From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org,
"Ananth N Mavinakayanahalli" <ananth@linux.vnet.ibm.com>,
"Andi Kleen" <ak@linux.intel.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Peter Zijlstra" <peterz@infradead.org>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Arjan van de Ven" <arjan@linux.intel.com>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Greg Kroah-Hartman" <gregkh@linux-foundation.org>
Subject: [PATCH 3.16 37/76] kprobes/x86: Disable optimizing on the function jumps to indirect thunk
Date: Mon, 12 Mar 2018 03:06:12 +0000 [thread overview]
Message-ID: <lsq.1520823972.709477170@decadent.org.uk> (raw)
In-Reply-To: <lsq.1520823971.5976735@decadent.org.uk>
3.16.56-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <mhiramat@kernel.org>
commit c86a32c09f8ced67971a2310e3b0dda4d1749007 upstream.
Since indirect jump instructions will be replaced by jump
to __x86_indirect_thunk_*, those jmp instruction must be
treated as an indirect jump. Since optprobe prohibits to
optimize probes in the function which uses an indirect jump,
it also needs to find out the function which jump to
__x86_indirect_thunk_* and disable optimization.
Add a check that the jump target address is between the
__indirect_thunk_start/end when optimizing kprobe.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: David Woodhouse <dwmw@amazon.co.uk>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Link: https://lkml.kernel.org/r/151629212062.10241.6991266100233002273.stgit@devbox
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/kernel/kprobes/opt.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/kprobes/opt.c
+++ b/arch/x86/kernel/kprobes/opt.c
@@ -36,6 +36,7 @@
#include <asm/alternative.h>
#include <asm/insn.h>
#include <asm/debugreg.h>
+#include <asm/nospec-branch.h>
#include "common.h"
@@ -191,7 +192,7 @@ static int copy_optimized_instructions(u
}
/* Check whether insn is indirect jump */
-static int insn_is_indirect_jump(struct insn *insn)
+static int __insn_is_indirect_jump(struct insn *insn)
{
return ((insn->opcode.bytes[0] == 0xff &&
(X86_MODRM_REG(insn->modrm.value) & 6) == 4) || /* Jump */
@@ -225,6 +226,26 @@ static int insn_jump_into_range(struct i
return (start <= target && target <= start + len);
}
+static int insn_is_indirect_jump(struct insn *insn)
+{
+ int ret = __insn_is_indirect_jump(insn);
+
+#ifdef CONFIG_RETPOLINE
+ /*
+ * Jump to x86_indirect_thunk_* is treated as an indirect jump.
+ * Note that even with CONFIG_RETPOLINE=y, the kernel compiled with
+ * older gcc may use indirect jump. So we add this check instead of
+ * replace indirect-jump check.
+ */
+ if (!ret)
+ ret = insn_jump_into_range(insn,
+ (unsigned long)__indirect_thunk_start,
+ (unsigned long)__indirect_thunk_end -
+ (unsigned long)__indirect_thunk_start);
+#endif
+ return ret;
+}
+
/* Decode whole function to ensure any instructions don't jump into target */
static int can_optimize(unsigned long paddr)
{
next prev parent reply other threads:[~2018-03-12 3:06 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 3:06 [PATCH 3.16 00/76] 3.16.56-rc1 review Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 74/76] x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 19/76] x86/asm: Make asm/alternative.h safe from assembly Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 73/76] x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 06/76] x86/cpu, x86/pti: Do not enable PTI on AMD processors Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 03/76] x86/cpu: Factor out application of forced CPU caps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 12/76] sysfs/cpu: Fix typos in vulnerability documentation Ben Hutchings
2018-03-12 3:06 ` Ben Hutchings [this message]
2018-03-12 3:06 ` [PATCH 3.16 26/76] x86/retpoline/entry: Convert entry assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 11/76] x86/cpu: Implement CPU vulnerabilites sysfs functions Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 24/76] x86/spectre: Add boot time option to select Spectre v2 mitigation Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 32/76] x86/retpoline: Fill return stack buffer on vmexit Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 29/76] x86/retpoline/xen: Convert Xen hypercall indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 15/76] x86/alternatives: Make optimize_nops() interrupt safe and synced Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 53/76] x86: Implement array_index_mask_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 57/76] vfs, fdtable: Prevent bounds-check bypass via speculative execution Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 63/76] x86/retpoline: Avoid retpolines for built-in __init functions Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 70/76] nospec: Include <asm/barrier.h> dependency Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 59/76] x86/spectre: Report get_user mitigation for spectre_v1 Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 44/76] KVM: x86: Make indirect calls in emulator speculation safe Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 64/76] x86/spectre: Simplify spectre_v2 command line parsing Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 07/76] x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 60/76] x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 23/76] x86/retpoline: Add initial retpoline support Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 02/76] x86/Documentation: Add PTI description Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 