From patchwork Sat Dec 16 12:58:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 179846 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:24d3:b0:fb:cd0c:d3e with SMTP id r19csp203446dyi; Sat, 16 Dec 2023 05:00:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IHd7twjzwmv5S5CDAh4ogNiUFwXEoAHfgdOVRClicrcMmRUIwIniPlAWgFQrdbqgpyqrmOB X-Received: by 2002:a05:6a21:81af:b0:18c:44d3:d314 with SMTP id pd47-20020a056a2181af00b0018c44d3d314mr12943399pzb.10.1702731640701; Sat, 16 Dec 2023 05:00:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702731640; cv=none; d=google.com; s=arc-20160816; b=vz+DqDBl01nTxOON4U7rndJBe5Exh/LM5jOZKK5g1LwqQv4DuaNlB+/da+oC2tt17p 6qe1accIOnn1hzsjixvUj8B76drQhaq4XadR+qitaH9wxzc3E8GdtDPEgR/KY5ng4IXe 3g6gLEc11W5avAarJG9tXNL8mRqeZgFU0ZqRzgm1gV5ZSe4ea2aXEoD545i6GYk+VZaB ZZUGk/Ib35XMAvMd9Nlsp3CDGb13R3hmc4o8wo/SvF3v31iUg66lviPuShVj1FQr34sg PlRVrLG54qAi2H7SE9p3qINLgReTs867Aj8O9QTjpQdORanKxl658h2XQH0H1RWF69Yc rpEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:precedence:robot-unsubscribe:robot-id :message-id:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:references:in-reply-to:cc:subject:to:reply-to:sender :from:dkim-signature:dkim-signature:date; bh=sWTL02ik7kDn5fM6Msulg+dYgLYIyO6t+MXOT8Sr/W8=; fh=TW2biJnlA3iOl/N67eOimbASKXxPdywEZaN91+eg6X8=; b=CUHNdSceCymc0o9QaNjqvHKR+TavJ50P94GG9Y4P5Lh+EQ/EDd3kSuUvHGGwpq3yeU 9MJsG2J1omk2BhU5HuyKN5Av92IbaI5ZW048CVRfmsNxPwS4VaPIi9BX7ZbdhZYjHPRv ZcgwC/iDv6WUNec23avJCxjKTk159ZzybxGBb2ldyn6ttORnQ4Y7QefQc51Kq/dMgoqJ 4c6wIHeKgSr9BC97MO9oKP2ljJhJhUBYkHgKxzWGDJjTAmyWo/0dp7wXSCxLM+LFWAGP 3vmA0NWJH366oFHyDVWj+/yvxt3K9hSnoH2BqLUI5H9c5Yz8KjB6pvq6c4AktaAzaNpK 0MXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=IdnFIlEC; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel+bounces-2188-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2188-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id b12-20020a631b4c000000b005c6ac5b5fc8si14917106pgm.401.2023.12.16.05.00.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 Dec 2023 05:00:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-2188-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=IdnFIlEC; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel+bounces-2188-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2188-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id CDEE7B23E3F for ; Sat, 16 Dec 2023 12:59:37 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A918B2E413; Sat, 16 Dec 2023 12:59:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="IdnFIlEC"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="oQjA0Sjj" X-Original-To: linux-kernel@vger.kernel.org Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62D1714005; Sat, 16 Dec 2023 12:58:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Date: Sat, 16 Dec 2023 12:58:50 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1702731531; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sWTL02ik7kDn5fM6Msulg+dYgLYIyO6t+MXOT8Sr/W8=; b=IdnFIlEC6v6C7RRP9xecw1o+PryswOcAbnAskqkESHXpAed6is9xeU039qlvGF5cEku/0E HoI5GOD4K+N39H5mMB1KIhYwxI9X9t8uIt2zMuQxLDQ0pCLytwI7UzCEvGekClSGSDcvQA sOlZz9wpDOo9G3Dtqb/QdtfBGYQkghrN1T4iDroRVMaCIEBABzqaQgrPLIv/a+ysHT+osY TOBItk8peGjt2LCPsduw3pLACzj05DVLoVyaMYRi29aZD6MTcDbZt1MRJvAVio3+uB6/9Y