From patchwork Wed Jul 5 08:15:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Pavlu X-Patchwork-Id: 116014 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp1712156vqx; Wed, 5 Jul 2023 01:22:55 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7f4kEgdAaJe6NP+nc/rgYwQ67sdV9bV/Qn6JmqNNSfBAVjL3euXe4+iABv8Dpct/hQZSu7 X-Received: by 2002:a05:6808:cf:b0:3a3:6f96:f15f with SMTP id t15-20020a05680800cf00b003a36f96f15fmr16940705oic.15.1688545375193; Wed, 05 Jul 2023 01:22:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688545375; cv=none; d=google.com; s=arc-20160816; b=Q2Cw6VhVsR6wtYHsUf0IOskcCZ3OV/EB/vH2MXkFD//f9S+7/qeD67/80yBMo9yxXx onDYgG0YbiDiZX8o9JKlSHYMe7ul50pVvFVSDUjusYNl8g+DAiIGad1/wyC7wLAskU3f 6L1Pu9JVd2M6YcyDWK9FixGIJiTlhNpNW1/0IYB66JFhRyVmoa0swcgChVKP6CPqaNaF 1C/3PUY+Z2G4iK8cT/l+BWHfE2m0XSa6ez574lCRn5gCE//7MLMq7oofkm+lYmADEUJl d6ZPXbq+nLRpY8gA36W1acJ5GhXETI3hwqZnbdaQ2yCCUX6gU2H7pLPEslhstGIFcRyc n3Lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=s/QzpkL3eR+kFPIlxO/QnNZXPq02PnM7/83/wB+Buqo=; fh=0O98agOWVTMBlhblyp3LdgZ7jaycVCLoJUIynkR6B0M=; b=gOsLEMvvYlg6hKCBUTUO04HInbbxSxT/psI2Re7ciRJqrt/sqBBhgDZREaKw0Livo4 7FZgsA6N8mfzE5DOoJyg2fp3tCPhUCRvztVwJ8uw6Z2xspgMUHZExfTjC1qtToYsWsE7 86L7hqJnLHQAKkKtZydWKk1qUicoeDZ+qQWJZDvhjKtW+uWRrIYJWnYT42EmS4fMJqWL gRX1nsYACtFJ3hJT2IVhr2arYfkakz7YhJl7smMAw+4+r9vlhV7ULBJ8dWXqZWN0Vx+4 Ha7khxJsayq/TRRf/NqOEAPk4Ts+6uzFgbSpssxplTH72/pzOLv4kmoTapGNjo6tO52J Ritw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=FAZFennV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ms13-20020a17090b234d00b00263cdc45e92si1171432pjb.28.2023.07.05.01.22.41; Wed, 05 Jul 2023 01:22:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=FAZFennV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232467AbjGEIQY (ORCPT + 99 others); Wed, 5 Jul 2023 04:16:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42380 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232448AbjGEIQS (ORCPT ); Wed, 5 Jul 2023 04:16:18 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEA3918B; Wed, 5 Jul 2023 01:16:16 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 98DCF22759; Wed, 5 Jul 2023 08:16:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1688544975; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s/QzpkL3eR+kFPIlxO/QnNZXPq02PnM7/83/wB+Buqo=; b=FAZFennVRgNkYCRDDJU9ZhrrAp82fkJ2zEP01TDygpvCy8slWxBMR+EyBGjKYnyajVvSL3 MjGsr8ArVQPdVltVmQOmVfYkpvhBiaK9lCNrmSDdgGONonbdH6zAAp32LBYxvXGSq45lpU WH34QBGfpHsEdryD9d1HjVKTuKUH9uw= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 684FE13460; Wed, 5 Jul 2023 08:16:15 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 0CKkGM8mpWRkRwAAMHmgww (envelope-from ); Wed, 05 Jul 2023 08:16:15 +0000 From: Petr Pavlu To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, mhiramat@kernel.org Cc: peterz@infradead.org, samitolvanen@google.com, x86@kernel.org, linux-trace-kernel@vger.kernel.org, linux-kernel@vger.kernel.org, Petr Pavlu Subject: [PATCH 1/2] x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG Date: Wed, 5 Jul 2023 10:15:46 +0200 Message-Id: <20230705081547.25130-2-petr.pavlu@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230705081547.25130-1-petr.pavlu@suse.com> References: <20230705081547.25130-1-petr.pavlu@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770568155159034495?= X-GMAIL-MSGID: =?utf-8?q?1770568155159034495?= Linker script arch/x86/kernel/vmlinux.lds.S matches the thunk sections ".text.__x86.*" from arch/x86/lib/retpoline.S as follows: .text { [...] TEXT_TEXT [...] __indirect_thunk_start = .; *(.text.__x86.