[xen stable-4.17] x86/thunk: (Mis)align __x86_indirect_thunk_* to mitigate ITS

[patchbot@xxxxxxx]

commit ebf61f7699ad2b97f3a641a80f8b117122514f34
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Mon Apr 7 17:15:50 2025 +0200
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Mon May 12 17:32:24 2025 +0100

    x86/thunk: (Mis)align __x86_indirect_thunk_* to mitigate ITS
    
    The Indirect Target Selection speculative vulnerability means that indirect
    branches (including RETs) are unsafe when in the first half of a cacheline.
    
    Arrange for __x86_indirect_thunk_* to always be in the second half.
    
    This is part of XSA-469 / CVE-2024-28956
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    (cherry picked from commit d293cc9da9021a51915e058acd1f05e83a462aa9)
---
 xen/arch/x86/indirect-thunk.S | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/xen/arch/x86/indirect-thunk.S b/xen/arch/x86/indirect-thunk.S
index de6aef6068..e7ef104d3b 100644
--- a/xen/arch/x86/indirect-thunk.S
+++ b/xen/arch/x86/indirect-thunk.S
@@ -35,6 +35,16 @@
 .macro GEN_INDIRECT_THUNK reg:req
         .section .text.__x86_indirect_thunk_\reg, "ax", @progbits
 
+        /*
+         * The Indirect Target Selection speculative vulnerability means that
+         * indirect branches (including RETs) are unsafe when in the first
+         * half of a cacheline.  Arrange for them to be in the second half.
+         *
+         * Align to 64, then skip 32.
+         */
+        .balign 64
+        .fill 32, 1, 0xcc
+
 ENTRY(__x86_indirect_thunk_\reg)
         ALTERNATIVE_2 __stringify(IND_THUNK_RETPOLINE \reg),              \
         __stringify(IND_THUNK_LFENCE \reg), X86_FEATURE_IND_THUNK_LFENCE, \
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.17