From: David Kaplan <david.kaplan@amd.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>, <x86@kernel.org>,
"H . Peter Anvin" <hpa@zytor.com>
Cc: Alexander Graf <graf@amazon.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
<linux-kernel@vger.kernel.org>
Subject: [RFC PATCH 46/56] x86/alternative: Add ITS re-patching support
Date: Mon, 13 Oct 2025 09:34:34 -0500 [thread overview]
Message-ID: <20251013143444.3999-47-david.kaplan@amd.com> (raw)
In-Reply-To: <20251013143444.3999-1-david.kaplan@amd.com>
Non-atomic memory allocations from execmem and memory permission changes
cannot be done under NMI context. Therefore, pages needed for ITS
trampolines are "pre-allocated" before actual re-patching is done. The
address for each unique trampoline is saved in the corresponding
retpoline_site structure for use later during actual re-patching.
Pre-allocation is only needed when ITS thunks were not being used but will
be used after the re-patch. Otherwise we can re-use existing memory that
has been allocated and configured.
If ITS thunks are no longer required, they can be free'd after the re-patch
has taken place.
Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
arch/x86/include/asm/alternative.h | 10 +++
arch/x86/kernel/alternative.c | 111 +++++++++++++++++++++++++++--
2 files changed, 114 insertions(+), 7 deletions(-)
diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h
index 00e60195d768..61ce8a4b1aa6 100644
--- a/arch/x86/include/asm/alternative.h
+++ b/arch/x86/include/asm/alternative.h
@@ -102,6 +102,13 @@ extern void reset_retpolines(s32 *start, s32 *end, struct module *mod);
extern void reset_returns(s32 *start, s32 *end, struct module *mod);
extern void reset_alternatives(struct alt_instr *start, struct alt_instr *end,
struct module *mod);
+#ifdef CONFIG_MITIGATION_ITS
+extern void its_prealloc(s32 *start, s32 *end, struct module *mod);
+extern void its_free_all(struct module *mod);
+#else
+void its_prealloc(s32 *start, s32 *end, struct module *mod) {}
+static __always_inline void its_free_all(struct module *mod) {}
+#endif
#endif
struct alt_site {
@@ -112,6 +119,9 @@ struct alt_site {
struct retpoline_site {
u8 bytes[6];
u8 len;
+#ifdef CONFIG_MITIGATION_ITS
+ u8 *its_thunk;
+#endif
} __packed;
extern void alternative_instructions(void);
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 5a543ffca10d..23bb3386ec5e 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -181,6 +181,11 @@ static void its_fini_core(void)
{
if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX))
its_pages_protect(&its_pages);
+
+ /* Need to keep the list of pages around in case we re-patch later. */
+ if (IS_ENABLED(CONFIG_DYNAMIC_MITIGATIONS))
+ return;
+
kfree(its_pages.pages);
}
@@ -887,13 +892,22 @@ static int emit_call_track_retpoline(void *addr, struct insn *insn, int reg, u8
}
#ifdef CONFIG_MITIGATION_ITS
-static int emit_its_trampoline(void *addr, struct insn *insn, int reg, u8 *bytes)
+static int emit_its_trampoline(void *addr, struct insn *insn, int reg, u8 *bytes,
+ struct retpoline_site *this_site)
{
u8 *thunk = __x86_indirect_its_thunk_array[reg];
- u8 *tmp = its_allocate_thunk(reg);
+ u8 *tmp;
- if (tmp)
- thunk = tmp;
+ if (!this_site || !this_site->its_thunk) {
+ tmp = its_allocate_thunk(reg);
+ if (tmp)
+ thunk = tmp;
+
+ if (this_site)
+ this_site->its_thunk = thunk;
+ } else {
+ thunk = this_site->its_thunk;
+ }
return __emit_trampoline(addr, insn, bytes, thunk, thunk);
}
@@ -952,7 +966,8 @@ static void prepend_nops(u8 *bytes, int curlen, int neededlen)
*
* It also tries to inline spectre_v2=retpoline,lfence when size permits.
*/
-static int patch_retpoline(void *addr, struct insn *insn, u8 *bytes)
+static int patch_retpoline(void *addr, struct insn *insn, u8 *bytes,
+ struct retpoline_site *this_site)
{
retpoline_thunk_t *target;
int reg, ret, i = 0;
@@ -1016,7 +1031,7 @@ static int patch_retpoline(void *addr, struct insn *insn, u8 *bytes)
* lower-half of the cacheline. Such branches need ITS mitigation.
