lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Jul 2022 21:31:47 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Boris Ostrovsky <boris.ostrovsky@...cle.com>
Cc:     Juergen Gross <jgross@...e.com>,
        Stefano Stabellini <sstabellini@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>, xen-devel@...ts.xenproject.org,
        linux-kernel@...r.kernel.org
Subject: Re: Build warnings in Xen 5.15.y and 5.10.y with retbleed backports

On Tue, Jul 12, 2022 at 03:19:39PM -0400, Boris Ostrovsky wrote:
> 
> On 7/12/22 12:38 PM, Greg KH wrote:
> > Hi all,
> > 
> > I'm seeing the following build warning:
> > 	arch/x86/kernel/head_64.o: warning: objtool: xen_hypercall_mmu_update(): can't find starting instruction
> > in the 5.15.y and 5.10.y retbleed backports.
> > 
> > I don't know why just this one hypercall is being called out by objtool,
> > and this warning isn't in 5.18 and Linus's tree due to I think commit
> > 5b2fc51576ef ("x86/ibt,xen: Sprinkle the ENDBR") being there.
> > 
> > But, is this a ret call that we "forgot" here?  It's a "real" ret in
> > Linus's branch:
> > 
> > .pushsection .noinstr.text, "ax"
> > 	.balign PAGE_SIZE
> > SYM_CODE_START(hypercall_page)
> > 	.rept (PAGE_SIZE / 32)
> > 		UNWIND_HINT_FUNC
> > 		ANNOTATE_NOENDBR
> > 		ANNOTATE_UNRET_SAFE
> > 		ret
> > 		/*
> > 		 * Xen will write the hypercall page, and sort out ENDBR.
> > 		 */
> > 		.skip 31, 0xcc
> > 	.endr
> > 
> > while 5.15.y and older has:
> > .pushsection .text
> > 	.balign PAGE_SIZE
> > SYM_CODE_START(hypercall_page)
> > 	.rept (PAGE_SIZE / 32)
> > 		UNWIND_HINT_FUNC
> > 		.skip 31, 0x90
> > 		ANNOTATE_UNRET_SAFE
> > 		RET
> > 	.endr
> > 
> > So should the "ret" remain or be turned into "RET" in mainline right
> > now?
> 
> 
> It doesn't matter --- this is overwritten by the hypervisor during initialization when Xen fills in actual hypercall code.
> 
> 
> So f4b4bc10b0b85ec66f1a9bf5dddf475e6695b6d2 added 'ret' to make objtool happy and then 14b476e07fab6 replaced 'ret' with RET as part of SLS fixes. The latter was not really necessary but harmless.
> 
> 
> So it can be 'ret', RET, or anything else that tools don't complain about. It will not be executed.

Cool, thanks.

But what about the objtool warning that I now see?  Is that "real"?

I don't run any Xen systems, so I can't test any of this myself.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