From: Juergen Gross <jgross@suse.com>
To: Ingo Molnar <mingo@kernel.org>, Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>,
x86@kernel.org, Andi Kleen <ak@linux.intel.com>
Subject: Re: x86/paravirt: Detect over-sized patching bugs in paravirt_patch_call()
Date: Thu, 25 Apr 2019 13:30:46 +0200 [thread overview]
Message-ID: <cde4b650-7fe5-869e-9cd8-327150bd092e@suse.com> (raw)
In-Reply-To: <20190425105745.GA29840@gmail.com>
On 25/04/2019 12:57, Ingo Molnar wrote:
>
> * Peter Zijlstra <peterz@infradead.org> wrote:
>
>> On Thu, Apr 25, 2019 at 11:50:39AM +0200, Ingo Molnar wrote:
>>>
>>> * Peter Zijlstra <peterz@infradead.org> wrote:
>>>
>>>> On Thu, Apr 25, 2019 at 11:17:17AM +0200, Ingo Molnar wrote:
>>>>> It basically means that we silently won't do any patching and the kernel
>>>>> will crash later on in mysterious ways, because paravirt patching is
>>>>> usually relied on.
>>>>
>>>> That's OK. The compiler emits an indirect CALL/JMP to the pv_ops
>>>> structure contents. That _should_ stay valid and function correctly at
>>>> all times.
>>>
>>> It might result in a correctly executing kernel in terms of code
>>> generation, but it doesn't result in a viable kernel: some of the places
>>> rely on the patching going through and don't know what to do when it
>>> doesn't and misbehave or crash in interesting ways.
>>>
>>> Guess how I know this. ;-)
>>
>> What sites would that be? It really should work AFAIK.
>
> So for example I tried to increasing the size of one of the struct
> patch_xxl members:
>
> --- a/arch/x86/kernel/paravirt_patch.c
> +++ b/arch/x86/kernel/paravirt_patch.c
> @@ -28,7 +28,7 @@ struct patch_xxl {
> const unsigned char irq_restore_fl[2];
> # ifdef CONFIG_X86_64
> const unsigned char cpu_wbinvd[2];
> - const unsigned char cpu_usergs_sysret64[6];
> + const unsigned char cpu_usergs_sysret64[60];
> const unsigned char cpu_swapgs[3];
> const unsigned char mov64[3];
> # else
>
> Which with the vanilla kernel crashes on boot much, much later:
>
> [ 2.478026] PANIC: double fault, error_code: 0x0
Sure, there is no NOP padding applied. Pre-populating the area with
1 byte NOPs would avoid the crash.
> But in any case, even if many of the others will work if the patching
> fails silently, is there any case where we'd treat patching failure as an
> acceptable case?
>
> BUG_ON() in paravirt kernels is an easily debuggable condition and beats
> the above kinds of symptoms. But I can turn it into a WARN_ON_ONCE() if
> you think that's better?
I'd prefer the BUG_ON(). Its not as if those conditions will occur on
very few machines only. In case some patching isn't working we should
catch those issues early.
Juergen
next prev parent reply other threads:[~2019-04-25 11:30 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-24 13:41 [patch 0/3] x86/paravirt: Rework paravirt patching Thomas Gleixner
2019-04-24 13:41 ` [patch 1/3] x86/paravirt: Remove bogus extern declarations Thomas Gleixner
2019-04-25 7:31 ` [tip:x86/paravirt] " tip-bot for Thomas Gleixner
2019-05-24 7:58 ` tip-bot for Thomas Gleixner
2019-04-24 13:41 ` [patch 2/3] x86/paravirt: Unify 32/64 bit patch code Thomas Gleixner
2019-04-25 7:32 ` [tip:x86/paravirt] " tip-bot for Thomas Gleixner
2019-05-24 8:00 ` [tip:x86/paravirt] x86/paravirt: Unify the 32/64 bit paravirt patching code tip-bot for Thomas Gleixner
2019-04-24 13:41 ` [patch 3/3] x86/paravirt: Replace paravirt patch asm magic Thomas Gleixner
2019-04-25 6:52 ` Ingo Molnar
2019-04-25 7:22 ` Thomas Gleixner
2019-04-25 7:46 ` Juergen Gross
2019-04-25 8:10 ` [PATCH] x86/paravirt: Match paravirt patchlet field definition ordering to initialization ordering Ingo Molnar
2019-04-25 9:17 ` [PATCH] x86/paravirt: Detect oversized patching bugs as they happen and BUG_ON() to avoid later crashes Ingo Molnar
2019-04-25 9:21 ` Peter Zijlstra
2019-04-25 9:50 ` x86/paravirt: Detect over-sized patching bugs in paravirt_patch_call() Ingo Molnar
2019-04-25 10:22 ` Peter Zijlstra
2019-04-25 10:57 ` Ingo Molnar
2019-04-25 11:30 ` Juergen Gross [this message]
2019-04-25 12:30 ` Juergen Gross
2019-04-25 11:40 ` Peter Zijlstra
2019-04-25 12:30 ` Peter Zijlstra
2019-05-24 7:59 ` [tip:x86/paravirt] " tip-bot for Ingo Molnar
2019-05-24 7:58 ` [tip:x86/paravirt] x86/paravirt: Detect over-sized patching bugs in paravirt_patch_insns() tip-bot for Ingo Molnar
2019-05-24 8:01 ` [tip:x86/paravirt] x86/paravirt: Match paravirt patchlet field definition ordering to initialization ordering tip-bot for Ingo Molnar
2019-04-25 8:08 ` [patch 3/3] x86/paravirt: Replace paravirt patch asm magic Peter Zijlstra
2019-04-25 8:19 ` Peter Zijlstra
2019-04-25 9:20 ` Ingo Molnar
2019-05-24 8:00 ` [tip:x86/paravirt] x86/paravirt: Replace the " tip-bot for Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cde4b650-7fe5-869e-9cd8-327150bd092e@suse.com \
--to=jgross@suse.com \
--cc=ak@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).