*/
if (cpu_wants_indirect_its_thunk_at((unsigned long)addr + i, reg))
- return emit_its_trampoline(addr, insn, reg, bytes);
+ return emit_its_trampoline(addr, insn, reg, bytes, this_site);
#endif
ret = emit_indirect(op, reg, bytes + i, insn->length - i);
@@ -1124,7 +1139,7 @@ void __init_or_module noinline apply_retpolines(s32 *start, s32 *end, struct mod
memcpy(save_site[idx].bytes, addr, insn.length);
}
- len = patch_retpoline(addr, &insn, bytes);
+ len = patch_retpoline(addr, &insn, bytes, &save_site[idx]);
if (len == insn.length) {
optimize_nops(addr, bytes, len);
DUMP_BYTES(RETPOLINE, ((u8*)addr), len, "%px: orig: ", addr);
@@ -3371,4 +3386,86 @@ void reset_alternatives(struct alt_instr *start, struct alt_instr *end, struct m
text_poke_early(addr, sites[idx].pbytes, sites[idx].len);
}
}
+
+#ifdef CONFIG_MITIGATION_ITS
+void its_prealloc(s32 *start, s32 *end, struct module *mod)
+{
+ s32 *s;
+ u32 idx = 0;
+ struct retpoline_site *sites;
+
+ /* If its_page!=NULL it means that we already have ITS pages ready. */
+ if (!boot_cpu_has(X86_FEATURE_INDIRECT_THUNK_ITS) || its_page)
+ return;
+
+ if (!mod)
+ sites = retpoline_sites;
+ else
+ sites = mod->arch.retpoline_sites;
+
+ if (WARN_ON(!sites))
+ return;
+
+ for (s = start; s < end; s++, idx++) {
+ void *addr = (void *)s + *s;
+ struct insn insn;
+ int ret;
+ u8 bytes[16];
+
+ if (!should_patch(addr, mod))
+ continue;
+
+ /* We are decoding the original (compile-time) instruction. */
+ ret = insn_decode_kernel(&insn, sites[idx].bytes);
+
+ if (WARN_ON_ONCE(ret < 0))
+ continue;
+
+ /*
+ * This function prepares for patching but doesn't actually
+ * change any kernel text. We are using it to allocate and
+ * prepare the its pages, which will be used later during
+ * re-patching.
+ */
+ patch_retpoline(addr, &insn, bytes, &sites[idx]);
+ }
+}
+
+/* Free all ITS pages if no longer needed. */
+void its_free_all(struct module *mod)
+{
+ int i;
+ int num_sites;
+ struct retpoline_site *sites;
+ struct its_array *pages;
+
+ if (cpu_feature_enabled(X86_FEATURE_INDIRECT_THUNK_ITS))
+ return;
+
+ if (!mod) {
+ pages = &its_pages;
+ sites = retpoline_sites;
+ num_sites = num_retpoline_sites;
+ } else {
+ pages = &mod->arch.its_pages;
+ sites = mod->arch.retpoline_sites;
+ num_sites = mod->arch.num_retpoline_sites;
+ }
+
+ for (i = 0; i < num_sites; i++)
+ sites[i].its_thunk = NULL;
+
+ for (i = 0; i < pages->num; i++) {
+ void *page = pages->pages[i];
+
+ execmem_free(page);
+ }
+
+ kfree(pages->pages);
+ its_offset = 0;
+ pages->pages = NULL;
+ pages->num = 0;
+ its_page = NULL;
+}
+#endif
#endif
--
2.34.1
next prev parent reply other threads:[~2025-10-13 14:36 UTC|newest]
Thread overview: 175+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-13 14:33 [RFC PATCH 00/56] Dynamic mitigations David Kaplan
2025-10-13 14:33 ` [RFC PATCH 01/56] Documentation/admin-guide: Add documentation David Kaplan
2025-10-16 21:24 ` Josh Poimboeuf
2025-10-17 14:04 ` Kaplan, David
2025-10-18 13:39 ` Borislav Petkov
