From: Juergen Gross <jgross@suse.com>
To: Bill Wendling <morbo@google.com>, linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Nick Desaulniers <ndesaulniers@google.com>,
"Srivatsa S. Bhat (VMware)" <srivatsa@csail.mit.edu>,
Alexey Makhalov <amakhalov@vmware.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
VMware PV-Drivers Reviewers <pv-drivers@vmware.com>,
x86@kernel.org, virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev,
Peter Zijlstra <peterz@infradead.org>,
Nathan Chancellor <nathan@kernel.org>
Subject: Re: [PATCH v2 1/1] x86/paravirt: write paravirt ident function in assembly
Date: Thu, 15 Sep 2022 08:59:43 +0200 [thread overview]
Message-ID: <fa6df43b-8a1a-8ad1-0236-94d2a0b588fa@suse.com> (raw)
In-Reply-To: <20220914162149.71271-1-morbo@google.com>
[-- Attachment #1.1.1: Type: text/plain, Size: 2837 bytes --]
On 14.09.22 18:21, Bill Wendling wrote:
> The ZERO_CALL_USED_REGS feature may zero out caller-saved registers
> before returning. However, alternate code may call this function without
> first saving %[re]di, because the proper clobbers aren't taken into
> account.
>
> This shows up in spurious_kernel_fault() where the "pte_offset_kernel()"
> call results in this assembly code:
>
> .Ltmp151:
> #APP
> # ALT: oldnstr
> .Ltmp152:
> .Ltmp153:
> .Ltmp154:
> .section .discard.retpoline_safe,"",@progbits
> .quad .Ltmp154
> .text
>
> callq *pv_ops+536(%rip)
>
> .Ltmp155:
> .section .parainstructions,"a",@progbits
> .p2align 3, 0x0
> .quad .Ltmp153
> .byte 67
> .byte .Ltmp155-.Ltmp153
> .short 1
> .text
> .Ltmp156:
> # ALT: padding
> .zero (-(((.Ltmp157-.Ltmp158)-(.Ltmp156-.Ltmp152))>0))*((.Ltmp157-.Ltmp158)-(.Ltmp156-.Ltmp152)),144
> .Ltmp159:
> .section .altinstructions,"a",@progbits
> .Ltmp160:
> .long .Ltmp152-.Ltmp160
> .Ltmp161:
> .long .Ltmp158-.Ltmp161
> .short 33040
> .byte .Ltmp159-.Ltmp152
> .byte .Ltmp157-.Ltmp158
> .text
>
> .section .altinstr_replacement,"ax",@progbits
> # ALT: replacement 1
> .Ltmp158:
> movq %rdi, %rax
> .Ltmp157:
> .text
> #NO_APP
> .Ltmp162:
> testb $-128, %dil
>
> The %dil register was zeroed out by the call to "*pv_ops+536(%rip)".
>
> In general, the _paravirt_ident_64() function appears like it shouldn't
> have any instrumentation or other modifications applied to it. Thus just
> write it in assembly to avoid having to continually modify it whenever a
> new feature comes along.
>
> Link: https://github.com/KSPP/linux/issues/192
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Juergen Gross <jgross@suse.com>
> Cc: "Srivatsa S. Bhat (VMware)" <srivatsa@csail.mit.edu>
> Cc: Alexey Makhalov <amakhalov@vmware.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: Dave Hansen <dave.hansen@linux.intel.com>
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: VMware PV-Drivers Reviewers <pv-drivers@vmware.com>
> Cc: x86@kernel.org
> Cc: virtualization@lists.linux-foundation.org
> Cc: linux-kernel@vger.kernel.org
> Cc: llvm@lists.linux.dev
> Signed-off-by: Bill Wendling <morbo@google.com>
> Suggested-by: Peter Zijlstra <peterz@infradead.org>
> Reported-and-tested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Juergen Gross <jgross@suse.com>
Juergen
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3149 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
prev parent reply other threads:[~2022-09-15 7:01 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-02 21:37 [PATCH 0/2] fix clobbers list with ZERO_CALL_USED_REGS feature Bill Wendling
2022-09-02 21:37 ` [PATCH 1/2] x86/paravirt: clean up typos and grammaros Bill Wendling
2022-09-03 4:28 ` Borislav Petkov
2022-09-04 2:13 ` Bill Wendling
2022-09-02 21:37 ` [PATCH 2/2] x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled Bill Wendling
2022-09-03 7:18 ` Kees Cook
2022-09-05 6:02 ` Bill Wendling
2022-09-07 6:00 ` Nick Desaulniers
2022-09-07 8:50 ` Peter Zijlstra
2022-09-07 23:10 ` Kees Cook
2022-09-08 21:16 ` Bill Wendling
2022-09-14 14:40 ` Nathan Chancellor
2022-09-14 15:49 ` Bill Wendling
[not found] ` <20220914162149.71271-1-morbo@google.com>
2022-09-15 6:59 ` Juergen Gross [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fa6df43b-8a1a-8ad1-0236-94d2a0b588fa@suse.com \
--to=jgross@suse.com \
--cc=amakhalov@vmware.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=peterz@infradead.org \
--cc=pv-drivers@vmware.com \
--cc=srivatsa@csail.mit.edu \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).