All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] x86: Disable kernel stack offset randomization for !TSC
@ 2023-01-08 19:42 Maciej W. Rozycki
  2023-01-08 19:55 ` Borislav Petkov
  0 siblings, 1 reply; 6+ messages in thread
From: Maciej W. Rozycki @ 2023-01-08 19:42 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
	H. Peter Anvin
  Cc: x86, linux-kernel

For x86 kernel stack offset randomization uses the RDTSC instruction, 
which causes an invalid opcode exception with hardware that does not 
implement this instruction:

process '/sbin/init' started with executable stack
invalid opcode: 0000 [#1]
CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc4+ #1
EIP: exit_to_user_mode_prepare+0x90/0xe1
Code: 30 02 00 75 ad 0f ba e3 16 73 05 e8 a7 a5 fc ff 0f ba e3 0e 73 05 e8 3e af fc ff a1 c4 c6 51 c0 85 c0 7e 13 8b 0d ac 01 53 c0 <0f> 31 0f b6 c0 31 c1 89 0d ac 01 53 c0 83 3d 30 ed 62 c0 00 75 33
EAX: 00000001 EBX: 00004000 ECX: 00000000 EDX: 000004ff
ESI: c10253c0 EDI: 00000000 EBP: c1027f98 ESP: c1027f8c
DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010002
CR0: 80050033 CR2: bfe8659b CR3: 012e0000 CR4: 00000000
Call Trace:
 ? rest_init+0x72/0x72
 syscall_exit_to_user_mode+0x15/0x27
 ret_from_fork+0x10/0x30
EIP: 0xb7f74800
Code: Unable to access opcode bytes at 0xb7f747d6.
EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: bfe864b0
DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 007b EFLAGS: 00000200
---[ end trace 0000000000000000 ]---
EIP: exit_to_user_mode_prepare+0x90/0xe1
Code: 30 02 00 75 ad 0f ba e3 16 73 05 e8 a7 a5 fc ff 0f ba e3 0e 73 05 e8 3e af fc ff a1 c4 c6 51 c0 85 c0 7e 13 8b 0d ac 01 53 c0 <0f> 31 0f b6 c0 31 c1 89 0d ac 01 53 c0 83 3d 30 ed 62 c0 00 75 33
EAX: 00000001 EBX: 00004000 ECX: 00000000 EDX: 000004ff
ESI: c10253c0 EDI: 00000000 EBP: c1027f98 ESP: c1027f8c
DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010002
CR0: 80050033 CR2: b7f747d6 CR3: 012e0000 CR4: 00000000
Kernel panic - not syncing: Fatal exception

Therefore do not offer the option for CPU configurations that do not 
guarantee the presence of this instruction.

Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
---
 arch/x86/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

linux-x86-randomize-kstack-offset-tsc.diff
Index: linux-macro/arch/x86/Kconfig
===================================================================
--- linux-macro.orig/arch/x86/Kconfig
+++ linux-macro/arch/x86/Kconfig
@@ -186,7 +186,7 @@ config X86
 	select HAVE_ARCH_USERFAULTFD_WP         if X86_64 && USERFAULTFD
 	select HAVE_ARCH_USERFAULTFD_MINOR	if X86_64 && USERFAULTFD
 	select HAVE_ARCH_VMAP_STACK		if X86_64
-	select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
+	select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET	if X86_TSC
 	select HAVE_ARCH_WITHIN_STACK_FRAMES
 	select HAVE_ASM_MODVERSIONS
 	select HAVE_CMPXCHG_DOUBLE

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] x86: Disable kernel stack offset randomization for !TSC
  2023-01-08 19:42 [PATCH] x86: Disable kernel stack offset randomization for !TSC Maciej W. Rozycki
@ 2023-01-08 19:55 ` Borislav Petkov
  2023-01-08 20:04   ` Maciej W. Rozycki
  2023-01-13 23:53   ` Kees Cook
  0 siblings, 2 replies; 6+ messages in thread
From: Borislav Petkov @ 2023-01-08 19:55 UTC (permalink / raw)
  To: Maciej W. Rozycki
  Cc: Thomas Gleixner, Ingo Molnar, Dave Hansen, H. Peter Anvin, x86,
	linux-kernel, Kees Cook

On Sun, Jan 08, 2023 at 07:42:54PM +0000, Maciej W. Rozycki wrote:
> For x86 kernel stack offset randomization uses the RDTSC instruction, 
> which causes an invalid opcode exception with hardware that does not 
> implement this instruction:

Out of pure curiosity, what hw is that?

