releases/4.14.68/x86-vdso-fix-vdso-build-if-a-retpoline-is-emitted.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 2e549b2ee0e358bc758480e716b881f9cabedb6a Mon Sep 17 00:00:00 2001
 From: Andy Lutomirski <luto@kernel.org>
 Date: Thu, 16 Aug 2018 12:41:15 -0700
 Subject: x86/vdso: Fix vDSO build if a retpoline is emitted

 From: Andy Lutomirski <luto@kernel.org>

 commit 2e549b2ee0e358bc758480e716b881f9cabedb6a upstream.

 Currently, if the vDSO ends up containing an indirect branch or
 call, GCC will emit the "external thunk" style of retpoline, and it
 will fail to link.

 Fix it by building the vDSO with inline retpoline thunks.

 I haven't seen any reports of this triggering on an unpatched
 kernel.

 Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support")
 Signed-off-by: Andy Lutomirski <luto@kernel.org>
 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
 Acked-by: Matt Rickard <matt@softrans.com.au>
 Cc: Borislav Petkov <bp@alien8.de>
 Cc: Jason Vas Dias <jason.vas.dias@gmail.com>
 Cc: David Woodhouse <dwmw2@infradead.org>
 Cc: Peter Zijlstra <peterz@infradead.org>
 Cc: Andi Kleen <ak@linux.intel.com>
 Cc: stable@vger.kernel.org
 Link: https://lkml.kernel.org/r/c76538cd3afbe19c6246c2d1715bc6a60bd63985.1534448381.git.luto@kernel.org
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  Makefile                     |    4 ++++
  arch/x86/entry/vdso/Makefile |    6 ++++--
  2 files changed, 8 insertions(+), 2 deletions(-)

 --- a/Makefile
 +++ b/Makefile
 @@ -490,9 +490,13 @@ KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG
  endif

  RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
 +RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register
  RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
 +RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline
  RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
 +RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG)))
  export RETPOLINE_CFLAGS
 +export RETPOLINE_VDSO_CFLAGS

  ifeq ($(config-targets),1)
  # ===========================================================================
 --- a/arch/x86/entry/vdso/Makefile
 +++ b/arch/x86/entry/vdso/Makefile
 @@ -74,9 +74,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.d
  CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \
         $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \
         -fno-omit-frame-pointer -foptimize-sibling-calls \
 -       -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
 +       -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS)

 -$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
 +$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)

  #
  # vDSO code runs in userspace and -pg doesn't help with profiling anyway.
 @@ -147,11 +147,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmode
  KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32))
  KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32))
  KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32))
 +KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32))
  KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic
  KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector)
  KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls)
  KBUILD_CFLAGS_32 += -fno-omit-frame-pointer
  KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING
 +KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS)
  $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32)

  $(obj)/vdso32.so.dbg: FORCE \
	From 2e549b2ee0e358bc758480e716b881f9cabedb6a Mon Sep 17 00:00:00 2001
	From: Andy Lutomirski <luto@kernel.org>
	Date: Thu, 16 Aug 2018 12:41:15 -0700
	Subject: x86/vdso: Fix vDSO build if a retpoline is emitted

	From: Andy Lutomirski <luto@kernel.org>

	commit 2e549b2ee0e358bc758480e716b881f9cabedb6a upstream.

	Currently, if the vDSO ends up containing an indirect branch or
	call, GCC will emit the "external thunk" style of retpoline, and it
	will fail to link.

	Fix it by building the vDSO with inline retpoline thunks.

	I haven't seen any reports of this triggering on an unpatched
	kernel.

	Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support")
	Signed-off-by: Andy Lutomirski <luto@kernel.org>
	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	Acked-by: Matt Rickard <matt@softrans.com.au>
	Cc: Borislav Petkov <bp@alien8.de>
	Cc: Jason Vas Dias <jason.vas.dias@gmail.com>
	Cc: David Woodhouse <dwmw2@infradead.org>
	Cc: Peter Zijlstra <peterz@infradead.org>
	Cc: Andi Kleen <ak@linux.intel.com>
	Cc: stable@vger.kernel.org
	Link: https://lkml.kernel.org/r/c76538cd3afbe19c6246c2d1715bc6a60bd63985.1534448381.git.luto@kernel.org
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	Makefile \| 4 ++++
	arch/x86/entry/vdso/Makefile \| 6 ++++--
	2 files changed, 8 insertions(+), 2 deletions(-)

	--- a/Makefile
	+++ b/Makefile
	@@ -490,9 +490,13 @@ KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG
	endif

	RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
	+RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register
	RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
	+RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline
	RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
	+RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG)))
	export RETPOLINE_CFLAGS
	+export RETPOLINE_VDSO_CFLAGS

	ifeq ($(config-targets),1)
	# ===========================================================================
	--- a/arch/x86/entry/vdso/Makefile
	+++ b/arch/x86/entry/vdso/Makefile
	@@ -74,9 +74,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.d
	CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \
	$(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \
	-fno-omit-frame-pointer -foptimize-sibling-calls \
	- -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
	+ -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS)

	-$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)
	+$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)

	#
	# vDSO code runs in userspace and -pg doesn't help with profiling anyway.
	@@ -147,11 +147,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmode
	KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32))
	KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32))
	KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32))
	+KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32))
	KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic
	KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector)
	KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls)
	KBUILD_CFLAGS_32 += -fno-omit-frame-pointer
	KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING
	+KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS)
	$(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32)

	$(obj)/vdso32.so.dbg: FORCE \