Print this page
11787 Kernel needs to be built with retpolines
11788 Kernel needs to generally use RSB stuffing
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>

@@ -197,11 +197,12 @@
         movq    _CONST(_MUL(callback_id, CPTRSIZE))(%r15), %r15            ;\
         cmpq    $0, %r15                                                   ;\
         je      1f                                                         ;\
         movq    %r15, 16(%rsp)          /* save the callback pointer    */ ;\
         push_userland_ret               /* push the return address      */ ;\
-        call    *24(%rsp)               /* call callback                */ ;\
+        movq    24(%rsp), %r15          /* load callback pointer        */ ;\
+        INDIRECT_CALL_REG(r15)          /* call callback                */ ;\
 1:      movq    %gs:CPU_RTMP_R15, %r15  /* restore %r15                 */ ;\
         movq    %gs:CPU_RTMP_RSP, %rsp  /* restore the stack pointer    */
 
 #define MSTATE_TRANSITION(from, to)             \
         movl    $from, %edi;                    \

@@ -573,11 +574,12 @@
         cmpl    $NSYSCALL, %eax
         jae     _syscall_ill
         shll    $SYSENT_SIZE_SHIFT, %eax
         leaq    sysent(%rax), %rbx
 
-        call    *SY_CALLC(%rbx)
+        movq    SY_CALLC(%rbx), %rax
+        INDIRECT_CALL_REG(rax)
 
         movq    %rax, %r12
         movq    %rdx, %r13
 
         /*

@@ -649,11 +651,11 @@
          * getting here. This should be safe because it means that the only
          * values on the bus after this are based on the user's registers and
          * potentially the addresses where we stored them. Given the constraints
          * of sysret, that's how it has to be.
          */
-        call    *x86_md_clear
+        call    x86_md_clear
 
         /*
          * To get back to userland, we need the return %rip in %rcx and
          * the return %rfl in %r11d.  The sysretq instruction also arranges
          * to fix up %cs and %ss; everything else is our responsibility.

@@ -900,11 +902,12 @@
         movl    0x10(%rsp), %edx
         movl    0x18(%rsp), %ecx
         movl    0x20(%rsp), %r8d
         movl    0x28(%rsp), %r9d
 
-        call    *SY_CALLC(%rbx)
+        movq    SY_CALLC(%rbx), %rax
+        INDIRECT_CALL_REG(rax)
 
         movq    %rbp, %rsp      /* pop the args */
 
         /*
          * amd64 syscall handlers -always- return a 64-bit value in %rax.

@@ -947,11 +950,11 @@
          * getting here. This should be safe because it means that the only
          * values on the bus after this are based on the user's registers and
          * potentially the addresses where we stored them. Given the constraints
          * of sysret, that's how it has to be.
          */
-        call    *x86_md_clear
+        call    x86_md_clear
 
         /*
          * To get back to userland, we need to put the return %rip in %rcx and
          * the return %rfl in %r11d.  The sysret instruction also arranges
          * to fix up %cs and %ss; everything else is our responsibility.

@@ -1187,11 +1190,12 @@
         movl    0x10(%rsp), %edx
         movl    0x18(%rsp), %ecx
         movl    0x20(%rsp), %r8d
         movl    0x28(%rsp), %r9d
 
-        call    *SY_CALLC(%rbx)
+        movq    SY_CALLC(%rbx), %rax
+        INDIRECT_CALL_REG(rax)
 
         movq    %rbp, %rsp      /* pop the args */
 
         /*
          * amd64 syscall handlers -always- return a 64-bit value in %rax.

@@ -1255,11 +1259,11 @@
         movl    REGOFF_RIP(%rsp), %edx  /* sysexit: %edx -> %eip */
         pushq   REGOFF_RFL(%rsp)
         popfq
         movl    REGOFF_RSP(%rsp), %ecx  /* sysexit: %ecx -> %esp */
         ALTENTRY(sys_sysenter_swapgs_sysexit)
-        call    *x86_md_clear
+        call    x86_md_clear
         jmp     tr_sysexit
         SET_SIZE(sys_sysenter_swapgs_sysexit)
         SET_SIZE(sys_sysenter)
         SET_SIZE(_sys_sysenter_post_swapgs)
         SET_SIZE(brand_sys_sysenter)

@@ -1312,11 +1316,11 @@
          *
          * We want to swapgs to maintain the invariant that all entries into
          * tr_iret_user are done on the user gsbase.
          */
         ALTENTRY(sys_sysint_swapgs_iret)
-        call    *x86_md_clear
+        call    x86_md_clear
         SWAPGS
         jmp     tr_iret_user
         /*NOTREACHED*/
         SET_SIZE(sys_sysint_swapgs_iret)
         SET_SIZE(sys_syscall_int)