2025-10-20 13:53 ` Kaplan, David
2025-10-22 11:43 ` Borislav Petkov
2025-10-13 14:33 ` [RFC PATCH 02/56] x86/Kconfig: Add CONFIG_DYNAMIC_MITIGATIONS David Kaplan
2025-10-16 21:20 ` Josh Poimboeuf
2025-10-17 13:57 ` Kaplan, David
2025-10-13 14:33 ` [RFC PATCH 03/56] cpu: Reset global mitigations David Kaplan
2025-10-16 21:34 ` Josh Poimboeuf
2025-10-17 14:05 ` Kaplan, David
2025-10-17 14:19 ` Kaplan, David
2025-10-17 16:03 ` Josh Poimboeuf
2025-10-17 16:36 ` Borislav Petkov
2025-10-13 14:33 ` [RFC PATCH 04/56] x86/bugs: Reset spectre_v1 mitigations David Kaplan
2025-10-14 18:37 ` Dave Hansen
2025-10-14 19:16 ` Kaplan, David
2025-10-29 11:57 ` Borislav Petkov
2025-10-29 13:48 ` Kaplan, David
2025-11-03 18:24 ` Borislav Petkov
2025-10-13 14:33 ` [RFC PATCH 05/56] x86/bugs: Reset spectre_v2 mitigations David Kaplan
2025-11-03 19:31 ` Borislav Petkov
2025-11-03 20:10 ` Kaplan, David
2025-11-03 20:28 ` Borislav Petkov
2025-11-05 2:29 ` Josh Poimboeuf
2025-11-05 11:03 ` Borislav Petkov
2025-11-05 17:06 ` Josh Poimboeuf
2025-11-05 20:04 ` Borislav Petkov
2025-11-05 20:21 ` Kaplan, David
2025-11-05 20:52 ` Josh Poimboeuf
2025-11-14 17:14 ` [PATCH] x86/bugs: Get rid of the forward declarations Borislav Petkov
2025-11-14 19:19 ` Josh Poimboeuf
2025-11-14 19:31 ` Borislav Petkov
2025-11-14 20:04 ` Pawan Gupta
2025-10-13 14:33 ` [RFC PATCH 06/56] x86/bugs: Reset retbleed mitigations David Kaplan
2025-10-13 14:33 ` [RFC PATCH 07/56] x86/bugs: Reset spectre_v2_user mitigations David Kaplan
2025-10-16 12:54 ` Brendan Jackman
2025-10-16 14:06 ` Kaplan, David
2025-10-16 14:56 ` Brendan Jackman
2025-10-16 15:26 ` Kaplan, David
2025-10-16 16:13 ` Brendan Jackman
2025-11-26 11:23 ` Borislav Petkov
2025-12-01 16:53 ` Kaplan, David
2025-12-03 12:31 ` Borislav Petkov
2025-12-03 17:02 ` Kaplan, David
2025-12-03 17:35 ` Borislav Petkov
2025-12-03 20:14 ` Kaplan, David
2025-12-04 15:07 ` Borislav Petkov
2025-10-13 14:33 ` [RFC PATCH 08/56] x86/bugs: Reset SSB mitigations David Kaplan
2025-10-17 15:13 ` Nikolay Borisov
2025-10-17 15:56 ` Kaplan, David
2026-01-20 13:07 ` Borislav Petkov
2025-10-13 14:33 ` [RFC PATCH 09/56] x86/bugs: Reset L1TF mitigations David Kaplan
2025-10-13 14:33 ` [RFC PATCH 10/56] x86/bugs: Reset MDS mitigations David Kaplan
2025-10-13 14:33 ` [RFC PATCH 11/56] x86/bugs: Reset MMIO mitigations David Kaplan
2026-01-26 13:05 ` Borislav Petkov
2026-01-26 14:51 ` Kaplan, David
2025-10-13 14:34 ` [RFC PATCH 12/56] x86/bugs: Reset SRBDS mitigations David Kaplan
2025-10-13 14:34 ` [RFC PATCH 13/56] x86/bugs: Reset SRSO mitigations David Kaplan
2025-10-13 14:34 ` [RFC PATCH 14/56] x86/bugs: Reset GDS mitigations David Kaplan
2025-10-24 2:40 ` Pawan Gupta
2025-10-24 14:43 ` Kaplan, David
2025-10-13 14:34 ` [RFC PATCH 15/56] x86/bugs: Reset BHI mitigations David Kaplan
2025-10-24 2:49 ` Pawan Gupta
2025-10-24 15:02 ` Kaplan, David
2025-10-13 14:34 ` [RFC PATCH 16/56] x86/bugs: Reset ITS mitigation David Kaplan
2025-10-13 14:34 ` [RFC PATCH 17/56] x86/bugs: Reset TSA mitigations David Kaplan
