From: Borislav Petkov <bp@alien8.de>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, linux-kernel@vger.kernel.org,
live-patching@vger.kernel.org, Michal Marek <mmarek@suse.cz>,
Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andi Kleen <andi@firstfloor.org>, Pedro Alves <palves@redhat.com>,
Namhyung Kim <namhyung@gmail.com>,
Bernd Petrovitsch <bernd@petrovitsch.priv.at>,
Chris J Arges <chris.j.arges@canonical.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jiri Slaby <jslaby@suse.cz>,
Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: Re: [PATCH v15 13/25] x86/reboot: Add ljmp instructions to stacktool whitelist
Date: Fri, 15 Jan 2016 11:41:45 +0100 [thread overview]
Message-ID: <20160115104145.GC25104@pd.tnic> (raw)
In-Reply-To: <20160115060652.GA16760@treble.redhat.com>
On Fri, Jan 15, 2016 at 12:06:52AM -0600, Josh Poimboeuf wrote:
> - xen_cpuid() uses some custom xen instructions which start with
> XEN_EMULATE_PREFIX. It corresponds to the following x86 instructions:
>
> ffffffff8107e572: 0f 0b ud2
> ffffffff8107e574: 78 65 js ffffffff8107e5db <xen_get_debugreg+0xa>
> ffffffff8107e576: 6e outsb %ds:(%rsi),(%dx)
>
> Apparently(?) xen treats the ud2 special when it's followed by "78 65
> 6e". This is confusing for stacktool because ud2 is normally a dead
> end, and it thinks the instructions after it will never run.
>
> (In theory stacktool could be taught to understand this hack, but
> that's a bad idea IMO)
Why, because it is not generic enough?
Well, you could add a cmdline option "--kernel" which is supplied when
checking the kernel and such kernel "idiosyncrasies" are handled only
then and there. And since the tool is part of the kernel, changes to
XEN_EMULATE_PREFIX, will have to be updated in stacktool too...
> - The error path in arch/x86/net/bpf_jit.S uses 'leaveq' to do a double
> return so that it returns from its caller's context. stacktool
> doesn't know how to distinguish this from a frame pointer programming
> bug. I think the only way to avoid a whitelist marker here would be
> to rewrite the bpf code to conform with more traditional rbp usage
> (but I don't know if that would really be a good idea because it would
> probably result in slower/more code).
Could also be part of the "--kernel"-specific checking and you could
match the containing ELF symbol bpf_error...
> - __bpf_prog_run() uses a jump table:
>
> goto *jumptable[insn->code];
>
> stacktool doesn't have an x86 emulator, so it doesn't know how to
> deterministically follow all possible branches for a dynamic jump.
>
> - schedule() mucks with the frame pointer which is normally not allowed.
I think if we put all those checks that under --kernel, the tool would
remain generic enough.
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
next prev parent reply other threads:[~2016-01-15 10:42 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-18 12:39 [PATCH v15 00/25] Compile-time stack metadata validation Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 01/25] tools: Fix formatting of the "make -C tools" help message Josh Poimboeuf
2016-01-13 9:40 ` [tip:perf/urgent] " tip-bot for Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 02/25] tools: Make list.h self-sufficient Josh Poimboeuf
2016-01-12 12:35 ` Borislav Petkov
2016-01-12 14:54 ` Arnaldo Carvalho de Melo
2016-01-12 15:59 ` Borislav Petkov
2016-01-12 17:16 ` Arnaldo Carvalho de Melo
2016-01-13 9:40 ` [tip:perf/urgent] " tip-bot for Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 03/25] tools subcmd: Add missing NORETURN define for parse-options.h Josh Poimboeuf
2016-01-13 9:41 ` [tip:perf/urgent] " tip-bot for Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 04/25] x86/asm: Frame pointer macro cleanup Josh Poimboeuf
2016-01-19 13:39 ` [tip:x86/asm] x86/asm: Clean up frame pointer macros tip-bot for Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 05/25] x86/asm: Add C versions of " Josh Poimboeuf
2016-01-19 13:40 ` [tip:x86/asm] " tip-bot for Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 06/25] x86/stacktool: Compile-time stack metadata validation Josh Poimboeuf
2016-01-12 14:48 ` Borislav Petkov
2016-01-12 15:06 ` Josh Poimboeuf
2016-01-12 16:10 ` Borislav Petkov
2016-01-19 12:02 ` Ingo Molnar
2015-12-18 12:39 ` [PATCH v15 07/25] x86/stacktool: Add file and directory ignores Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 08/25] x86/stacktool: Add ignore macros Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 09/25] x86/xen: Add stack frame dependency to hypercall inline asm calls Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 10/25] x86/paravirt: Add stack frame dependency to PVOP " Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 11/25] x86/paravirt: Create a stack frame in PV_CALLEE_SAVE_REGS_THUNK Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 12/25] x86/amd: Set ELF function type for vide() Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 13/25] x86/reboot: Add ljmp instructions to stacktool whitelist Josh Poimboeuf
2016-01-12 16:47 ` Borislav Petkov
2016-01-12 17:43 ` Josh Poimboeuf
2016-01-12 17:55 ` Borislav Petkov
2016-01-12 18:56 ` Josh Poimboeuf
2016-01-12 19:37 ` Borislav Petkov
2016-01-13 10:55 ` Ingo Molnar
2016-01-15 6:06 ` Josh Poimboeuf
2016-01-15 10:41 ` Borislav Petkov [this message]
2016-01-15 11:00 ` Ingo Molnar
2016-01-15 11:11 ` Borislav Petkov
2016-01-15 11:13 ` Ingo Molnar
2016-01-20 5:42 ` Josh Poimboeuf
2016-01-20 5:50 ` H. Peter Anvin
2016-01-20 6:09 ` Josh Poimboeuf
2016-01-20 10:44 ` Borislav Petkov
2016-01-15 10:56 ` Ingo Molnar
2015-12-18 12:39 ` [PATCH v15 14/25] x86/xen: Add xen_cpuid() and xen_setup_gdt() to stacktool whitelists Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 15/25] x86/asm/crypto: Create stack frames in aesni-intel_asm.S Josh Poimboeuf
2016-01-12 16:53 ` Borislav Petkov
2016-01-12 16:54 ` Borislav Petkov
2015-12-18 12:39 ` [PATCH v15 16/25] x86/asm/crypto: Move .Lbswap_mask data to .rodata section Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 17/25] x86/asm/crypto: Move jump_table " Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 18/25] x86/asm/crypto: Create stack frames in clmul_ghash_mul/update() Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 19/25] x86/asm/entry: Create stack frames in thunk functions Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 20/25] x86/asm/acpi: Create a stack frame in do_suspend_lowlevel() Josh Poimboeuf
2015-12-20 16:13 ` Rafael J. Wysocki
2015-12-18 12:39 ` [PATCH v15 21/25] x86/asm: Create stack frames in rwsem functions Josh Poimboeuf
2016-01-12 12:41 ` Borislav Petkov
2016-01-12 14:36 ` Josh Poimboeuf
2016-01-12 14:40 ` Borislav Petkov
2015-12-18 12:39 ` [PATCH v15 22/25] x86/asm/efi: Create a stack frame in efi_call() Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 23/25] x86/asm/power: Create stack frames in hibernate_asm_64.S Josh Poimboeuf
2015-12-20 16:14 ` Rafael J. Wysocki
2015-12-18 12:39 ` [PATCH v15 24/25] x86/uaccess: Add stack frame output operand in get_user inline asm Josh Poimboeuf
2015-12-18 12:39 ` [PATCH v15 25/25] x86/stacktool: Ignore head_$(BITS) files Josh Poimboeuf
2016-01-12 14:58 ` [PATCH v15 00/25] Compile-time stack metadata validation Arnaldo Carvalho de Melo
2016-01-12 17:17 ` Borislav Petkov
2016-01-12 17:50 ` Josh Poimboeuf
2016-01-12 18:04 ` Borislav Petkov
2016-01-13 10:18 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160115104145.GC25104@pd.tnic \
--to=bp@alien8.de \
--cc=acme@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=bernd@petrovitsch.priv.at \
--cc=chris.j.arges@canonical.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=live-patching@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=mmarek@suse.cz \
--cc=namhyung@gmail.com \
--cc=palves@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).