From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752658AbeAJUzv (ORCPT + 1 other); Wed, 10 Jan 2018 15:55:51 -0500 Received: from mx1.redhat.com ([209.132.183.28]:37846 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752108AbeAJUzt (ORCPT ); Wed, 10 Jan 2018 15:55:49 -0500 Date: Wed, 10 Jan 2018 14:55:46 -0600 From: Josh Poimboeuf To: Linus Torvalds Cc: Thomas Gleixner , Borislav Petkov , David Woodhouse , Andi Kleen , the arch/x86 maintainers , Linux Kernel Mailing List , Paul Turner , Andrew Lutomirski , Peter Zijlstra , Tom Lendacky , Tim Chen , Greg Kroah-Hartman , Dave Hansen , Jiri Kosina , Andi Kleen Subject: Re: [PATCH] x86/alternatives: Fix optimize_nops() checking Message-ID: <20180110205546.qn5kjil7icibfnkk@treble> References: <20180110003139.10531-1-andi@firstfloor.org> <1515568506.22302.72.camel@infradead.org> <1515578735.22302.91.camel@infradead.org> <20180110112815.mgciyf5acwacphkq@pd.tnic> <20180110201532.5jnji6ypfl6slzvb@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.0.1 (2016-04-01) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 10 Jan 2018 20:55:49 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Wed, Jan 10, 2018 at 12:26:25PM -0800, Linus Torvalds wrote: > On Wed, Jan 10, 2018 at 12:15 PM, Josh Poimboeuf wrote: > > > > I think .altinstruction relocations *do* work if they're for the first > > instruction, and it's a jump or a call. > > Yes - for the alternative that is in-line - not in the "altinstruction" section. > > Because then the alternative is in the right spot at link-time already. > > But the "altinstruction" section definitely should not have > relocations. I misspoke, it's really .altinstr_replacement which has the replacement instructions. And it has a bunch of relocations: Relocation section [ 8] '.rela.altinstr_replacement' for section [ 7] '.altinstr_replacement' at offset 0x14439710 contains 355 entries: > I guess you could hack them up by hand by explicitly > trying to take the difference between the non-altinstruction and the > altinstruction into account, but it would be error-prone and fragile > as hell. apply_alternatives() already does that today. It actually seems pretty solid, except for the whole "only works on the first instruction" thing. > > I think Boris had a patch floating around to add an instruction decoder > > to alternatives, so you can do a call/jmp anywhere. > > .. and no, we're not doing that. Christ. > > People, we need to try to be *robust* here. That's doubly (triply!) > true of things like altinstructions where people - very much by design > - won't even *test* the alternatives very much, because very much by > design the altinstructions are only used on certain architectures or > in certain situations. > > And we almost certainly don't actuially _need_ relocations. But we > need to protect against the "oops, I didn't realize" issue, exactly > because testing won't actually catch the odd cases. If we need objtool to detect them, it's certainly possible. But maybe I missed the previous discussion -- what's the, um, alternative to relocations, when we have calls and jumps being patched in? > Because we don't want to be in the situation where some random poor > user hits it because they have an old CPU that no developer has, and > then the relocation will basically do completely random things. > > Imagine just how crazy that would be to debug. You'd be basically > executing insane code, and looking at the sources - or even the > binaries - it would _look_ completely sane. Well, I think we already made that deal with the devil when we added alternatives/paravirt/smp_locks/jump_labels/kprobes/ftrace/bpf, etc. -- Josh