From patchwork Mon Aug 14 10:00:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 135343 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp2661312vqi; Mon, 14 Aug 2023 04:01:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHbO45nKGDBdbRvvxf+ho+/okJKvMeTga8obC34NysopLQywh6iHuCV05B61Ajwel7mvIqS X-Received: by 2002:a05:6a20:3c8f:b0:126:f64b:6689 with SMTP id b15-20020a056a203c8f00b00126f64b6689mr10435587pzj.12.1692010868131; Mon, 14 Aug 2023 04:01:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692010868; cv=none; d=google.com; s=arc-20160816; b=qwHf55Kmua3h09wmk9FjLrJOeG3bKa4EBd7T3RUcqKVuo2Jq9134pW9tK1mzuum/w+ t8YB9QggCO6wfYcw/4tbFaLU2TXhgJknyW8U6KSypw900M+8qqDfbXOIWaSeq8FAEDy3 J5r8YujqrMKopdI3sLznVzi/RzEYuwsFczzX4yXQqkJ2l83vIsOOX4K2yrkiIMTuGdVE SXIo+buyogOo0Ix1QrM+HqPJFrjpLHIYwO2BLM7egdRyJGptj7fQBfFygkLNc8HktPQM Kyp78WNmmvgCKVPxIjIjh83gSX91PiaCshb0i09Lb2l2PGJiNyeE1sGgE6xlIKOuX1I4 QBxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=7yubJp/iJHeJZOGuTsfDsCZmWOOrPsxtOO4LmR2Irfw=; fh=UsQkdx46T5bp2zKC2kZVgT5vUyhA8bBI/B9ARril+oM=; b=0N6kC4ghKkFyDOWHGSy2c8wnzp/aqrLRoHiRDIuqHd1rDCG7W4VGpCdHQrtQz2WT9D QGBnmOpspX3wseLsq63vP39w02EMKh6v7mJZKFh1uXAuQqT7lAzf4pZsFRjcbMDTzcEj QLFaSUBtpCHFqjyjBF7ZwqhhgHkgvy3bP89jvPV9Cg+SMvE1PLwyJjswQxGoGHGVDVeq Gj5pkPHqYnJmgffVinAhMR2mDps8ogozXRntAoSEbpL/G9J2wURc/DE22k9c4SjupGq8 KldPRQK4AB25JH/wfZH8L42eEbIGOPPhB0yZXD2qjrJ9D9CjUlHDxBk04zzJ8PQ6wPi/ P9WQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Act1Bkvs; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k69-20020a636f48000000b00565bcc08f57si1511921pgc.751.2023.08.14.04.00.51; Mon, 14 Aug 2023 04:01:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=Act1Bkvs; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234237AbjHNKAp (ORCPT + 99 others); Mon, 14 Aug 2023 06:00:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234532AbjHNKA1 (ORCPT ); Mon, 14 Aug 2023 06:00:27 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73E2BE63; Mon, 14 Aug 2023 03:00:26 -0700 (PDT) Date: Mon, 14 Aug 2023 10:00:24 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1692007224; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7yubJp/iJHeJZOGuTsfDsCZmWOOrPsxtOO4LmR2Irfw=; b=Act1Bkvs/tenQlVBTrT/gzWR/wC1rNRVApjOo6e4bnIwKs3+UyWq8iSaIS8GQnHjdGLROz 9qBUn9uWqREgNr34rbChMYmmvvxOzp9LprCqEFmH7dmNoMtuTwf9qDZOO/WGETC1BO/6H4 DiZSrbAPdzjV7SO+aknkutzgGNSi+A7jyGCB9MRnu+dkPDdgJXrmBhnSvp6lFRU9+9Of/p Hvcn2kVIV4L5A1ANIuB35VsLybB4b9J47t+cO8625gwM5H4ILxdxiyHELQ4su9Tzq51fqq KWiDHlhXXALrcjvudhatonlrDN87ui+ddL6e/kqTKPZkLDxzHqdxDT4AyNgLkQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1692007224; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7yubJp/iJHeJZOGuTsfDsCZmWOOrPsxtOO4LmR2Irfw=; b=XC7RKdTZSjrdW5iuRiybjlICjHenwup+nRgQhX3NQXshsVVZdlv3d2S0HqX90b0EBtYJEc BfcPyfbaj4zAHKCQ== From: "tip-bot2 for Petr Pavlu" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT Cc: "Peter Zijlstra (Intel)" , "Masami Hiramatsu (Google)" , Petr Pavlu , "Borislav Petkov (AMD)" , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20230711091952.27944-3-petr.pavlu@suse.com> References: <20230711091952.27944-3-petr.pavlu@suse.com> MIME-Version: 1.0 Message-ID: <169200722405.27769.5064998979687602839.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771115884067835960 X-GMAIL-MSGID: 1774201987767773986 The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 833fd800bf56b74d39d71d3f5936dffb3e0409c6 Gitweb: https://git.kernel.org/tip/833fd800bf56b74d39d71d3f5936dffb3e0409c6 Author: Petr Pavlu AuthorDate: Tue, 11 Jul 2023 11:19:52 +02:00 Committer: Borislav Petkov (AMD) CommitterDate: Mon, 14 Aug 2023 11:46:51 +02:00 x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT The kprobes optimization check can_optimize() calls insn_is_indirect_jump() to detect indirect jump instructions in a target function. If any is found, creating an optprobe is disallowed in the function because the jump could be from a jump table and could potentially land in the middle of the target optprobe. With retpolines, insn_is_indirect_jump() additionally looks for calls to indirect thunks which the compiler potentially used to replace original jumps. This extra check is however unnecessary because jump tables are disabled when the kernel is built with retpolines. The same is currently the case with IBT. Based on this observation, remove the logic to look for calls to indirect thunks and skip the check for indirect jumps altogether if the kernel is built with retpolines or IBT. Remove subsequently