From: Thomas Gleixner <tglx@linutronix.de>
To: Nikolay Borisov <nik.borisov@suse.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>
Cc: xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Juergen Gross <jgross@suse.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: Re: [PATCH 2/3] x86/cpu: fix unbootable VMs by inlining memcmp in hypervisor_cpuid_base
Date: Fri, 02 Aug 2024 15:29:16 +0200 [thread overview]
Message-ID: <877ccz12ab.ffs@tglx> (raw)
In-Reply-To: <824e522d-c9e2-4e24-8ce6-aca6573db06a@suse.com>
On Fri, Aug 02 2024 at 16:25, Nikolay Borisov wrote:
> On 2.08.24 г. 11:50 ч., Alexey Dobriyan wrote:
>> If this memcmp() is not inlined then PVH early boot code can call
>> into KASAN-instrumented memcmp() which results in unbootable VMs:
>>
>> pvh_start_xen
>> xen_prepare_pvh
>> xen_cpuid_base
>> hypervisor_cpuid_base
>> memcmp
>>
>> Ubuntu's gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) inlines
>> memcmp with patch and the bug is partially fixed.
>>
>> Leave FIXME just in case someone cares enough to compare 3 pairs of
>> integers like 3 pairs of integers.
>>
>> Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
>> ---
>>
>> arch/x86/include/asm/cpuid.h | 15 ++++++++++++++-
>> 1 file changed, 14 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/include/asm/cpuid.h b/arch/x86/include/asm/cpuid.h
>> index 6b122a31da06..3eca7824430e 100644
>> --- a/arch/x86/include/asm/cpuid.h
>> +++ b/arch/x86/include/asm/cpuid.h
>> @@ -196,7 +196,20 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
>> for_each_possible_hypervisor_cpuid_base(base) {
>> cpuid(base, &eax, &signature[0], &signature[1], &signature[2]);
>>
>> - if (!memcmp(sig, signature, 12) &&
>> + /*
>> + * FIXME rewrite cpuid comparators to accept uint32_t[3].
>> + *
>> + * This memcmp()
>> + * a) is called from PVH early boot code
>> + * before instrumentation is set up,
>> + * b) may be compiled to "call memcmp" (not inlined),
>> + * c) memcmp() itself may be instrumented.
>> + *
>> + * Any combination of 2 is fine, but all 3 aren't.
>> + *
>> + * Force inline this function call.
>> + */
>> + if (!__builtin_memcmp(sig, signature, 12) &&
>
> Instead of putting this giant FIXME, why not simply do the comparison as
> ints, i.e ((uint32_t)&sig[0]) == signature1 && ((uitn32_t)&sig[4]) ==
> signature2 && ((uint32_t)&sig[8] == signature_3 and be done with it?
Because a smart compiler might turn it into a memcmp() :
next prev parent reply other threads:[~2024-08-02 13:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-01 19:16 [PATCH 1/3] xen, pvh: fix unbootable VMs (PVH + KASAN) Alexey Dobriyan
2024-08-02 5:44 ` Jürgen Groß
2024-08-02 8:50 ` [PATCH 2/3] x86/cpu: fix unbootable VMs by inlining memcmp in hypervisor_cpuid_base Alexey Dobriyan
2024-08-02 12:56 ` Thomas Gleixner
2024-08-02 13:25 ` Nikolay Borisov
2024-08-02 13:29 ` Thomas Gleixner [this message]
2024-08-02 8:53 ` [PATCH 3/3] xen, pvh: fix unbootable VMs by inlining memset in xen_prepare_pvh Alexey Dobriyan
2024-08-02 12:57 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877ccz12ab.ffs@tglx \
--to=tglx@linutronix.de \
--cc=adobriyan@gmail.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.