64/spl.S
index b2327d0..078d840 100644 (file)
--- a/sys/arch/amd64/amd64/spl.S
+++ b/sys/arch/amd64/amd64/spl.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: spl.S,v 1.19 2022/12/01 00:26:15 guenther Exp $       */
+/*     $OpenBSD: spl.S,v 1.20 2023/07/27 00:30:07 guenther Exp $       */
 /*     $NetBSD: spl.S,v 1.3 2004/06/28 09:13:11 fvdl Exp $     */
 
 /*
@@ -122,7 +122,8 @@ KIDTVEC(spllower)
        RETGUARD_PUSH(r11)
        movl    %edi,%ebx
        leaq    1f(%rip),%r13           # address to resume loop at
-1:     movl    %ebx,%eax               # get cpl
+1:     endbr64
+       movl    %ebx,%eax               # get cpl
        movq    CPUVAR(IUNMASK)(,%rax,8),%rax
        cli
        andq    CPUVAR(IPENDING),%rax           # any non-masked bits left?
@@ -153,7 +154,8 @@ KIDTVEC(doreti)
        movq    IF_PPL(%rsp),%rbx       # get previous priority
        decl    CPUVAR(IDEPTH)
        leaq    1f(%rip),%r13
-1:     movl    %ebx,%eax
+1:     endbr64
+       movl    %ebx,%eax
        movq    CPUVAR(IUNMASK)(,%rax,8),%rax
        cli
        andq    CPUVAR(IPENDING),%rax

diff --git a/sys/arch/amd64/amd64/vector.S b/sys/arch/amd64/amd64/vector.S
index a7c1d5d..d3b31c7 100644 (file)
--- a/sys/arch/amd64/amd64/vector.S
+++ b/sys/arch/amd64/amd64/vector.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: vector.S,v 1.92 2023/04/17 00:02:14 deraadt Exp $     */
+/*     $OpenBSD: vector.S,v 1.93 2023/07/27 00:30:07 guenther Exp $    */
 /*     $NetBSD: vector.S,v 1.5 2004/06/28 09:13:11 fvdl Exp $  */
 
 /*
@@ -551,6 +551,7 @@ IDTVEC(intr_lapic_ipi)
        jae     2f
 END(INTRENTRY_LABEL(intr_lapic_ipi))
 KIDTVEC_FALLTHROUGH(resume_lapic_ipi)
+       endbr64
 1:
        incl    CPUVAR(IDEPTH)
        movl    $IPL_IPI,CPUVAR(ILEVEL)
@@ -757,6 +758,7 @@ IDTVEC(intr_lapic_ltimer)
        jae     2f
 END(INTRENTRY_LABEL(intr_lapic_ltimer))
 KIDTVEC_FALLTHROUGH(resume_lapic_ltimer)
+       endbr64
 1:
        incl    CPUVAR(IDEPTH)
        movl    $IPL_CLOCK,CPUVAR(ILEVEL)
@@ -790,6 +792,7 @@ IDTVEC(intr_xen_upcall)
        jae     2f
 END(INTRENTRY_LABEL(intr_xen_upcall))
 KIDTVEC_FALLTHROUGH(resume_xen_upcall)
+       endbr64
 1:
        incl    CPUVAR(IDEPTH)
        movl    $IPL_NET,CPUVAR(ILEVEL)
@@ -822,6 +825,7 @@ IDTVEC(intr_hyperv_upcall)
        jae     2f
 END(INTRENTRY_LABEL(intr_hyperv_upcall))
 KIDTVEC_FALLTHROUGH(resume_hyperv_upcall)
+       endbr64
 1:
        incl    CPUVAR(IDEPTH)
        movl    $IPL_NET,CPUVAR(ILEVEL)
@@ -852,6 +856,7 @@ KIDTVEC(recurse_##name##num)                                                ;\
        INTR_RECURSE                                                    ;\
 END(Xrecurse_##name##num)                                              ;\
 KIDTVEC_FALLTHROUGH(resume_##name##num)                                        \
+       endbr64                                                         ;\
        movq    $IREENT_MAGIC,TF_ERR(%rsp)                              ;\
        movl    %ebx,%r13d                                              ;\
        movq    CPUVAR(ISOURCES) + (num) * 8, %r14                      ;\
@@ -1268,6 +1273,7 @@ NENTRY(retpoline_r13)
 END(retpoline_r13)
 
 KIDTVEC(softtty)
+       endbr64
        movl    $IPL_SOFTTTY, CPUVAR(ILEVEL)
        sti
        incl    CPUVAR(IDEPTH)
@@ -1278,6 +1284,7 @@ KIDTVEC(softtty)
 END(Xsofttty)
 
 KIDTVEC(softnet)
+       endbr64
        movl    $IPL_SOFTNET, CPUVAR(ILEVEL)
        sti
        incl    CPUVAR(IDEPTH)
@@ -1288,6 +1295,7 @@ KIDTVEC(softnet)
 END(Xsoftnet)
 
 KIDTVEC(softclock)
+       endbr64
        movl    $IPL_SOFTCLOCK, CPUVAR(ILEVEL)
        sti
        incl    CPUVAR(IDEPTH)

diff --git a/sys/arch/amd64/include/frameasm.h b/sys/arch/amd64/include/frameasm.h
index 5f1de16..18840bc 100644 (file)
--- a/sys/arch/amd64/include/frameasm.h
+++ b/sys/arch/amd64/include/frameasm.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: frameasm.h,v 1.26 2023/04/17 00:02:14 deraadt Exp $   */
+/*     $OpenBSD: frameasm.h,v 1.27 2023/07/27 00:30:07 guenther Exp $  */
 /*     $NetBSD: frameasm.h,v 1.1 2003/04/26 18:39:40 fvdl Exp $        */
 
 #ifndef _AMD64_MACHINE_FRAMEASM_H
@@ -111,6 +111,7 @@ _ENTRY(INTRENTRY_LABEL(label)) /* from kernel */ \
  * to return to.  %r10 and %r11 are scratch.
  */
 #define        INTR_RECURSE \
+       endbr64                         ; \
        /* fake the iretq_frame */      ; \
        movq    %rsp,%r10               ; \
        movl    %ss,%r11d               ; \