Also, I guess the fix should be something like this instead:

---
diff --git a/arch/x86/include/asm/entry-common.h b/arch/x86/include/asm/entry-common.h
index 117903881fe4..57b372ca6ce7 100644
--- a/arch/x86/include/asm/entry-common.h
+++ b/arch/x86/include/asm/entry-common.h
@@ -85,7 +85,8 @@ static inline void arch_exit_to_user_mode_prepare(struct pt_regs *regs,
 	 * Therefore, final stack offset entropy will be 5 (x86_64) or
 	 * 6 (ia32) bits.
 	 */
-	choose_random_kstack_offset(rdtsc() & 0xFF);
+	if (cpu_feature_enabled(X86_FEATURE_TSC))
+		choose_random_kstack_offset(rdtsc() & 0xFF);
 }
 #define arch_exit_to_user_mode_prepare arch_exit_to_user_mode_prepare
 


-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] x86: Disable kernel stack offset randomization for !TSC
  2023-01-08 19:55 ` Borislav Petkov
@ 2023-01-08 20:04   ` Maciej W. Rozycki
  2023-01-08 20:11     ` Borislav Petkov
  2023-01-13 23:53   ` Kees Cook
  1 sibling, 1 reply; 6+ messages in thread
From: Maciej W. Rozycki @ 2023-01-08 20:04 UTC (permalink / raw)
  To: Borislav Petkov
  Cc: Thomas Gleixner, Ingo Molnar, Dave Hansen, H. Peter Anvin, x86,
	linux-kernel, Kees Cook

On Sun, 8 Jan 2023, Borislav Petkov wrote:

> > For x86 kernel stack offset randomization uses the RDTSC instruction, 
> > which causes an invalid opcode exception with hardware that does not 
> > implement this instruction:
> 
> Out of pure curiosity, what hw is that?

processor	: 0
vendor_id	: GenuineIntel
cpu family	: 4
model		: 3
model name	: 486 DX/2
stepping	: 5
fdiv_bug	: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 1
wp		: yes
flags		: fpu vme cpuid
bugs		: itlb_multihit
bogomips	: 32.35
clflush size	: 32
cache_alignment	: 32
address sizes	: 32 bits physical, 32 bits virtual
power management:

> Also, I guess the fix should be something like this instead:
> 
> ---
> diff --git a/arch/x86/include/asm/entry-common.h b/arch/x86/include/asm/entry-common.h
> index 117903881fe4..57b372ca6ce7 100644
> --- a/arch/x86/include/asm/entry-common.h
> +++ b/arch/x86/include/asm/entry-common.h
> @@ -85,7 +85,8 @@ static inline void arch_exit_to_user_mode_prepare(struct pt_regs *regs,
>  	 * Therefore, final stack offset entropy will be 5 (x86_64) or
>  	 * 6 (ia32) bits.
>  	 */
> -	choose_random_kstack_offset(rdtsc() & 0xFF);
> +	if (cpu_feature_enabled(X86_FEATURE_TSC))
> +		choose_random_kstack_offset(rdtsc() & 0xFF);

 I'll check if that works, thanks for the suggestion.

  Maciej

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] x86: Disable kernel stack offset randomization for !TSC
  2023-01-08 20:04   ` Maciej W. Rozycki
@ 2023-01-08 20:11     ` Borislav Petkov
  2023-01-08 20:39       ` Maciej W. Rozycki
  0 siblings, 1 reply; 6+ messages in thread
From: Borislav Petkov @ 2023-01-08 20:11 UTC (permalink / raw)
  To: Maciej W. Rozycki
  Cc: Thomas Gleixner, Ingo Molnar, Dave Hansen, H. Peter Anvin, x86,
	linux-kernel, Kees Cook

On Sun, Jan 08, 2023 at 08:04:14PM +0000, Maciej W. Rozycki wrote:
> processor	: 0
> vendor_id	: GenuineIntel
> cpu family	: 4
> model		: 3
> model name	: 486 DX/2
> stepping	: 5

Real hw?

