From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, "H. Peter Anvin" <hpa@zytor.com>,
"Andy Lutomirski" <luto@amacapital.net>,
"Borislav Petkov" <bp@suse.de>, "Borislav Petkov" <bp@alien8.de>,
"Denys Vlasenko" <dvlasenk@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Oleg Nesterov" <oleg@redhat.com>,
"Ingo Molnar" <mingo@kernel.org>,
"Quentin Casasnovas" <quentin.casasnovas@oracle.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
"Brian Gerst" <brgerst@gmail.com>
Subject: [PATCH 3.2 050/104] x86/alternatives: Fix ALTERNATIVE_2 padding generation properly
Date: Mon, 12 Mar 2018 03:03:34 +0000 [thread overview]
Message-ID: <lsq.1520823814.59040219@decadent.org.uk> (raw)
In-Reply-To: <lsq.1520823814.606620518@decadent.org.uk>
3.2.101-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Borislav Petkov <bp@suse.de>
commit dbe4058a6a44af4ca5d146aebe01b0a1f9b7fd2a upstream.
Quentin caught a corner case with the generation of instruction
padding in the ALTERNATIVE_2 macro: if len(orig_insn) <
len(alt1) < len(alt2), then not enough padding gets added and
that is not good(tm) as we could overwrite the beginning of the
next instruction.
Luckily, at the time of this writing, we don't have
ALTERNATIVE_2() invocations which have that problem and even if
we did, a simple fix would be to prepend the instructions with
enough prefixes so that that corner case doesn't happen.
However, best it would be if we fixed it properly. See below for
a simple, abstracted example of what we're doing.
So what we ended up doing is, we compute the
max(len(alt1), len(alt2)) - len(orig_insn)
and feed that value to the .skip gas directive. The max() cannot
have conditionals due to gas limitations, thus the fancy integer
math.
With this patch, all ALTERNATIVE_2 sites get padded correctly;
generating obscure test cases pass too:
#define alt_max_short(a, b) ((a) ^ (((a) ^ (b)) & -(-((a) < (b)))))
#define gen_skip(orig, alt1, alt2, marker) \
.skip -((alt_max_short(alt1, alt2) - (orig)) > 0) * \
(alt_max_short(alt1, alt2) - (orig)),marker
.pushsection .text, "ax"
.globl main
main:
gen_skip(1, 2, 4, 0x09)
gen_skip(4, 1, 2, 0x10)
...
.popsection
Thanks to Quentin for catching it and double-checking the fix!
Reported-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20150404133443.GE21152@pd.tnic
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/include/asm/alternative-asm.h | 14 ++++++++++++--
arch/x86/include/asm/alternative.h | 16 ++++++++++++----
arch/x86/kernel/alternative.c | 4 ++--
3 files changed, 26 insertions(+), 8 deletions(-)
--- a/arch/x86/include/asm/alternative-asm.h
+++ b/arch/x86/include/asm/alternative-asm.h
@@ -45,12 +45,22 @@
.popsection
.endm
+#define old_len 141b-140b
+#define new_len1 144f-143f
+#define new_len2 145f-144f
+
+/*
+ * max without conditionals. Idea adapted from:
+ * http://graphics.stanford.edu/~seander/bithacks.html#IntegerMinOrMax
+ */
+#define alt_max_short(a, b) ((a) ^ (((a) ^ (b)) & -(-((a) < (b)))))
+
.macro ALTERNATIVE_2 oldinstr, newinstr1, feature1, newinstr2, feature2
140:
\oldinstr
141:
- .skip -(((144f-143f)-(141b-140b)) > 0) * ((144f-143f)-(141b-140b)),0x90
- .skip -(((145f-144f)-(144f-143f)-(141b-140b)) > 0) * ((145f-144f)-(144f-143f)-(141b-140b)),0x90
+ .skip -((alt_max_short(new_len1, new_len2) - (old_len)) > 0) * \
+ (alt_max_short(new_len1, new_len2) - (old_len)),0x90
142:
.pushsection .altinstructions,"a"
--- a/arch/x86/include/asm/alternative.h
+++ b/arch/x86/include/asm/alternative.h
@@ -95,13 +95,21 @@ static inline int alternatives_text_rese
alt_end_marker ":\n"
/*
+ * max without conditionals. Idea adapted from:
+ * http://graphics.stanford.edu/~seander/bithacks.html#IntegerMinOrMax
+ *
+ * The additional "-" is needed because gas works with s32s.
