From: Andrew Cooper Date: Fri, 22 Dec 2023 18:01:37 +0000 (+0000) Subject: x86: Drop INDIRECT_JMP X-Git-Tag: RELEASE-4.16.6~6 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=21113031fc0db5ff3de8bfb7a441f06e169a931b;p=xen.git x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 8bd9007731..7e22fcb9c0 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -20,10 +20,9 @@ .byte 0x0f, 0x01, 0xdd .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -33,7 +32,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -44,19 +43,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else