From 2dd0808e9226b38a4c9debd3704d298d02a5ab14 Mon Sep 17 00:00:00 2001 From: guenther Date: Thu, 27 Jul 2023 00:30:07 +0000 Subject: [PATCH] The interrupt resume (Xdoreti) and recurse (Xspllower) paths are invoked using indirect branches and should have endbr64's. ok deraadt@ --- sys/arch/amd64/amd64/spl.S | 8 +++++--- sys/arch/amd64/amd64/vector.S | 10 +++++++++- sys/arch/amd64/include/frameasm.h | 3 ++- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/sys/arch/amd64/amd64/spl.S b/sys/arch/amd64/amd64/spl.S index b2327d0a72e..078d84063df 100644 --- a/sys/arch/amd64/amd64/spl.S +++ b/sys/arch/amd64/amd64/spl.S @@ -1,4 +1,4 @@ -/* $OpenBSD: spl.S,v 1.19 2022/12/01 00:26:15 guenther Exp $ */ +/* $OpenBSD: spl.S,v 1.20 2023/07/27 00:30:07 guenther Exp $ */ /* $NetBSD: spl.S,v 1.3 2004/06/28 09:13:11 fvdl Exp $ */ /* @@ -122,7 +122,8 @@ KIDTVEC(spllower) RETGUARD_PUSH(r11) movl %edi,%ebx leaq 1f(%rip),%r13 # address to resume loop at -1: movl %ebx,%eax # get cpl +1: endbr64 + movl %ebx,%eax # get cpl movq CPUVAR(IUNMASK)(,%rax,8),%rax cli andq CPUVAR(IPENDING),%rax # any non-masked bits left? @@ -153,7 +154,8 @@ KIDTVEC(doreti) movq IF_PPL(%rsp),%rbx # get previous priority decl CPUVAR(IDEPTH) leaq 1f(%rip),%r13 -1: movl %ebx,%eax +1: endbr64 + movl %ebx,%eax movq CPUVAR(IUNMASK)(,%rax,8),%rax cli andq CPUVAR(IPENDING),%rax diff --git a/sys/arch/amd64/amd64/vector.S b/sys/arch/amd64/amd64/vector.S index a7c1d5dd726..d3b31c76198 100644 --- a/sys/arch/amd64/amd64/vector.S +++ b/sys/arch/amd64/amd64/vector.S @@ -1,4 +1,4 @@ -/* $OpenBSD: vector.S,v 1.92 2023/04/17 00:02:14 deraadt Exp $ */ +/* $OpenBSD: vector.S,v 1.93 2023/07/27 00:30:07 guenther Exp $ */ /* $NetBSD: vector.S,v 1.5 2004/06/28 09:13:11 fvdl Exp $ */ /* @@ -551,6 +551,7 @@ IDTVEC(intr_lapic_ipi) jae 2f END(INTRENTRY_LABEL(intr_lapic_ipi)) KIDTVEC_FALLTHROUGH(resume_lapic_ipi) + endbr64 1: incl CPUVAR(IDEPTH) movl $IPL_IPI,CPUVAR(ILEVEL) @@ -757,6 +758,7 @@ IDTVEC(intr_lapic_ltimer) jae 2f END(INTRENTRY_LABEL(intr_lapic_ltimer)) KIDTVEC_FALLTHROUGH(resume_lapic_ltimer) + endbr64 1: incl CPUVAR(IDEPTH) movl $IPL_CLOCK,CPUVAR(ILEVEL) @@ -790,6 +792,7 @@ IDTVEC(intr_xen_upcall) jae 2f END(INTRENTRY_LABEL(intr_xen_upcall)) KIDTVEC_FALLTHROUGH(resume_xen_upcall) + endbr64 1: incl CPUVAR(IDEPTH) movl $IPL_NET,CPUVAR(ILEVEL) @@ -822,6 +825,7 @@ IDTVEC(intr_hyperv_upcall) jae 2f END(INTRENTRY_LABEL(intr_hyperv_upcall)) KIDTVEC_FALLTHROUGH(resume_hyperv_upcall) + endbr64 1: incl CPUVAR(IDEPTH) movl $IPL_NET,CPUVAR(ILEVEL) @@ -852,6 +856,7 @@ KIDTVEC(recurse_##name##num) ;\ INTR_RECURSE ;\ END(Xrecurse_##name##num) ;\ KIDTVEC_FALLTHROUGH(resume_##name##num) \ + endbr64 ;\ movq $IREENT_MAGIC,TF_ERR(%rsp) ;\ movl %ebx,%r13d ;\ movq CPUVAR(ISOURCES) + (num) * 8, %r14 ;\ @@ -1268,6 +1273,7 @@ NENTRY(retpoline_r13) END(retpoline_r13) KIDTVEC(softtty) + endbr64 movl $IPL_SOFTTTY, CPUVAR(ILEVEL) sti incl CPUVAR(IDEPTH) @@ -1278,6 +1284,7 @@ KIDTVEC(softtty) END(Xsofttty) KIDTVEC(softnet) + endbr64 movl $IPL_SOFTNET, CPUVAR(ILEVEL) sti incl CPUVAR(IDEPTH) @@ -1288,6 +1295,7 @@ KIDTVEC(softnet) END(Xsoftnet) KIDTVEC(softclock) + endbr64 movl $IPL_SOFTCLOCK, CPUVAR(ILEVEL) sti incl CPUVAR(IDEPTH) diff --git a/sys/arch/amd64/include/frameasm.h b/sys/arch/amd64/include/frameasm.h index 5f1de16748d..18840bc7180 100644 --- a/sys/arch/amd64/include/frameasm.h +++ b/sys/arch/amd64/include/frameasm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: frameasm.h,v 1.26 2023/04/17 00:02:14 deraadt Exp $ */ +/* $OpenBSD: frameasm.h,v 1.27 2023/07/27 00:30:07 guenther Exp $ */ /* $NetBSD: frameasm.h,v 1.1 2003/04/26 18:39:40 fvdl Exp $ */ #ifndef _AMD64_MACHINE_FRAMEASM_H @@ -111,6 +111,7 @@ _ENTRY(INTRENTRY_LABEL(label)) /* from kernel */ \ * to return to. %r10 and %r11 are scratch. */ #define INTR_RECURSE \ + endbr64 ; \ /* fake the iretq_frame */ ; \ movq %rsp,%r10 ; \ movl %ss,%r11d ; \ -- 2.20.1