diff --git a/arch/x86/core/Kconfig.ia32 b/arch/x86/core/Kconfig.ia32 index 221f9fa68ae..3bb0f5e3593 100644 --- a/arch/x86/core/Kconfig.ia32 +++ b/arch/x86/core/Kconfig.ia32 @@ -43,16 +43,6 @@ endmenu menu "Processor Capabilities" -config X86_RETPOLINE - bool "Build with retpolines enabled in x86 assembly code" - depends on USERSPACE - help - This is recommended on platforms with speculative executions, to - protect against branch target injection (AKA Spectre-V2). Full - description of how retpolines work can be found here[1]. - - [1] https://support.google.com/faqs/answer/7625886 - config X86_ENABLE_TSS bool help diff --git a/arch/x86/core/ia32/excstub.S b/arch/x86/core/ia32/excstub.S index 4ecea506871..90d83eed153 100644 --- a/arch/x86/core/ia32/excstub.S +++ b/arch/x86/core/ia32/excstub.S @@ -161,7 +161,7 @@ SECTION_FUNC(TEXT, _exception_enter) allDone: pushl %esp /* push z_arch_esf_t * parameter */ - INDIRECT_CALL(%ecx) /* call exception handler */ + call *%ecx /* call exception handler */ addl $0x4, %esp #if defined(CONFIG_LAZY_FP_SHARING) diff --git a/arch/x86/core/ia32/intstub.S b/arch/x86/core/ia32/intstub.S index 1e46ed0e59a..3272bfb3c68 100644 --- a/arch/x86/core/ia32/intstub.S +++ b/arch/x86/core/ia32/intstub.S @@ -196,7 +196,7 @@ alreadyOnIntStack: sti /* re-enable interrupts */ #endif /* Now call the interrupt handler */ - INDIRECT_CALL(%edx) + call *%edx /* Discard ISR argument */ addl $0x4, %esp #ifdef CONFIG_NESTED_INTERRUPTS diff --git a/arch/x86/core/ia32/swap.S b/arch/x86/core/ia32/swap.S index 69f42c60bd9..ad5b9d89f13 100644 --- a/arch/x86/core/ia32/swap.S +++ b/arch/x86/core/ia32/swap.S @@ -417,5 +417,5 @@ time_read_not_needed: SECTION_FUNC(TEXT, z_x86_thread_entry_wrapper) movl $0, (%esp) - INDIRECT_JMP(%edi) + jmp *%edi #endif /* _THREAD_WRAPPER_REQUIRED */ diff --git a/arch/x86/core/ia32/userspace.S b/arch/x86/core/ia32/userspace.S index 399e66e59c3..fe97d75e4b3 100644 --- a/arch/x86/core/ia32/userspace.S +++ b/arch/x86/core/ia32/userspace.S @@ -212,7 +212,7 @@ _id_ok: mov _k_syscall_table(%edi, %esi, 4), %ebx /* Run the handler, which is some entry in _k_syscall_table */ - INDIRECT_CALL(%ebx) + call *%ebx /* EAX now contains return value. Pop or xor everything else to prevent * information leak from kernel mode. diff --git a/include/arch/x86/ia32/asm.h b/include/arch/x86/ia32/asm.h index ebae5eec437..3ef67803f29 100644 --- a/include/arch/x86/ia32/asm.h +++ b/include/arch/x86/ia32/asm.h @@ -14,53 +14,6 @@ #if defined(_ASMLANGUAGE) -#if defined(CONFIG_X86_RETPOLINE) -/* - * For a description of how retpolines are constructed for both indirect - * jumps and indirect calls, please refer to this documentation: - * https://support.google.com/faqs/answer/7625886 - * - * Since these macros are used in a few places in arch/x86/core assembly - * routines, with different reg parameters, it's not possible to use - * the "out of line" construction technique to share a trampoline. - */ - -#define INDIRECT_JMP_IMPL(reg, id) \ - call .set_up_target ## id; \ - .speculative_trap ## id: \ - pause; \ - jmp .speculative_trap ## id; \ - .set_up_target ## id: \ - mov reg, (%esp); \ - ret - -#define INDIRECT_CALL_IMPL(reg, id) \ - call .set_up_return ## id; \ - .inner_indirect_branch ## id: \ - call .set_up_target ## id; \ - .speculative_trap ## id: \ - pause; \ - jmp .speculative_trap ## id; \ - .set_up_target ## id: \ - mov reg, (%esp); \ - ret; \ - .set_up_return ## id: \ - call .inner_indirect_branch ## id - - -#define INDIRECT_CALL_IMPL1(reg, id) INDIRECT_CALL_IMPL(reg, id) -#define INDIRECT_JMP_IMPL1(reg, id) INDIRECT_JMP_IMPL(reg, id) - -#define INDIRECT_CALL(reg) INDIRECT_CALL_IMPL1(reg, __COUNTER__) -#define INDIRECT_JMP(reg) INDIRECT_JMP_IMPL1(reg, __COUNTER__) - -#else - -#define INDIRECT_CALL(reg) call *reg -#define INDIRECT_JMP(reg) jmp *reg - -#endif /* CONFIG_X86_RETPOLINE */ - #ifdef CONFIG_X86_KPTI GTEXT(z_x86_trampoline_to_user) GTEXT(z_x86_trampoline_to_kernel)