lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241008072502.GC14587@noisy.programming.kicks-ass.net>
Date: Tue, 8 Oct 2024 09:25:02 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: bp@...en8.de, david.kaplan@....com, linux-kernel@...r.kernel.org,
	x86@...nel.org
Subject: Re: [RFC][PATCH 2/2] x86: Clean up default rethunk warning

On Mon, Oct 07, 2024 at 10:33:45AM -0700, Josh Poimboeuf wrote:
> On Mon, Oct 07, 2024 at 10:32:12AM +0200, Peter Zijlstra wrote:
> > Replace the funny __warn_thunk thing with a more regular
> > WARN_ON_ONCE(), and simplify the ifdeffery.
> > 
> > Notably this avoids RET from having recursive RETs (once from the
> > thunk and once from the C function) -- recursive RET makes my head
> > hurt for no good reason.
> 
> This could use an explanation for why the ifdefs can be removed and why
> the alternative can be removed.

The alternative is in the WARN_ONCE now.

> > +#define WARN_ONCE							\
> > +	1: ALTERNATIVE "", "ud2", X86_FEATURE_ALWAYS ;			\
> > +	ASM_BUGTABLE_FLAGS(1b, 0, 0, BUGFLAG_WARNING | BUGFLAG_ONCE) ;	\
> > +	REACHABLE
> 
> Can we not use __FILE__ and __LINE__ here?  

Because for asm, __FILE__ is spelled like:

#ifdef CONFIG_DEBUG_BUGVERBOSE
.pushsection .rodata.str1.1, "aMS",@progbits,1
.LC0:
	.string __FILE__
.popsection
#endif
	1: ALTERNATIVE "", "ud2", X86_FEATURE_ALWAYS
	ASM_BUGTABLE_FLAGS(1b, LC0b, __LINE__, BUGFLAG_WARNING | BUGFLAG_ONCE)
	REACHABLE

And I didn't feel the whole thing was worth the trouble, if NULL bug
will only print the symbol name and that should be clear enough.

> Also why not put this in asm/bug.h?

Because the ALTERNATIVE..

> >  SYM_CODE_START(__x86_return_thunk)
> >  	UNWIND_HINT_FUNC
> >  	ANNOTATE_NOENDBR
> > -#if defined(CONFIG_MITIGATION_UNRET_ENTRY) || \
> > -    defined(CONFIG_MITIGATION_SRSO) || \
> > -    defined(CONFIG_MITIGATION_CALL_DEPTH_TRACKING)
> > -	ALTERNATIVE __stringify(ANNOTATE_UNRET_SAFE; ret), \
> > -		   "jmp warn_thunk_thunk", X86_FEATURE_ALWAYS
> > -#else
> > +
> > +#ifdef CONFIG_X86_64
> > +	WARN_ONCE
> > +#endif
> 
> Isn't this return thunk used before apply_returns()?  How does that not
> trigger the warning?

You missed the ALTERNATIVE I squirreled away in the WARN thing :-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