lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  9 Jan 2018 18:28:30 -0800
From:   Andi Kleen <andi@...stfloor.org>
To:     tglx@...utronix.de
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org,
        torvalds@...ux-foundation.org, dwmw@...zon.co.uk, pjt@...gle.com,
        luto@...nel.org, peterz@...radead.org, thomas.lendacky@....com,
        tim.c.chen@...ux.intel.com, gregkh@...ux-foundation.org,
        dave.hansen@...el.com, jikos@...nel.org,
        Andi Kleen <ak@...ux.intel.com>
Subject: [PATCH v3 2/3] x86/retpoline: Use better sequences for NOSPEC_CALL/JMP

From: Andi Kleen <ak@...ux.intel.com>

[This fixes a boot failure in the earlier patches
so may want to be moved earlier to keep git bisect
happy]

With the latest tip x86/pti I get oopses when booting
a 64bit VM in qemu with RETPOLINE/gcc7 and PTI enabled.
Something is wrong with the ALTERNATIVE_2 sequence
used in NOSPEC_JMP

Linus suggested a better sequence that is shorter
and simpler and avoids the problem.

It requires excluding X86_FEATURE_RETPOLINE and
X86_FEATURE_RETPOLINE_AMD, but that has been done
in the previous patch.

Use the new sequence for NOSPEC_CALL and NOSPEC_JMP.

v2: Use new sequence for CALL/RET. Add extra patch
for _COMMON.
v3: Use RETPOLINE_GENERIC for Intel
Fixes: ce004e1cb ("x86/retpoline: Add initial retpoline")
Fixes: f3433c101 ("x86/retpoline/entry: Convert entry")
Suggested-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Andi Kleen <ak@...ux.intel.com>
---
 arch/x86/include/asm/nospec-branch.h | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 8ddf8513550e..dc13325a9890 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -46,9 +46,8 @@
  */
 .macro JMP_NOSPEC reg:req
 #ifdef CONFIG_RETPOLINE
-	ALTERNATIVE_2 __stringify(jmp *\reg),				\
-		__stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE,	\
-		__stringify(lfence; jmp *\reg), X86_FEATURE_RETPOLINE_AMD
+	ALTERNATIVE "", "lfence", X86_FEATURE_RETPOLINE_AMD
+	ALTERNATIVE __stringify(jmp *\reg), __stringify(RETPOLINE_JMP \reg), X86_FEATURE_RETPOLINE_GENERIC
 #else
 	jmp	*\reg
 #endif
@@ -56,9 +55,8 @@
 
 .macro CALL_NOSPEC reg:req
 #ifdef CONFIG_RETPOLINE
-	ALTERNATIVE_2 __stringify(call *\reg),				\
-		__stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE,\
-		__stringify(lfence; call *\reg), X86_FEATURE_RETPOLINE_AMD
+	ALTERNATIVE "", "lfence", X86_FEATURE_RETPOLINE_AMD
+	ALTERNATIVE __stringify(call *\reg), __stringify(RETPOLINE_CALL \reg), X86_FEATURE_RETPOLINE_GENERIC
 #else
 	call	*\reg
 #endif
-- 
2.14.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