2025-10-13 14:34 ` [RFC PATCH 18/56] x86/bugs: Reset VMSCAPE mitigations David Kaplan
2025-10-13 14:34 ` [RFC PATCH 19/56] x86/bugs: Define bugs_smt_disable() David Kaplan
2025-10-13 14:34 ` [RFC PATCH 20/56] x86/bugs: Move bugs.c logic out of .init section David Kaplan
2025-10-16 12:31 ` Brendan Jackman
2025-10-16 13:46 ` Kaplan, David
2025-10-16 14:33 ` Brendan Jackman
2025-10-13 14:34 ` [RFC PATCH 21/56] x86/callthunks: Move logic out of .init David Kaplan
2025-10-13 14:34 ` [RFC PATCH 22/56] cpu: Move mitigation " David Kaplan
2025-10-13 14:34 ` [RFC PATCH 23/56] x86/vmlinux.lds: Move alternative sections David Kaplan
2025-10-13 14:34 ` [RFC PATCH 24/56] x86/vmlinux.lds: Move altinstr_aux conditionally David Kaplan
2025-10-13 14:34 ` [RFC PATCH 25/56] x86/vmlinux.lds: Define __init_alt_end David Kaplan
2025-10-13 14:34 ` [RFC PATCH 26/56] module: Save module ELF info David Kaplan
2025-10-13 14:34 ` [RFC PATCH 27/56] x86/mm: Conditionally free alternative sections David Kaplan
2025-10-13 14:34 ` [RFC PATCH 28/56] stop_machine: Add stop_machine_nmi() David Kaplan
2026-01-09 22:16 ` Chang S. Bae
2026-01-09 22:19 ` Kaplan, David
2025-10-13 14:34 ` [RFC PATCH 29/56] x86/apic: Add self-NMI support David Kaplan
2025-10-13 14:34 ` [RFC PATCH 30/56] x86/nmi: Add support for stop_machine_nmi() David Kaplan
2025-10-13 14:34 ` [RFC PATCH 31/56] x86/alternative: Prepend nops with retpolines David Kaplan
2025-10-16 10:32 ` Peter Zijlstra
2025-10-16 11:08 ` Peter Zijlstra
2025-10-16 11:07 ` Peter Zijlstra
2025-10-16 11:10 ` Peter Zijlstra
2025-10-16 11:23 ` Peter Zijlstra
2025-10-16 13:27 ` Kaplan, David
2025-10-16 14:07 ` Peter Zijlstra
2025-10-16 14:16 ` Kaplan, David
2025-10-16 14:23 ` Peter Zijlstra
2025-10-22 8:41 ` David Laight
2025-10-22 10:40 ` Peter Zijlstra
2025-10-13 14:34 ` [RFC PATCH 32/56] x86/alternative: Add module param David Kaplan
2025-10-13 14:34 ` [RFC PATCH 33/56] x86/alternative: Avoid re-patching init code David Kaplan
2025-10-13 14:34 ` [RFC PATCH 34/56] x86/alternative: Save old bytes for alternatives David Kaplan
2025-10-15 10:38 ` Juergen Gross
2025-10-15 13:45 ` Kaplan, David
2025-10-27 11:34 ` Nikolay Borisov
2025-10-27 14:19 ` Kaplan, David
2025-10-29 9:37 ` Nikolay Borisov
2025-10-29 16:26 ` Kaplan, David
2025-10-29 22:14 ` David Laight
2025-10-30 14:39 ` Kaplan, David
2025-10-30 15:42 ` Nikolay Borisov
2025-10-30 15:49 ` Kaplan, David
2025-10-13 14:34 ` [RFC PATCH 35/56] x86/alternative: Save old bytes for retpolines David Kaplan
2025-10-13 14:34 ` [RFC PATCH 36/56] x86/alternative: Do not recompute len on re-patch David Kaplan
2025-10-13 14:34 ` [RFC PATCH 37/56] x86/alternative: Reset alternatives David Kaplan
2025-10-13 14:34 ` [RFC PATCH 38/56] x86/callthunks: Reset callthunks David Kaplan
2025-10-13 14:34 ` [RFC PATCH 39/56] x86/sync_core: Add sync_core_nmi_safe() David Kaplan
2025-10-13 14:34 ` [RFC PATCH 40/56] x86/alternative: Use sync_core_nmi_safe() David Kaplan
2025-10-16 10:35 ` Peter Zijlstra