+ */
+#define alt_max_short(a, b) "((" a ") ^ (((" a ") ^ (" b ")) & -(-((" a ") - (" b ")))))"
+
+/*
* Pad the second replacement alternative with additional NOPs if it is
* additionally longer than the first replacement alternative.
*/
-#define OLDINSTR_2(oldinstr, num1, num2) \
- __OLDINSTR(oldinstr, num1) \
- ".skip -(((" alt_rlen(num2) ")-(" alt_rlen(num1) ")-(662b-661b)) > 0) * " \
- "((" alt_rlen(num2) ")-(" alt_rlen(num1) ")-(662b-661b)),0x90\n" \
+#define OLDINSTR_2(oldinstr, num1, num2) \
+ "661:\n\t" oldinstr "\n662:\n" \
+ ".skip -((" alt_max_short(alt_rlen(num1), alt_rlen(num2)) " - (" alt_slen ")) > 0) * " \
+ "(" alt_max_short(alt_rlen(num1), alt_rlen(num2)) " - (" alt_slen ")), 0x90\n" \
alt_end_marker ":\n"
#define ALTINSTR_ENTRY(feature, num) \
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -370,11 +370,11 @@ void __init_or_module apply_alternatives
continue;
}
- DPRINTK("feat: %d*32+%d, old: (%p, len: %d), repl: (%p, len: %d)",
+ DPRINTK("feat: %d*32+%d, old: (%p, len: %d), repl: (%p, len: %d), pad: %d",
a->cpuid >> 5,
a->cpuid & 0x1f,
instr, a->instrlen,
- replacement, a->replacementlen);
+ replacement, a->replacementlen, a->padlen);
DUMP_BYTES(instr, a->instrlen, "%p: old_insn: ", instr);
DUMP_BYTES(replacement, a->replacementlen, "%p: rpl_insn: ", replacement);
next prev parent reply other threads:[~2018-03-12 3:41 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 3:03 [PATCH 3.2 000/104] 3.2.101-rc1 review Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 002/104] Bluetooth: Remove unused hci_le_ltk_reply() Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 086/104] x86/get_user: Use pointer masking to limit speculation Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 019/104] ath6kl: fix struct hif_scatter_req list handling Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 061/104] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 063/104] x86/retpoline/xen: Convert Xen hypercall " Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 031/104] KVM: SVM: Make use of asm.h Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 099/104] nospec: Kill array_index_nospec_mask_check() Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 020/104] modpost: reduce visibility of symbols and constify r/o arrays Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 060/104] x86/retpoline/entry: Convert entry assembler indirect jumps Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 028/104] x86/bitops: Move BIT_64() for a wider use Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 026/104] staging/wlan-ng: Fix 'Branch condition evaluates to a garbage value' in p80211netdev.c Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 022/104] fs: namespace: suppress 'may be used uninitialized' warnings Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 040/104] x86/cpufeatures: Make CPU bugs sticky Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 064/104] x86/retpoline/checksum32: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 096/104] x86/cpufeatures: Clean up Spectre v2 related CPUID flags Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 043/104] x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 083/104] array_index_nospec: Sanitize speculative array de-references Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 067/104] x86/retpoline: Remove compile time warning Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 029/104] x86, alternative: Add header guards to <asm/alternative-asm.h> Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 023/104] [media] max2165: trival fix for some -Wuninitialized warning Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 010/104] rtlwifi: initialize local array and set value Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 066/104] x86/retpoline: Fill return stack buffer on vmexit Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 093/104] x86/retpoline: Avoid retpolines for built-in __init functions Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 037/104] kvm: vmx: Scrub hardware GPRs at VM-exit Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 084/104] x86: Implement array_index_mask_nospec Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 104/104] cris: Remove old legacy "-traditional" flag from arch-v10/lib/Makefile Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 004/104] brcm80211: Remove bogus memcpy in ai_detach Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 057/104] x86/asm: Use register variable to get stack pointer value Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 058/104] x86/retpoline: Add initial retpoline support Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 059/104] x86/spectre: Add boot time option to select Spectre v2 mitigation Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 013/104] usb: renesas_usbhs: tidyup original usbhsx_for_each_xxx macro Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 027/104] kconfig: fix IS_ENABLED to not require all options to be defined Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 053/104] x86/cpu/AMD: Make LFENCE a serializing instruction Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 103/104] x86: fix build warnign with 32-bit PAE Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 011/104] Removed unused typedef to avoid "unused local typedef" warnings Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 006/104] Turn off -Wmaybe-uninitialized when building with -Os Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 039/104] x86/cpu: Factor out application of forced CPU caps Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 045/104] x86/cpu: Merge bugs.c and bugs_64.c Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 078/104] x86/nospec: Fix header guards names Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 055/104] x86/asm: Make asm/alternative.h safe from assembly Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 021/104] modpost: don't emit section mismatch warnings for compiler optimizations Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 101/104] x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 068/104] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 003/104] rtlwifi: rtl8192se: Fix gcc 4.7.x warning Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 088/104] vfs, fdtable: Prevent bounds-check bypass via speculative execution Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 