| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Mar 2020 18:59:56 +0100
From: Thomas Gleixner <tglx@...utronix.de>
To: LKML <linux-kernel@...r.kernel.org>
Cc: x86@...nel.org, Paul McKenney <paulmck@...nel.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
"Joel Fernandes (Google)" <joel@...lfernandes.org>,
"Steven Rostedt (VMware)" <rostedt@...dmis.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Frederic Weisbecker <frederic@...nel.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Brian Gerst <brgerst@...il.com>,
Juergen Gross <jgross@...e.com>,
Alexandre Chartre <alexandre.chartre@...cle.com>,
Peter Zijlstra <peterz@...radead.org>,
Tom Lendacky <thomas.lendacky@....com>,
Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org
Subject: [RESEND][patch V3 00/23] x86/entry: Consolidation part II (syscalls)
Hi!
Sorry for the resend noise. I managed to fatfinger one of my scripts
so it dropped all Ccs and sent it only to LKML. Sigh....
This is the third version of the syscall entry code consolidation
series. V2 can be found here:
https://lore.kernel.org/r/20200308222359.370649591@linutronix.de
It applies on top of
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/entry
and is also available from git:
git://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel entry-v3-part2
The changes vs. V2:
- A massive rework utilizing Peter Zijlstras objtool patches to analyze
the new .noinstr.text section:
https://lore.kernel.org/r/20200317170234.897520633@infradead.org
Working with this was really helpful as it clearly pin pointed code
which calls out of the protected section which is much more efficient
and focussed than chasing everything manually.
- Picked up the two RCU patches from Paul for completeness. The bugfix
is required anyway and the comments have been really helpful to see
where the defense line has to be.
- As the tool flagged KVM as red zone, I looked at the context tracking
usage there and it has similar if not worse issues. New set of patches
dealing with that.
Please have a close look at the approach and the resulting protected areas.
Known issues:
- The kprobes '.noinstr.text' exclusion currently works only for built
in code. Haven't figured out how to to fix that, but I'm sure that
Masami knows :)
- The various SANitizers if enabled ruin the picture. Peter and I still
have no brilliant idea what to do about that.
Thanks,
tglx
---
arch/x86/entry/common.c | 173 ++++++++++++++++++++++++---------
arch/x86/entry/entry_32.S | 24 ----
arch/x86/entry/entry_64.S | 6 -
arch/x86/entry/entry_64_compat.S | 32 ------
arch/x86/entry/thunk_64.S | 45 +++++++-
arch/x86/include/asm/bug.h | 3
arch/x86/include/asm/hardirq.h | 4
arch/x86/include/asm/irqflags.h | 3
arch/x86/include/asm/nospec-branch.h | 4
arch/x86/include/asm/paravirt.h | 3
arch/x86/kvm/svm.c | 152 ++++++++++++++++++----------
arch/x86/kvm/vmx/ops.h | 4
arch/x86/kvm/vmx/vmenter.S | 2
arch/x86/kvm/vmx/vmx.c | 78 +++++++++++---
arch/x86/kvm/x86.c | 4
b/include/asm-generic/bug.h | 9 +
include/asm-generic/sections.h | 3
include/asm-generic/vmlinux.lds.h | 4
include/linux/compiler.h | 24 ++++
include/linux/compiler_types.h | 4
include/linux/context_tracking.h | 27 +++--
include/linux/context_tracking_state.h | 6 -
include/linux/irqflags.h | 6 +
include/linux/sched.h | 1
kernel/context_tracking.c | 14 +-
kernel/kprobes.c | 11 ++
kernel/locking/lockdep.c | 66 +++++++++---
kernel/panic.c | 4
kernel/rcu/tree.c | 91 +++++++++++------
kernel/rcu/tree_plugin.h | 4
kernel/rcu/update.c | 7 -
kernel/trace/trace_preemptirq.c | 25 ++++
lib/debug_locks.c | 2
lib/smp_processor_id.c | 10 -
scripts/mod/modpost.c | 2
35 files changed, 590 insertions(+), 267 deletions(-)
Powered by blists - more mailing lists