Commit 0479a42d authored by Peter Zijlstra's avatar Peter Zijlstra
Browse files

x86/cfi: Extend {JMP,CAKK}_NOSPEC comment 



With the introduction of kCFI these helpers are no longer equivalent
to C indirect calls and should be used with care.

Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarSami Tolvanen <samitolvanen@google.com>
Link: https://lkml.kernel.org/r/20230622144321.360957723%40infradead.org
parent 06c2afb8

arch/x86/include/asm/nospec-branch.h

+4 −0
Original line number Diff line number Diff line
@@ -234,6 +234,10 @@ 
 * JMP_NOSPEC and CALL_NOSPEC macros can be used instead of a simple

 * indirect jmp/call which may be susceptible to the Spectre variant 2

 * attack.

 *

 * NOTE: these do not take kCFI into account and are thus not comparable to C

 * indirect calls, take care when using. The target of these should be an ENDBR

 * instruction irrespective of kCFI.

 */

.macro JMP_NOSPEC reg:req

#ifdef CONFIG_RETPOLINE