056/104] kconfig.h: use __is_defined() to check if MODULE is defined Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 085/104] x86: Introduce barrier_nospec Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 042/104] x86/cpu, x86/pti: Do not enable PTI on AMD processors Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 052/104] x86/alternatives: Fix optimize_nops() checking Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 008/104] rtlwifi: rtl8192de: Fix W=1 build warnings Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 091/104] x86/paravirt: Remove 'noreplace-paravirt' cmdline option Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 089/104] x86/spectre: Report get_user mitigation for spectre_v1 Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 070/104] kprobes/x86: Blacklist indirect thunk functions for kprobes Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 079/104] x86/bugs: Drop one "mitigation" from dmesg Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 073/104] x86/retpoline: Optimize inline assembler for vmexit_fill_RSB Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 036/104] x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 033/104] x86, asm: Extend definitions of _ASM_* with a raw format Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 044/104] x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 017/104] SELinux: security_load_policy: Silence frame-larger-than warning Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 041/104] x86/cpufeatures: Add X86_BUG_CPU_INSECURE Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 001/104] brcmfmac: work-around gcc 4.7 build issue Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 046/104] sysfs/cpu: Add vulnerability folder Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 072/104] x86/pti: Document fix wrong index Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 025/104] atp: remove set_rx_mode_8012() Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 047/104] x86/cpu: Implement CPU vulnerabilites sysfs functions Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 016/104] gcov: compile specific gcov implementation based on gcc version Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 007/104] rtlwifi: rtl8192c: Fix W=1 warning Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 090/104] x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 074/104] x86/cpu/intel: Introduce macros for Intel family numbers Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 077/104] module/retpoline: Warn about missing retpoline in module Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 097/104] x86/spectre: Fix an error message Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 062/104] x86/retpoline/hyperv: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 038/104] x86/Documentation: Add PTI description Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 095/104] x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 049/104] x86/alternatives: Guard NOPs optimization Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 034/104] bitops: Introduce BIT_ULL Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 100/104] nospec: Include <asm/barrier.h> dependency Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 035/104] x86: Add another set of MSR accessor functions Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 082/104] Documentation: Document array_index_nospec Ben Hutchings
2018-03-12 3:03 ` Ben Hutchings [this message]
2018-03-12 3:03 ` [PATCH 3.2 069/104] retpoline: Introduce start/end markers of indirect thunk Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 098/104] nospec: Move array_index_nospec() parameter checking into separate macro Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 014/104] gcov: move gcov structs definitions to a gcc version specific file Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 032/104] x86, cpu: Expand cpufeature facility to include cpu bugs Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 024/104] [media] budget-av: only use t_state if initialized Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 051/104] x86/alternatives: Make optimize_nops() interrupt safe and synced Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 015/104] gcov: add support for gcc 4.7 gcov format Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 102/104] x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 048/104] sysfs/cpu: Fix typos in vulnerability documentation Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 087/104] x86/syscall: Sanitize syscall table de-references under speculation Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 018/104] gcov: add support for GCC 4.9 Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 076/104] x86/retpoline: Remove the esp/rsp thunk Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 005/104] ath6kl: fix uninitialized variable in ath6kl_sdio_enable_scatter() Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 075/104] x86/retpoline: Fill RSB on context switch for affected CPUs Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 092/104] x86/kvm: Update spectre-v1 mitigation Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 009/104] rtl8192c:dm: Properly initialize local array and set value Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 054/104] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 094/104] x86/spectre: Simplify spectre_v2 command line parsing Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 030/104] KVM: VMX: Make use of asm.h Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 080/104] x86/cpu/bugs: Make retpoline module warning conditional Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 065/104] x86/retpoline/irq32: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 012/104] usb: renesas_usbhs: fixup __usbhs_for_each_pipe 1st pos Ben Hutchings
2018-03-12 3:03 ` [PATCH 3.2 071/104] kprobes/x86: Disable optimizing on the function jumps to indirect thunk Ben Hutchings
2018-03-12 14:54 ` [PATCH 3.2 000/104] 3.2.101-rc1 review Guenter Roeck
2018-03-12 19:53 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1520823814.59040219@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=bp@suse.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=oleg@redhat.com \
--cc=quentin.casasnovas@oracle.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox