lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Apr 2024 05:48:22 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Michael Roth <michael.roth@....com>, Josh Poimboeuf <jpoimboe@...nel.org>, bp@...nel.org, 
	bgardon@...gle.com, dave.hansen@...ux.intel.com, dmatlack@...gle.com, 
	hpa@...or.com, kvm@...r.kernel.org, leitao@...ian.org, 
	linux-kernel@...r.kernel.org, maz@...nel.org, mingo@...hat.com, 
	mirsad.todorovac@....unizg.hr, pawan.kumar.gupta@...ux.intel.com, 
	pbonzini@...hat.com, peterz@...radead.org, shahuang@...hat.com, 
	tabba@...gle.com, tglx@...utronix.de, x86@...nel.org
Subject: Re: [BUG net-next] arch/x86/kernel/cpu/bugs.c:2935: "Unpatched return
 thunk in use. This should not happen!" [STACKTRACE]

On Wed, Apr 03, 2024, Borislav Petkov wrote:
> On Tue, Apr 02, 2024 at 08:38:56AM -0500, Michael Roth wrote:
> > On Tue, Apr 02, 2024 at 12:15:49PM +0200, bp@...nel.org wrote:
> > I can also trigger using one of the more basic KVM selftests:
> > 
> >   make INSTALL_HDR_PATH="$headers_dir" headers_install
> >   make -C tools/testing/selftests TARGETS="kvm" EXTRA_CFLAGS="-DDEBUG -I$headers_dir"
> >   sudo tools/testing/selftests/kvm/userspace_io_test
> 
> Ok, thanks, that helped.
> 
> Problem is:
> 
> 7f4b5cde2409 ("kvm: Disable objtool frame pointer checking for vmenter.S")
> 
> it is disabling checking of the arch/x86/kvm/svm/vmenter.S by objtool
> when CONFIG_FRAME_POINTER=y but that also leads to objtool *not*
> generating .return_sites and the return thunk remains unpatched.
> 
> I think we need to say: ignore frame pointer checking but still generate
> .return_sites.

I'm guessing a general solution for OBJECT_FILES_NON_STANDARD is needed, but I
have a series to drop it for vmenter.S.

https://lore.kernel.org/all/20240223204233.3337324-9-seanjc@google.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