aarch64: Retpoline (Spectre-V2 mitigation) for aarch64.gcc-7_3_0-retpoline2-branch

The compiler option -mindirect-branch=<value> converts indirect
branch-and-link-register and branch-register instructions according to <value>.

The default is ``keep``, which keeps indirect branch-and-link-register and
branch-register instructions unmodified.

``thunk`` converts indirect branch-and-link-register/branch-register
instructions to a branch-and-link/branch to a function containing a retpoline
(to stop speculative execution) followed by a branch-register to the target.

``thunk-inline`` is similar to ``thunk``, but inlines the retpoline
before the branch-and-link-register/branch-register instruction.

``thunk-extern`` is also similar to ``thunk``, but does not insert the
functions containing the retpoline. When using this option, these functions
need to be provided in a separate object file. The retpoline functions exist
for each register and are named ``__aarch64_indirect_thunk_xN`` (N being the
register number).

It is also possible to override the indirect-branch setting for
individual fuctions using the function attribute ``indirect_branch``.

The actual retpoline instruction sequence, which prevents speculative
indirect branches looks like this::

        str     x30, [sp, #-16]!
        bl      101f
  100: //speculation trap
        wfe
        b       100b
  101: //do ROP
        adr     x30, 102f
        ret
  102: //non-spec code
        ldr     x30, [sp], #16

This patch has been tested with the included testcases and various other
source bases (benchmarks, retpoline-patched arm64 kernel, etc.).

Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>

0 files changed, 0 insertions, 0 deletions