If so, LOL, amazing that a box like that still even boots.

A modern phone is likely orders of magnitudes more powerful than this relic.

:-)

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] x86: Disable kernel stack offset randomization for !TSC
  2023-01-08 20:11     ` Borislav Petkov
@ 2023-01-08 20:39       ` Maciej W. Rozycki
  0 siblings, 0 replies; 6+ messages in thread
From: Maciej W. Rozycki @ 2023-01-08 20:39 UTC (permalink / raw)
  To: Borislav Petkov
  Cc: Thomas Gleixner, Ingo Molnar, Dave Hansen, H. Peter Anvin, x86,
	linux-kernel, Kees Cook

On Sun, 8 Jan 2023, Borislav Petkov wrote:

> > processor	: 0
> > vendor_id	: GenuineIntel
> > cpu family	: 4
> > model		: 3
> > model name	: 486 DX/2
> > stepping	: 5
> 
> Real hw?
> 
> If so, LOL, amazing that a box like that still even boots.

 Why?  I have slower non-x86 hardware that boots current Linux.  This box 
at least has 128MiB of RAM (I still look forward to doubling it if I find 
the right modules) and boots quite quickly.  It's portable (luggable) too.

> A modern phone is likely orders of magnitudes more powerful than this relic.

 It doesn't provide the environment to verify that EISA FDDI networking 
(defxx.c) continues to operate as expected though.

  Maciej

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] x86: Disable kernel stack offset randomization for !TSC
  2023-01-08 19:55 ` Borislav Petkov
  2023-01-08 20:04   ` Maciej W. Rozycki
@ 2023-01-13 23:53   ` Kees Cook
  1 sibling, 0 replies; 6+ messages in thread
From: Kees Cook @ 2023-01-13 23:53 UTC (permalink / raw)
  To: Borislav Petkov
  Cc: Maciej W. Rozycki, Thomas Gleixner, Ingo Molnar, Dave Hansen,
	H. Peter Anvin, x86, linux-kernel

On Sun, Jan 08, 2023 at 08:55:06PM +0100, Borislav Petkov wrote:
> On Sun, Jan 08, 2023 at 07:42:54PM +0000, Maciej W. Rozycki wrote:
> > For x86 kernel stack offset randomization uses the RDTSC instruction, 
> > which causes an invalid opcode exception with hardware that does not 
> > implement this instruction:
> 
> Out of pure curiosity, what hw is that?
> 
> Also, I guess the fix should be something like this instead:
> 
> ---
> diff --git a/arch/x86/include/asm/entry-common.h b/arch/x86/include/asm/entry-common.h
> index 117903881fe4..57b372ca6ce7 100644
> --- a/arch/x86/include/asm/entry-common.h
> +++ b/arch/x86/include/asm/entry-common.h
> @@ -85,7 +85,8 @@ static inline void arch_exit_to_user_mode_prepare(struct pt_regs *regs,
>  	 * Therefore, final stack offset entropy will be 5 (x86_64) or
>  	 * 6 (ia32) bits.
>  	 */
> -	choose_random_kstack_offset(rdtsc() & 0xFF);
> +	if (cpu_feature_enabled(X86_FEATURE_TSC))
> +		choose_random_kstack_offset(rdtsc() & 0xFF);
>  }
>  #define arch_exit_to_user_mode_prepare arch_exit_to_user_mode_prepare

I think probably the entire feature should just be disabled in early
boot, checking for TSC, and then using:

	if (!cpu_feature_enabled(X86_FEATURE_TSC))
		static_branch_disable(&randomize_kstack_offset);

I'm not sure the best place to put that where it's early but late enough
that static branches are working...

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2023-01-13 23:53 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-08 19:42 [PATCH] x86: Disable kernel stack offset randomization for !TSC Maciej W. Rozycki
2023-01-08 19:55 ` Borislav Petkov
2023-01-08 20:04   ` Maciej W. Rozycki
2023-01-08 20:11     ` Borislav Petkov
2023-01-08 20:39       ` Maciej W. Rozycki
2023-01-13 23:53   ` Kees Cook

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.