lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YWdI31noOUQVSA6w@hirez.programming.kicks-ass.net>
Date:   Wed, 13 Oct 2021 23:00:15 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     x86@...nel.org, andrew.cooper3@...rix.com,
        linux-kernel@...r.kernel.org, alexei.starovoitov@...il.com,
        ndesaulniers@...gle.com
Subject: Re: [PATCH 4/9] x86/alternative: Implement .retpoline_sites support

On Wed, Oct 13, 2021 at 01:52:59PM -0700, Josh Poimboeuf wrote:
> On Wed, Oct 13, 2021 at 02:22:21PM +0200, Peter Zijlstra wrote:
> >  	/*
> > +	 * Rewrite the retpolines, must be done before alternatives since
> > +	 * those can rewrite the retpoline thunks.
> > +	 */
> 
> Why exactly is that a problem?  This code doesn't read the thunks.

The below problem :-) I didn't include it in the series, but I'm
thinking that's where I wants to go eventually.

---
Subject: x86,retpoline: Poison retpoline thunks for !X86_FEATURE_RETPOLINE
From: Peter Zijlstra <peterz@...radead.org>
Date: Tue Oct 12 10:30:56 CEST 2021

Now that objtool will out-of-line all retpoline thunk calls for
!RETPOLINE, poison them.

Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
---
 arch/x86/lib/retpoline.S |   10 ++++++++++
 1 file changed, 10 insertions(+)

--- a/arch/x86/lib/retpoline.S
+++ b/arch/x86/lib/retpoline.S
@@ -32,9 +32,19 @@
 
 SYM_FUNC_START(__x86_indirect_thunk_\reg)
 
+#ifdef CONFIG_STACK_VALIDATION
+/*
+ * When objtool runs, there should not be any __x86_indirect_thunk_* calls
+ * left after alternatives, ensure this by patching it to UD2.
+ */
+	ALTERNATIVE_2 __stringify(RETPOLINE \reg), \
+		      __stringify(ud2), ALT_NOT(X86_FEATURE_RETPOLINE), \
+		      __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *%\reg), X86_FEATURE_RETPOLINE_AMD
+#else
 	ALTERNATIVE_2 __stringify(ANNOTATE_RETPOLINE_SAFE; jmp *%\reg), \
 		      __stringify(RETPOLINE \reg), X86_FEATURE_RETPOLINE, \
 		      __stringify(lfence; ANNOTATE_RETPOLINE_SAFE; jmp *%\reg), X86_FEATURE_RETPOLINE_AMD
+#endif
 
 SYM_FUNC_END(__x86_indirect_thunk_\reg)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