2025-10-16 14:40 ` Kaplan, David
2025-10-16 14:47 ` Peter Zijlstra
2025-10-16 15:34 ` Kaplan, David
2025-10-16 16:15 ` Dave Hansen
2025-10-16 16:27 ` Borislav Petkov
2025-10-16 18:52 ` Peter Zijlstra
2025-10-16 18:56 ` Kaplan, David
2025-10-16 18:58 ` Peter Zijlstra
2025-10-16 21:53 ` Andrew Cooper
2025-10-20 14:49 ` Kaplan, David
2025-10-20 15:01 ` Peter Zijlstra
2025-10-23 18:50 ` Kaplan, David
2025-10-23 19:26 ` Andrew Cooper
2025-10-23 21:23 ` David Laight
2025-10-21 2:13 ` H. Peter Anvin
2025-10-13 14:34 ` [RFC PATCH 41/56] static_call: Add update_all_static_calls() David Kaplan
2025-10-13 14:34 ` [RFC PATCH 42/56] module: Make memory writeable for re-patching David Kaplan
2025-10-13 14:34 ` [RFC PATCH 43/56] module: Update alternatives David Kaplan
2025-10-13 14:34 ` [RFC PATCH 44/56] x86/module: " David Kaplan
2025-10-13 14:34 ` [RFC PATCH 45/56] x86/alternative: Use boot_cpu_has in ITS code David Kaplan
2025-10-13 14:34 ` David Kaplan [this message]
2025-10-13 14:34 ` [RFC PATCH 47/56] x86/module: Add ITS re-patch support for modules David Kaplan
2025-10-13 14:34 ` [RFC PATCH 48/56] x86/bugs: Move code for updating speculation MSRs David Kaplan
2025-10-13 14:34 ` [RFC PATCH 49/56] x86/fpu: Qualify warning in os_xsave David Kaplan
2025-10-13 14:34 ` [RFC PATCH 50/56] x86/alternative: Add re-patch support David Kaplan
2025-10-31 10:22 ` Nikolay Borisov
2025-11-04 16:54 ` Kaplan, David
2025-10-13 14:34 ` [RFC PATCH 51/56] cpu: Parse string of mitigation options David Kaplan
2025-10-13 14:34 ` [RFC PATCH 52/56] x86/bugs: Support parsing " David Kaplan
2025-10-27 11:31 ` Nikolay Borisov
2025-10-27 13:56 ` Kaplan, David
2025-10-13 14:34 ` [RFC PATCH 53/56] drivers/cpu: Re-patch mitigations through sysfs David Kaplan
2025-10-27 12:25 ` Nikolay Borisov
2025-10-27 13:59 ` Kaplan, David
2025-10-13 14:34 ` [RFC PATCH 54/56] x86/debug: Create debugfs interface to x86_capabilities David Kaplan
2025-10-13 14:34 ` [RFC PATCH 55/56] x86/debug: Show return thunk in debugfs David Kaplan
2025-10-27 12:29 ` Nikolay Borisov
2025-10-27 14:24 ` David Laight
2025-10-13 14:34 ` [RFC PATCH 56/56] x86/debug: Show static branch config " David Kaplan
2025-10-14 16:29 ` [RFC PATCH 00/56] Dynamic mitigations Josh Poimboeuf
2025-10-14 18:06 ` Kaplan, David
2025-10-15 9:14 ` Alexander Graf
2025-10-15 23:06 ` Boris Ostrovsky
2025-10-16 12:21 ` Brendan Jackman
2025-10-15 4:10 ` Aaron Rainbolt
2025-10-15 13:53 ` Kaplan, David
2025-10-15 15:43 ` Josh Poimboeuf
2025-10-15 15:51 ` Kaplan, David
2025-10-15 16:02 ` Josh Poimboeuf
2025-10-15 16:10 ` Kaplan, David
2025-10-16 10:00 ` Nicolas Bouchinet
2025-10-16 13:42 ` Kaplan, David
2025-10-16 13:55 ` Nicolas Bouchinet
2025-10-16 13:56 ` Kaplan, David
2025-10-24 5:00 ` Pawan Gupta
2025-10-24 13:41 ` Kaplan, David
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251013143444.3999-47-david.kaplan@amd.com \
--to=david.kaplan@amd.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=graf@amazon.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox