public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Thomas Gleixner <tglx@linutronix.de>
To: LKML <linux-kernel@vger.kernel.org>
Cc: paul.gortmaker@windriver.com, x86@kernel.org,
	regressions@leemhuis.info, richard.purdie@linuxfoundation.org,
	regressions@lists.linux.dev
Subject: [patch 2/2] x86/alternatives: Disable interrupts and sync when optimizing NOPs in place
Date: Thu,  7 Dec 2023 20:49:26 +0100 (CET)	[thread overview]
Message-ID: <20231207194518.401797191@linutronix.de> (raw)
In-Reply-To: 20231207193859.961361261@linutronix.de

apply_alternatives() treats alternatives with the ALT_FLAG_NOT flag set
special as it optimizes the existing NOPs in place.

Unfortunately this happens with interrupts enabled and does not provide any
form of core synchronization.

So an interrupt hitting in the middle of the update and using the affected
code path will observe a half updated NOP and crash and burn. The following
3 NOP sequence was observed to expose this crash halfways reliably under
QEMU 32bit:

   0x90 0x90 0x90

which is replaced by the optimized 3 byte NOP:

   0x8d 0x76 0x00

So an interrupt can observe:

   1) 0x90 0x90 0x90		nop nop nop
   2) 0x8d 0x90 0x90		undefined
   3) 0x8d 0x76 0x90		lea    -0x70(%esi),%esi
   4) 0x8d 0x76 0x00		lea     0x0(%esi),%esi

Where only #1 and #4 are true NOPs. The same problem exists for 64bit obviously.

Disable interrupts around this NOP optimization and invoke sync_core()
before reenabling them.

Fixes: 270a69c4485d ("x86/alternative: Support relocations in alternatives")
Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
---
 arch/x86/kernel/alternative.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -255,6 +255,16 @@ static void __init_or_module noinline op
 	}
 }
 
+static void __init_or_module noinline optimize_nops_inplace(u8 *instr, size_t len)
+{
+	unsigned long flags;
+
+	local_irq_save(flags);
+	optimize_nops(instr, len);
+	sync_core();
+	local_irq_restore(flags);
+}
+
 /*
  * In this context, "source" is where the instructions are placed in the
  * section .altinstr_replacement, for example during kernel build by the
@@ -438,7 +448,7 @@ void __init_or_module noinline apply_alt
 		 *   patch if feature is *NOT* present.
 		 */
 		if (!boot_cpu_has(a->cpuid) == !(a->flags & ALT_FLAG_NOT)) {
-			optimize_nops(instr, a->instrlen);
+			optimize_nops_inplace(instr, a->instrlen);
 			continue;
 		}
 


  parent reply	other threads:[~2023-12-07 19:49 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-29 18:41 32 bit qemu regression from v6.5 tip pull [6c480f222128 x86/alternative: Rewrite optimize_nops() some] Paul Gortmaker
2023-10-30  8:26 ` Peter Zijlstra
2023-10-30 10:55   ` Richard Purdie
2023-10-30 11:44     ` Peter Zijlstra
2023-10-30 15:28       ` Paul Gortmaker
2023-10-30 18:24         ` Thomas Gleixner
2023-10-30 19:30           ` Thomas Gleixner
2023-10-31 15:40             ` Paul Gortmaker
2023-11-11 11:51               ` Linux regression tracking (Thorsten Leemhuis)
2023-11-22 14:11                 ` Richard Purdie
2023-11-29  8:57                 ` Thomas Gleixner
2023-12-06 15:46                   ` Paul Gortmaker
2023-12-07 16:34                     ` Thomas Gleixner
2023-12-07 16:52                       ` Paul Gortmaker
2023-12-07 19:49                   ` [patch 0/2] x86/alternatives: Prevent crash in NOP optimizer Thomas Gleixner
2023-12-07 19:49                     ` [patch 1/2] x86/alternatives: Sync core before enabling interrupts Thomas Gleixner
2023-12-07 19:49                     ` Thomas Gleixner [this message]
2023-12-08 13:22                       ` [patch 2/2] x86/alternatives: Disable interrupts and sync when optimizing NOPs in place Borislav Petkov
2023-12-08 13:37                         ` Thomas Gleixner
2023-12-08  8:35                     ` [patch 0/2] x86/alternatives: Prevent crash in NOP optimizer Paul Gortmaker
2023-12-15  9:10                     ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231207194518.401797191@linutronix.de \
    --to=tglx@linutronix.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paul.gortmaker@windriver.com \
    --cc=regressions@leemhuis.info \
    --cc=regressions@lists.linux.dev \
    --cc=richard.purdie@linuxfoundation.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox