From 1a7819b729e44e706e476156d633b06c81c7ec60 Mon Sep 17 00:00:00 2001 From: guenther Date: Sun, 9 Sep 2018 22:09:36 +0000 Subject: [PATCH] Calculate automatically the padding necessary for lining up the iretq instruction used when Meltdown mitigation is effect. It got pushed off when an lfence was added in locore.S rev 1.107, resulting in two signals being sent instead of one when iretq faulted, and neither signal had the correct sigcontext info. Update the makefile rule for locore.o to verify that things are correct. ok mlarkin@ --- sys/arch/amd64/amd64/locore.S | 33 +++++++++++++++++++++--------- sys/arch/amd64/conf/Makefile.amd64 | 10 +++++++-- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/sys/arch/amd64/amd64/locore.S b/sys/arch/amd64/amd64/locore.S index 62ec81239f4..ecc9eedc05d 100644 --- a/sys/arch/amd64/amd64/locore.S +++ b/sys/arch/amd64/amd64/locore.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.S,v 1.107 2018/07/24 02:42:25 guenther Exp $ */ +/* $OpenBSD: locore.S,v 1.108 2018/09/09 22:09:36 guenther Exp $ */ /* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */ /* @@ -860,10 +860,31 @@ intr_user_exit_post_ast: movq CPUVAR(USER_CR3),%rax movq %rax,%cr3 Xiretq_trampback: +KTEXT_PAGE_END +/* the movq %cr3 switches to this "KUTEXT" page */ +KUTEXT_PAGE_START + .space (Xiretq_trampback - Xsyscall_meltdown) - \ + (. - XUsyscall_meltdown), 0xcc + movq CPUVAR(SCRATCH),%rax +.Liretq_swapgs: + swapgs +doreti_iret_meltdown: + iretq +KUTEXT_PAGE_END +/* + * Back to the "KTEXT" page to fill in the speculation trap and the + * swapgs+iretq used for non-Meltdown kernels. This switching back + * and forth between segments is so that we can do the .space + * calculation below to guarantee the iretq's above and below line + * up, so the 'doreti_iret' label lines up with the iretq whether + * the CPU is affected by Meltdown or not. + */ +KTEXT_PAGE_START 0: pause lfence jmp 0b - .space 5,0xcc /* pad to match "movq CPUVAR(SCRATCH),%rax" */ + .space (.Liretq_swapgs - XUsyscall_meltdown) - \ + (. - Xsyscall_meltdown), 0xcc CODEPATCH_END(CPTAG_MELTDOWN_NOP) swapgs @@ -872,14 +893,6 @@ _C_LABEL(doreti_iret): iretq KTEXT_PAGE_END -KUTEXT_PAGE_START - .space (Xiretq_trampback - Xsyscall_meltdown) - \ - (. - XUsyscall_meltdown), 0xcc - movq CPUVAR(SCRATCH),%rax - swapgs - iretq -KUTEXT_PAGE_END - .text _ALIGN_TRAPS .Lintr_restore_xstate: /* CPU doesn't have curproc's xstate */ diff --git a/sys/arch/amd64/conf/Makefile.amd64 b/sys/arch/amd64/conf/Makefile.amd64 index bd1d63d12c5..270559f14f3 100644 --- a/sys/arch/amd64/conf/Makefile.amd64 +++ b/sys/arch/amd64/conf/Makefile.amd64 @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.amd64,v 1.101 2018/08/21 18:06:12 anton Exp $ +# $OpenBSD: Makefile.amd64,v 1.102 2018/09/09 22:09:36 guenther Exp $ # For instructions on building kernels consult the config(8) and options(4) # manual pages. @@ -125,6 +125,12 @@ mcount.o: $S/lib/libkern/mcount.c Makefile ioconf.o: ioconf.c ${NORMAL_C} +locore.o: assym.h + ${NORMAL_S} + @[[ -n `objdump -D $@ | grep -A1 doreti_iret | sort | uniq -d` ]] || \ + { rm -f $@; echo "ERROR: overlaid iretq instructions don't line up"; \ + echo "#GP-on-iretq fault handling would be broken"; exit 1; } + ld.script: ${_machdir}/conf/ld.script cp ${_machdir}/conf/ld.script $@ @@ -155,7 +161,7 @@ cleandir: clean depend obj: locore0.o: ${_machdir}/${_mach}/locore0.S assym.h -locore.o mutex.o vector.o copy.o spl.o: assym.h +mutex.o vector.o copy.o spl.o: assym.h mptramp.o acpi_wakecode.o vmm_support.o: assym.h hardlink-obsd: -- 2.20.1