*) __indirect_thunk_end = .; [...] } Macro TEXT_TEXT references TEXT_MAIN which normally expands to only ".text". However, with CONFIG_LTO_CLANG, TEXT_MAIN becomes ".text .text.[0-9a-zA-Z_]*" which wrongly matches also the thunk sections. The range [__indirect_thunk_start, __indirect_thunk_end] is then empty. A visible result is that function insn_is_indirect_jump() misbehaves and optprobes become allowed in functions where they are not potentially safe. Fix the problem by using ".." as the first separator, for instance, ".text..__x86.indirect_thunk". This pattern is utilized by other explicit section names which start with one of the standard prefixes, such as ".text" or ".data", and that need to be individually selected in the linker script. Fixes: dc5723b02e52 ("kbuild: add support for Clang LTO") Signed-off-by: Petr Pavlu Acked-by: Peter Zijlstra (Intel) --- arch/x86/kernel/vmlinux.lds.S | 2 +- arch/x86/lib/retpoline.S | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 03c885d3640f..a4cd04c458df 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -134,7 +134,7 @@ SECTIONS SOFTIRQENTRY_TEXT #ifdef CONFIG_RETPOLINE __indirect_thunk_start = .; - *(.text.__x86.*) + *(.text..__x86.*) __indirect_thunk_end = .; #endif STATIC_CALL_TEXT diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 3fd066d42ec0..3bea96341d00 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -12,7 +12,7 @@ #include #include - .section .text.__x86.indirect_thunk + .section .text..__x86.indirect_thunk .macro POLINE reg @@ -131,7 +131,7 @@ SYM_CODE_END(__x86_indirect_jump_thunk_array) */ #ifdef CONFIG_RETHUNK - .section .text.__x86.return_thunk + .section .text..__x86.return_thunk /* * Safety details here pertain to the AMD Zen{1,2} microarchitecture: From patchwork Wed Jul 5 08:15:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Pavlu X-Patchwork-Id: 116024 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp1718480vqx; Wed, 5 Jul 2023 01:39:33 -0700 (PDT) X-Google-Smtp-Source: APBJJlFOLNb4W9c4c4dnKUwbSoDL0mFab8i6WBH5goAsy3GS2Y3WaZh5DcsPKoIv9Rxt81u6Ugnf X-Received: by 2002:a05:6a20:7488:b0:12d:b8d1:8af4 with SMTP id p8-20020a056a20748800b0012db8d18af4mr2052317pzd.27.1688546373001; Wed, 05 Jul 2023 01:39:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688546372; cv=none; d=google.com; s=arc-20160816; b=eTnEfukIwcWzIfJ/OYqr1M8DYIK28AviHd3yMFgLLU0O65l2JYPOwEMoUPr2jb09PS mrZ8fU/4syXY06hNbyakwIQ552fDSaGqVBf1rqUDMlEBIXpLwP2hMyEXLftLFiZVbQbI YJFDFPQOdA9gm86l0rqUcvBF5TMJaDj7tkY7lrtn5pI3s8Q//usRBs+V1H4Oiw/cVsPi UOX+fPjED5WsJVK4oY4JNYTL2QV5+dhY5d3Sd1jAq+mYUyLY7R/P7XQjxMQAZE4tuE7P Rw4DSqVrahX52kSr7Ji/gclRDczf7PyRr/SU/FSLiUQ6QmYZ0u2hY/BdRHpDOwalmut5 dP1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=0hOZkiaa9JnI0suGAuM3VsHzueMi03hVGM0FgOVv79Y=; fh=b8DnsPAC+aJxBA/QjC6l92OP9PTMA5HDkXksZqlatKo=; b=r0uzD4OCSrkz7dTP7TNY4siZumcvaJtKZiicwsRpW+45hNYHFIx843SDGnwv8ENhV0 2Eg6UrjJOHmTCvsWPgvWQfsS9yGl6ZRBDXsY1wnFoPskLfwT8x1NoaOGzbFpI360Vsc1 WM/podybawn9Ku9ePwJ74LVDo9m52lojRKC5v/GPIWKr2j2kUqk43fU4AzGhE9osT4Hn P0TNBNOOX/0LhUHir9eGcHN2UhL6qupsksquTp3gDMfXX4RFHH9Nca/z8wZTb1fem0v2 xpJhNAr2sM7X2CHsBBDGTOeoUCG2a8phN0KnmBuPBV/z2PYWRW2+G2XM8YOATnuvqwdS yhBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=nM+FWWBA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r188-20020a632bc5000000b0055b6a7a2ab7si11313670pgr.573.2023.07.05.01.39.18; Wed, 05 Jul 2023 01:39:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=nM+FWWBA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232483AbjGEIQ2 (ORCPT + 99 others); Wed, 5 Jul 2023 04:16:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232462AbjGEIQV (ORCPT ); Wed, 5 Jul 2023 04:16:21 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8ABD71713; Wed, 5 Jul 2023 01:16:20 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id E347A1F889; Wed, 5 Jul 2023 08:16:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1688544978; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0hOZkiaa9JnI0suGAuM3VsHzueMi03hVGM0FgOVv79Y=; b=nM+FWWBATWfL2hWk4s7nl9bgt0kePDEsoiGbUXhKk9CFM/eYKnBdKBrs8aSKPQ9Xyo5pG5 YZ/zhzhVo7AHSK8+LgsO1KivA2aD2aoGDx1nExx8RhdsqnXNmiX0qmEfXxLCqUywVQrQYc 9/mzjKLIWsGmO6ITFENaPw/5Kou4Pbo= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id AF7BC13460; Wed, 5 Jul 2023 08:16:18 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 2CIcKtImpWRkRwAAMHmgww (envelope-from ); Wed, 05 Jul 2023 08:16:18 +0000 From: Petr Pavlu To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, mhiramat@kernel.org Cc: peterz@infradead.org, samitolvanen@google.com, x86@kernel.org, linux-trace-kernel@vger.kernel.org, linux-kernel@vger.kernel.org, Petr Pavlu Subject: [PATCH 2/2] x86/retpoline,kprobes: Avoid treating rethunk as an indirect jump Date: Wed, 5 Jul 2023 10:15:47 +0200 Message-Id: <20230705081547.25130-3-petr.pavlu@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230705081547.25130-1-petr.pavlu@suse.com> References: <20230705081547.25130-1-petr.pavlu@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770569201214245165?= X-GMAIL-MSGID: =?utf-8?q?1770569201214245165?= Functions can_optimize() and insn_is_indirect_jump() consider jumps to the range [__indirect_thunk_start, __indirect_thunk_end] as indirect jumps and prevent use of optprobes in functions containing them. Linker script arch/x86/kernel/vmlinux.lds.S places into this range also the special section .text.__x86.return_thunk which contains the return thunk. It causes that machines which use the return thunk as a mitigation and don't have it patched by any alternative then end up not being able to use optprobes in any regular function. The return thunk doesn't need to be treated as an indirect jump from the perspective of insn_is_indirect_jump(). It returns to a caller and cannot land into an optprobe jump operand which is the purpose of the insn_is_indirect_jump() check. Fix the problem by defining the symbols __indirect_thunk_start and __indirect_thunk_end directly in arch/x86/lib/retpoline.S. This is possible because commit 9bc0bb50727c ("objtool/x86: Rewrite retpoline thunk calls") made all indirect thunks present in a single section. Fixes: 0b53c374b9ef ("x86/retpoline: Use -mfunction-return") Signed-off-by: Petr Pavlu --- arch/x86/kernel/vmlinux.lds.S | 2 -- arch/x86/lib/retpoline.S | 4 ++++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index a4cd04c458df..dd5b0a68cf84 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -133,9 +133,7 @@ SECTIONS KPROBES_TEXT SOFTIRQENTRY_TEXT #ifdef CONFIG_RETPOLINE - __indirect_thunk_start = .; *(.text..__x86.*) - __indirect_thunk_end = .; #endif STATIC_CALL_TEXT diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 3bea96341d00..f45a3e7f776f 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -14,6 +14,7 @@ .section .text..__x86.indirect_thunk +SYM_ENTRY(__indirect_thunk_start, SYM_L_GLOBAL, SYM_A_NONE) .macro POLINE reg ANNOTATE_INTRA_FUNCTION_CALL @@ -125,6 +126,9 @@ SYM_CODE_END(__x86_indirect_jump_thunk_array) #include #undef GEN #endif + +SYM_ENTRY(__indirect_thunk_end, SYM_L_GLOBAL, SYM_A_NONE) + /* * This function name is magical and is used by -mfunction-return=thunk-extern * for the compiler to generate JMPs to it.