61/76] x86/paravirt: Remove 'noreplace-paravirt' cmdline option Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 27/76] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 62/76] x86/kvm: Update spectre-v1 mitigation Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 34/76] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 25/76] x86/retpoline/crypto: Convert crypto assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 39/76] x86/retpoline: Optimize inline assembler for vmexit_fill_RSB Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 76/76] x86: fix build warnign with 32-bit PAE Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 47/76] x86/nospec: Fix header guards names Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 48/76] x86/bugs: Drop one "mitigation" from dmesg Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 31/76] x86/retpoline/irq32: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 58/76] nl80211: Sanitize array index in parse_txq_params Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 68/76] nospec: Move array_index_nospec() parameter checking into separate macro Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 01/76] kvm: vmx: Scrub hardware GPRs at VM-exit Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 38/76] x86/pti: Document fix wrong index Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 30/76] x86/retpoline/checksum32: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 04/76] x86/cpufeatures: Make CPU bugs sticky Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 20/76] kconfig.h: use __is_defined() to check if MODULE is defined Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 69/76] nospec: Kill array_index_nospec_mask_check() Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 41/76] x86/retpoline: Fill RSB on context switch for affected CPUs Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 46/76] module/retpoline: Warn about missing retpoline in module Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 65/76] x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 72/76] x86: fix SMAP in 32-bit environments Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 67/76] x86/spectre: Fix an error message Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 16/76] x86/alternatives: Fix optimize_nops() checking Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 28/76] x86/retpoline/hyperv: Convert assembler indirect jumps Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 21/76] x86: Clean up current_stack_pointer Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 05/76] x86/cpufeatures: Add X86_BUG_CPU_INSECURE Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 42/76] x86/cpu: Change type of x86_cache_size variable to unsigned int Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 14/76] x86/alternatives: Fix ALTERNATIVE_2 padding generation properly Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 18/76] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 35/76] retpoline: Introduce start/end markers of indirect thunk Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 66/76] x86/cpufeatures: Clean up Spectre v2 related CPUID flags Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 43/76] x86/retpoline: Remove the esp/rsp thunk Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 36/76] kprobes/x86: Blacklist indirect thunk functions for kprobes Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 49/76] x86/cpu/bugs: Make retpoline module warning conditional Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 17/76] x86/cpu/AMD: Make LFENCE a serializing instruction Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 55/76] x86/get_user: Use pointer masking to limit speculation Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 40/76] x86/cpu/intel: Introduce macros for Intel family numbers Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 51/76] Documentation: Document array_index_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 09/76] x86/cpu: Merge bugs.c and bugs_64.c Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 22/76] x86/asm: Use register variable to get stack pointer value Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 45/76] KVM: VMX: Make indirect call speculation safe Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 33/76] x86/retpoline: Remove compile time warning Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 54/76] x86: Introduce barrier_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 75/76] x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 10/76] sysfs/cpu: Add vulnerability folder Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 08/76] x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 71/76] x86: reorganize SMAP handling in user space accesses Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 52/76] array_index_nospec: Sanitize speculative array de-references Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 56/76] x86/syscall: Sanitize syscall table de-references under speculation Ben Hutchings
2018-03-12 7:32 ` Jiri Slaby
2018-03-19 0:59 ` Ben Hutchings
2018-03-12 3:06 ` [PATCH 3.16 13/76] x86/alternatives: Guard NOPs optimization Ben Hutchings
2018-03-12 15:00 ` [PATCH 3.16 00/76] 3.16.56-rc1 review Guenter Roeck
2018-03-12 16:45 ` Guenter Roeck
2018-03-20 17:25 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1520823972.709477170@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=ananth@linux.vnet.ibm.com \
--cc=arjan@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox