From patchwork Mon Jan 31 18:55:23 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 50598
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 50A0D385C418
	for <patchwork@sourceware.org>; Mon, 31 Jan 2022 18:55:59 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 50A0D385C418
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1643655359;
	bh=2MAsyCEvoiPUi2ghs3Cj5o5Ya/PxCAxLStK9e7+gg/g=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=ZJJYDtkIqX6sGVkKbEkilD3fZl+p9NdhmuORBDs1gqM4j6o5jboU13w5Vqy91tEbZ
	 kw57voAVHZyBy8wcyWiuIcjNcMF7JmdT9Un7Iq0MiXmFUJ3I0/yeAu4b+8v24a58V4
	 knL83hVq0KFcYmHKqcFbngjuuSWAae5q8WsBBNMU=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com
 [IPv6:2607:f8b0:4864:20::635])
 by sourceware.org (Postfix) with ESMTPS id 2A34D3857815
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 18:55:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2A34D3857815
Received: by mail-pl1-x635.google.com with SMTP id z5so13249050plg.8
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=2MAsyCEvoiPUi2ghs3Cj5o5Ya/PxCAxLStK9e7+gg/g=;
 b=xMpP8OPE4yFkZ8rrtqesGRfcYuAt6GZQfAferpE53RC2JAchUYJynSOh7j7JK8XZSF
 KlZ+cfL/74Ub2wjm/2xIbH6Rl+Nx/KbilXHJMmGGDgtgOIsBDFRcECxcdxfWXVeDD53u
 3Gt//ll6NClqtOl0JgBKcRxwRXm6BGkB3fxLIQicxNYIJ9KwIddHLleQ5wOl6X26tYso
 zlJVjRpwkRraBcqKaHrKc8gplirwFCb5TxtPKLnN+EUQiaI4HjdUZpks1co2/vnV7Vdc
 sV/Ze8DM1Bfmb3OS7PZk5zJ0/PJSLTZU5F2kljJZ7INpmTzE0pGGD/snYFSMdSznjVRM
 gf8A==
X-Gm-Message-State: AOAM530VXPCXzDYbyQVS4DlwO1QQKKZwYeUfDoGh6UV6NJ71TtItS2Mx
 9Hr60Y7pz/63BYojd88srxh6AAn1ZgU=
X-Google-Smtp-Source: 
 ABdhPJwoDBDNZ8NqKjygJ0O8AtB8pHzr5Sx3fCeNFqfw6aDL/SvPE8Zx9l3ItO2Y5J2xfsAfB9Mm8Q==
X-Received: by 2002:a17:902:d4ce:: with SMTP id
 o14mr22341483plg.39.1643655329965;
 Mon, 31 Jan 2022 10:55:29 -0800 (PST)
Received: from gnu-tgl-2.localdomain ([172.58.35.133])
 by smtp.gmail.com with ESMTPSA id q32sm7483514pgm.26.2022.01.31.10.55.29
 for <gcc-patches@gcc.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 31 Jan 2022 10:55:29 -0800 (PST)
Received: from gnu-tgl-2.. (localhost [IPv6:::1])
 by gnu-tgl-2.localdomain (Postfix) with ESMTP id 1851F3003BE
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:28 -0800 (PST)
To: gcc-patches@gcc.gnu.org
Subject: [GCC 11 PATCH 0/5] x86: Backport straight-line-speculation mitigation
Date: Mon, 31 Jan 2022 10:55:23 -0800
Message-Id: <20220131185528.619688-1-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Spam-Status: No, score=-3020.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, KAM_SHORT,
 RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: "H.J. Lu via Gcc-patches" <gcc-patches@gcc.gnu.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Backport -mindirect-branch-cs-prefix:

commit 48a4ae26c225eb018ecb59f131e2c4fd4f3cf89a
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Wed Oct 27 06:27:15 2021 -0700

    x86: Add -mindirect-branch-cs-prefix

    Add -mindirect-branch-cs-prefix to add CS prefix to call and jmp to
    indirect thunk with branch target in r8-r15 registers so that the call
    and jmp instruction length is 6 bytes to allow them to be replaced with
    "lfence; call *%r8-r15" or "lfence; jmp *%r8-r15" at run-time.

commit 63738e176726d31953deb03f7e32cf8b760735ac
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Wed Oct 27 07:48:54 2021 -0700

    x86: Add -mharden-sls=[none|all|return|indirect-branch]

    Add -mharden-sls= to mitigate against straight line speculation (SLS)
    for function return and indirect branch by adding an INT3 instruction
    after function return and indirect branch.

and followup commits to support Linux kernel commits:

commit e463a09af2f0677b9485a7e8e4e70b396b2ffb6f
Author: Peter Zijlstra <peterz@infradead.org>
Date:   Sat Dec 4 14:43:44 2021 +0100

    x86: Add straight-line-speculation mitigation

commit 68cf4f2a72ef8786e6b7af6fd9a89f27ac0f520d
Author: Peter Zijlstra <peterz@infradead.org>
Date:   Fri Nov 19 17:50:25 2021 +0100

    x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds

H.J. Lu (5):
  x86: Remove "%!" before ret
  x86: Add -mharden-sls=[none|all|return|indirect-branch]
  x86: Add -mindirect-branch-cs-prefix
  x86: Rename -harden-sls=indirect-branch to -harden-sls=indirect-jmp
  x86: Generate INT3 for __builtin_eh_return

 gcc/config/i386/i386-opts.h                   |  7 ++++
 gcc/config/i386/i386.c                        | 38 +++++++++++++------
 gcc/config/i386/i386.md                       |  2 +-
 gcc/config/i386/i386.opt                      | 24 ++++++++++++
 gcc/doc/invoke.texi                           | 18 ++++++++-
 gcc/testsuite/gcc.target/i386/harden-sls-1.c  | 14 +++++++
 gcc/testsuite/gcc.target/i386/harden-sls-2.c  | 14 +++++++
 gcc/testsuite/gcc.target/i386/harden-sls-3.c  | 14 +++++++
 gcc/testsuite/gcc.target/i386/harden-sls-4.c  | 16 ++++++++
 gcc/testsuite/gcc.target/i386/harden-sls-5.c  | 17 +++++++++
 gcc/testsuite/gcc.target/i386/harden-sls-6.c  | 18 +++++++++
 .../i386/indirect-thunk-cs-prefix-1.c         | 14 +++++++
 .../i386/indirect-thunk-cs-prefix-2.c         | 15 ++++++++
 13 files changed, 198 insertions(+), 13 deletions(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-1.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-2.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-3.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-4.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-5.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-6.c
 create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
 create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c