| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Mar 2022 12:03:38 -0600
From: Alex Thorlton <alex.thorlton@...cle.com>
To: linux-kernel@...r.kernel.org, x86@...nel.org
Cc: Alex Thorlton <alex.thorlton@...cle.com>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Kefeng Wang <wangkefeng.wang@...wei.com>,
stable@...r.kernel.org
Subject: [PATCH] x86/paravirt: Apply paravirt instructions in consistent order during boot/module load
Commit 4e6292114c74 ("x86/paravirt: Add new features for paravirt
patching") changed the order in which altinstructions and paravirt
instructions are patched at boot time. However, no analogous change was
made in module_finalize, where we apply altinstructions and
parainstructions during module load.
As a result, any code that generates "stacked up" altinstructions and
parainstructions (i.e. local_irq_save/restore) will produce different
results when used in built-in kernel code vs. kernel modules. This also
makes it possible to inadvertently replace altinstructions in the booted
kernel with their parainstruction counterparts when using
livepatch/kpatch.
To fix this, re-order the processing in module_finalize, so that we do
things in this order:
1. apply_paravirt
2. apply_retpolines
3. apply_alternatives
4. alternatives_smp_module_add
This is the same ordering that is used at boot time in
alternative_instructions.
Fixes: 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching")
Signed-off-by: Alex Thorlton <alex.thorlton@...cle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@...cle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: "H. Peter Anvin" <hpa@...or.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Kefeng Wang <wangkefeng.wang@...wei.com>
Cc: x86@...nel.org
Cc: linux-kernel@...r.kernel.org
Cc: stable@...r.kernel.org # 5.13+
---
arch/x86/kernel/module.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
index 95fa745e310a5..4edc9c87ad0bc 100644
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
@@ -273,6 +273,10 @@ int module_finalize(const Elf_Ehdr *hdr,
retpolines = s;
}
+ if (para) {
+ void *pseg = (void *)para->sh_addr;
+ apply_paravirt(pseg, pseg + para->sh_size);
+ }
if (retpolines) {
void *rseg = (void *)retpolines->sh_addr;
apply_retpolines(rseg, rseg + retpolines->sh_size);
@@ -290,11 +294,6 @@ int module_finalize(const Elf_Ehdr *hdr,
tseg, tseg + text->sh_size);
}
- if (para) {
- void *pseg = (void *)para->sh_addr;
- apply_paravirt(pseg, pseg + para->sh_size);
- }
-
/* make jump label nops */
jump_label_apply_nops(me);
--
2.33.1
Powered by blists - more mailing lists