| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1b8fee7f-5af2-332e-d2c9-ceecd6ff487b@oracle.com>
Date: Tue, 12 Jul 2022 16:22:41 -0400
From: Boris Ostrovsky <boris.ostrovsky@...cle.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Juergen Gross <jgross@...e.com>,
Stefano Stabellini <sstabellini@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, xen-devel@...ts.xenproject.org,
linux-kernel@...r.kernel.org, jpoimboe@...hat.com
Subject: Re: Build warnings in Xen 5.15.y and 5.10.y with retbleed backports
On 7/12/22 3:31 PM, Greg KH wrote:
> On Tue, Jul 12, 2022 at 03:19:39PM -0400, Boris Ostrovsky wrote:
>>
>> On 7/12/22 12:38 PM, Greg KH wrote:
>>> Hi all,
>>>
>>> I'm seeing the following build warning:
>>> arch/x86/kernel/head_64.o: warning: objtool: xen_hypercall_mmu_update(): can't find starting instruction
>>> in the 5.15.y and 5.10.y retbleed backports.
>>>
>>> I don't know why just this one hypercall is being called out by objtool,
>>> and this warning isn't in 5.18 and Linus's tree due to I think commit
>>> 5b2fc51576ef ("x86/ibt,xen: Sprinkle the ENDBR") being there.
>>>
>>> But, is this a ret call that we "forgot" here? It's a "real" ret in
>>> Linus's branch:
>>>
>>> .pushsection .noinstr.text, "ax"
>>> .balign PAGE_SIZE
>>> SYM_CODE_START(hypercall_page)
>>> .rept (PAGE_SIZE / 32)
>>> UNWIND_HINT_FUNC
>>> ANNOTATE_NOENDBR
>>> ANNOTATE_UNRET_SAFE
>>> ret
>>> /*
>>> * Xen will write the hypercall page, and sort out ENDBR.
>>> */
>>> .skip 31, 0xcc
>>> .endr
>>>
>>> while 5.15.y and older has:
>>> .pushsection .text
>>> .balign PAGE_SIZE
>>> SYM_CODE_START(hypercall_page)
>>> .rept (PAGE_SIZE / 32)
>>> UNWIND_HINT_FUNC
>>> .skip 31, 0x90
>>> ANNOTATE_UNRET_SAFE
>>> RET
>>> .endr
>>>
>>> So should the "ret" remain or be turned into "RET" in mainline right
>>> now?
>>
>>
>> It doesn't matter --- this is overwritten by the hypervisor during initialization when Xen fills in actual hypercall code.
>>
>>
>> So f4b4bc10b0b85ec66f1a9bf5dddf475e6695b6d2 added 'ret' to make objtool happy and then 14b476e07fab6 replaced 'ret' with RET as part of SLS fixes. The latter was not really necessary but harmless.
>>
>>
>> So it can be 'ret', RET, or anything else that tools don't complain about. It will not be executed.
>
> Cool, thanks.
>
> But what about the objtool warning that I now see? Is that "real"?
It's not real in the sense that the code there is not real, it will be overwritten. (Originally the whole page was 'nop's)
I am getting a different error BTW:
arch/x86/kernel/head_64.o: warning: objtool: .text+0x5: unreachable instruction
>
> I don't run any Xen systems, so I can't test any of this myself.
You can't test any changes to that code --- it is rewritten when Xen guest is running.
We probably do want to shut up objtool. Josh, any suggestions?
-boris
Powered by blists - more mailing lists