the symbols __indirect_thunk_start and __indirect_thunk_end which are no longer needed. Dropping this logic indirectly fixes a problem where the range [__indirect_thunk_start, __indirect_thunk_end] wrongly included also the return thunk. It caused that machines which used the return thunk as a mitigation and didn't have it patched by any alternative ended up not being able to use optprobes in any regular function. Fixes: 0b53c374b9ef ("x86/retpoline: Use -mfunction-return") Suggested-by: Peter Zijlstra (Intel) Suggested-by: Masami Hiramatsu (Google) Signed-off-by: Petr Pavlu Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Borislav Petkov (AMD) Acked-by: Masami Hiramatsu (Google) Link: https://lore.kernel.org/r/20230711091952.27944-3-petr.pavlu@suse.com --- arch/x86/include/asm/nospec-branch.h | 3 +-- arch/x86/kernel/kprobes/opt.c | 40 ++++++++++----------------- arch/x86/kernel/vmlinux.lds.S | 2 +- tools/perf/util/thread-stack.c | 4 +--- 4 files changed, 17 insertions(+), 32 deletions(-) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 3faf044..e50db53 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -478,9 +478,6 @@ enum ssb_mitigation { SPEC_STORE_BYPASS_SECCOMP, }; -extern char __indirect_thunk_start[]; -extern char __indirect_thunk_end[]; - static __always_inline void alternative_msr_write(unsigned int msr, u64 val, unsigned int feature) { diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c index 57b0037..517821b 100644 --- a/arch/x86/kernel/kprobes/opt.c +++ b/arch/x86/kernel/kprobes/opt.c @@ -226,7 +226,7 @@ static int copy_optimized_instructions(u8 *dest, u8 *src, u8 *real) } /* Check whether insn is indirect jump */ -static int __insn_is_indirect_jump(struct insn *insn) +static int insn_is_indirect_jump(struct insn *insn) { return ((insn->opcode.bytes[0] == 0xff && (X86_MODRM_REG(insn->modrm.value) & 6) == 4) || /* Jump */ @@ -260,26 +260,6 @@ static int insn_jump_into_range(struct insn *insn, unsigned long start, int len) return (start <= target && target <= start + len); } -static int insn_is_indirect_jump(struct insn *insn) -{ - int ret = __insn_is_indirect_jump(insn); - -#ifdef CONFIG_RETPOLINE - /* - * Jump to x86_indirect_thunk_* is treated as an indirect jump. - * Note that even with CONFIG_RETPOLINE=y, the kernel compiled with - * older gcc may use indirect jump. So we add this check instead of - * replace indirect-jump check. - */ - if (!ret) - ret = insn_jump_into_range(insn, - (unsigned long)__indirect_thunk_start, - (unsigned long)__indirect_thunk_end - - (unsigned long)__indirect_thunk_start); -#endif - return ret; -} - /* Decode whole function to ensure any instructions don't jump into target */ static int can_optimize(unsigned long paddr) { @@ -334,9 +314,21 @@ static int can_optimize(unsigned long paddr) /* Recover address */ insn.kaddr = (void *)addr; insn.next_byte = (void *)(addr + insn.length); - /* Check any instructions don't jump into target */ - if (insn_is_indirect_jump(&insn) || - insn_jump_into_range(&insn, paddr + INT3_INSN_SIZE, + /* + * Check any instructions don't jump into target, indirectly or + * directly. + * + * The indirect case is present to handle a code with jump + * tables. When the kernel uses retpolines, the check should in + * theory additionally look for jumps to indirect thunks. + * However, the kernel built with retpolines or IBT has jump + * tables disabled so the check can be skipped altogether. + */ + if (!IS_ENABLED(CONFIG_RETPOLINE) && + !IS_ENABLED(CONFIG_X86_KERNEL_IBT) && + insn_is_indirect_jump(&insn)) + return 0; + if (insn_jump_into_range(&insn, paddr + INT3_INSN_SIZE, DISP32_SIZE)) return 0; addr += insn.length; diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index dfb8783..8e2a306 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -133,10 +133,8 @@ SECTIONS KPROBES_TEXT SOFTIRQENTRY_TEXT #ifdef CONFIG_RETPOLINE - __indirect_thunk_start = .; *(.text..__x86.indirect_thunk) *(.text..__x86.return_thunk) - __indirect_thunk_end = .; #endif STATIC_CALL_TEXT diff --git a/tools/perf/util/thread-stack.c b/tools/perf/util/thread-stack.c index 374d142..c6a0a27 100644 --- a/tools/perf/util/thread-stack.c +++ b/tools/perf/util/thread-stack.c @@ -1038,9 +1038,7 @@ static int thread_stack__trace_end(struct thread_stack *ts, static bool is_x86_retpoline(const char *name) { - const char *p = strstr(name, "__x86_indirect_thunk_"); - - return p == name || !strcmp(name, "__indirect_thunk_start"); + return strstr(name, "__x86_indirect_thunk_") == name; } /*