yDJYk7mn7AyKAuDwKQRHJUUgWtaQPRP67yHwiH5IdETvv+HXzImxpvVlE7b3hg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1702731531; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sWTL02ik7kDn5fM6Msulg+dYgLYIyO6t+MXOT8Sr/W8=; b=oQjA0SjjJtI+Nvrq2ZFz/P4fCf0+YgBobOxrBxi9oVtjjD/r2vdMxnFGcPbeoexDxspnUr CqczHNmVZoZG/9DQ== From: "tip-bot2 for Thomas Gleixner" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/alternatives: Disable interrupts and sync when optimizing NOPs in place Cc: Paul Gortmaker , Thomas Gleixner , "Borislav Petkov (AMD)" , "Peter Zijlstra (Intel)" , stable@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <170273153061.398.13274192737128400603.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785443532985477328 X-GMAIL-MSGID: 1785443532985477328 The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 2dc4196138055eb0340231aecac4d78c2ec2bea5 Gitweb: https://git.kernel.org/tip/2dc4196138055eb0340231aecac4d78c2ec2bea5 Author: Thomas Gleixner AuthorDate: Thu, 07 Dec 2023 20:49:26 +01:00 Committer: Borislav Petkov (AMD) CommitterDate: Fri, 15 Dec 2023 19:34:42 +01:00 x86/alternatives: Disable interrupts and sync when optimizing NOPs in place apply_alternatives() treats alternatives with the ALT_FLAG_NOT flag set special as it optimizes the existing NOPs in place. Unfortunately, this happens with interrupts enabled and does not provide any form of core synchronization. So an interrupt hitting in the middle of the update and using the affected code path will observe a half updated NOP and crash and burn. The following 3 NOP sequence was observed to expose this crash halfway reliably under QEMU 32bit: 0x90 0x90 0x90 which is replaced by the optimized 3 byte NOP: 0x8d 0x76 0x00 So an interrupt can observe: 1) 0x90 0x90 0x90 nop nop nop 2) 0x8d 0x90 0x90 undefined 3) 0x8d 0x76 0x90 lea -0x70(%esi),%esi 4) 0x8d 0x76 0x00 lea 0x0(%esi),%esi Where only #1 and #4 are true NOPs. The same problem exists for 64bit obviously. Disable interrupts around this NOP optimization and invoke sync_core() before re-enabling them. Fixes: 270a69c4485d ("x86/alternative: Support relocations in alternatives") Reported-by: Paul Gortmaker Signed-off-by: Thomas Gleixner Signed-off-by: Borislav Petkov (AMD) Acked-by: Peter Zijlstra (Intel) Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/ZT6narvE%2BLxX%2B7Be@windriver.com --- arch/x86/kernel/alternative.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index fd44739..aae7456 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -255,6 +255,16 @@ static void __init_or_module noinline optimize_nops(u8 *instr, size_t len) } } +static void __init_or_module noinline optimize_nops_inplace(u8 *instr, size_t len) +{ + unsigned long flags; + + local_irq_save(flags); + optimize_nops(instr, len); + sync_core(); + local_irq_restore(flags); +} + /* * In this context, "source" is where the instructions are placed in the * section .altinstr_replacement, for example during kernel build by the @@ -438,7 +448,7 @@ void __init_or_module noinline apply_alternatives(struct alt_instr *start, * patch if feature is *NOT* present. */ if (!boot_cpu_has(a->cpuid) == !(a->flags & ALT_FLAG_NOT)) { - optimize_nops(instr, a->instrlen); + optimize_nops_inplace(instr, a->instrlen); continue; }