From: Rui Qi <qirui.001@bytedance.com>
To: bp@alien8.de, mingo@redhat.com, tglx@linutronix.de,
hpa@zytor.com, jpoimboe@redhat.com, peterz@infradead.org,
mbenes@suse.cz, gregkh@linuxfoundation.org,
stable@vger.kernel.org, alexandre.chartre@oracle.com
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
Rui Qi <qirui.001@bytedance.com>
Subject: [PATCH 3/3] x86/speculation: Support intra-function call validation
Date: Mon, 26 Feb 2024 17:49:25 +0800 [thread overview]
Message-ID: <20240226094925.95835-4-qirui.001@bytedance.com> (raw)
In-Reply-To: <20240226094925.95835-1-qirui.001@bytedance.com>
commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER
to work with objtool") does not support intra-function call
stack validation, which causes kernel live patching to fail.
This commit adds support for this, and after testing, the kernel
live patching feature is restored to normal.
Fixes: 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool")
Signed-off-by: Rui Qi <qirui.001@bytedance.com>
---
arch/x86/include/asm/nospec-branch.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index c8819358a332..a88135c358c0 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -13,6 +13,8 @@
#include <asm/unwind_hints.h>
#include <asm/percpu.h>
+#include <linux/frame.h>
+#include <asm/unwind_hints.h>
/*
* This should be used immediately before a retpoline alternative. It tells
* objtool where the retpolines are so that it can make sense of the control
@@ -51,14 +53,18 @@
#define __FILL_RETURN_BUFFER(reg, nr, sp) \
mov $(nr/2), reg; \
771: \
+ ANNOTATE_INTRA_FUNCTION_CALL; \
call 772f; \
773: /* speculation trap */ \
+ UNWIND_HINT_EMPTY; \
pause; \
lfence; \
jmp 773b; \
772: \
+ ANNOTATE_INTRA_FUNCTION_CALL; \
call 774f; \
775: /* speculation trap */ \
+ UNWIND_HINT_EMPTY; \
pause; \
lfence; \
jmp 775b; \
@@ -152,6 +158,7 @@
.endm
.macro ISSUE_UNBALANCED_RET_GUARD
+ ANNOTATE_INTRA_FUNCTION_CALL;
call .Lunbalanced_ret_guard_\@
int3
.Lunbalanced_ret_guard_\@:
--
2.39.2 (Apple Git-143)
next prev parent reply other threads:[~2024-02-26 9:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-26 9:49 [PATCH 0/3] Support intra-function call validation Rui Qi
2024-02-26 9:49 ` [PATCH 1/3] objtool: is_fentry_call() crashes if call has no destination Rui Qi
2024-02-26 13:29 ` Greg KH
2024-02-26 9:49 ` [PATCH 2/3] objtool: Add support for intra-function calls Rui Qi
2024-02-26 9:49 ` Rui Qi [this message]
2024-02-26 11:33 ` [PATCH 0/3] Support intra-function call validation qirui
2024-02-26 17:28 ` Josh Poimboeuf
2024-02-28 2:50 ` [External] " Rui Qi
-- strict thread matches above, loose matches on Subject: below --
2024-02-26 9:40 $(name)
2024-02-26 9:41 ` [PATCH 3/3] x86/speculation: " $(name)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240226094925.95835-4-qirui.001@bytedance.com \
--to=qirui.001@bytedance.com \
--cc=alexandre.chartre@oracle.com \
--cc=bp@alien8.de \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).