lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241028160917.1380714-4-alexander.shishkin@linux.intel.com>
Date: Mon, 28 Oct 2024 18:07:51 +0200
From: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
To: Andy Lutomirski <luto@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	x86@...nel.org,
	"H. Peter Anvin" <hpa@...or.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Ard Biesheuvel <ardb@...nel.org>,
	"Paul E. McKenney" <paulmck@...nel.org>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Xiongwei Song <xiongwei.song@...driver.com>,
	Xin Li <xin3.li@...el.com>,
	"Mike Rapoport (IBM)" <rppt@...nel.org>,
	Brijesh Singh <brijesh.singh@....com>,
	Michael Roth <michael.roth@....com>,
	Tony Luck <tony.luck@...el.com>,
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	Alexey Kardashevskiy <aik@....com>
Cc: Jonathan Corbet <corbet@....net>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Sohil Mehta <sohil.mehta@...el.com>,
	Ingo Molnar <mingo@...nel.org>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
	Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
	Kai Huang <kai.huang@...el.com>,
	Sandipan Das <sandipan.das@....com>,
	Breno Leitao <leitao@...ian.org>,
	Rick Edgecombe <rick.p.edgecombe@...el.com>,
	Alexei Starovoitov <ast@...nel.org>,
	Hou Tao <houtao1@...wei.com>,
	Juergen Gross <jgross@...e.com>,
	Vegard Nossum <vegard.nossum@...cle.com>,
	Kees Cook <kees@...nel.org>,
	Eric Biggers <ebiggers@...gle.com>,
	Jason Gunthorpe <jgg@...pe.ca>,
	"Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Luis Chamberlain <mcgrof@...nel.org>,
	Yuntao Wang <ytcoode@...il.com>,
	Rasmus Villemoes <linux@...musvillemoes.dk>,
	Christophe Leroy <christophe.leroy@...roup.eu>,
	Tejun Heo <tj@...nel.org>,
	Changbin Du <changbin.du@...wei.com>,
	Huang Shijie <shijie@...amperecomputing.com>,
	Geert Uytterhoeven <geert+renesas@...der.be>,
	Namhyung Kim <namhyung@...nel.org>,
	Arnaldo Carvalho de Melo <acme@...hat.com>,
	linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	linux-efi@...r.kernel.org
Subject: [PATCH v5 03/16] x86/alternatives: Disable LASS when patching kernel alternatives

From: Sohil Mehta <sohil.mehta@...el.com>

For patching, the kernel initializes a temporary mm area in the lower
half of the address range. See commit 4fc19708b165 ("x86/alternatives:
Initialize temporary mm for patching").

Disable LASS enforcement during patching using the stac()/clac()
instructions to avoid triggering a #GP fault.

The objtool warns due to a call to a non-allowed function that exists
outside of the stac/clac guard, or references to any function with a
dynamic function pointer inside the guard. See the Objtool warnings
section #9 in the document tools/objtool/Documentation/objtool.txt.

Considering that patching is usually small, replace the memcpy and
memset functions in the text poking functions with their inline versions
respectively.

Signed-off-by: Sohil Mehta <sohil.mehta@...el.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
---
 arch/x86/kernel/alternative.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index d17518ca19b8..2dc097014c2d 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -1841,16 +1841,24 @@ static inline void unuse_temporary_mm(temp_mm_state_t prev_state)
 __ro_after_init struct mm_struct *poking_mm;
 __ro_after_init unsigned long poking_addr;
 
+/*
+ * poking_init() initializes the text poking address from the lower half of the
+ * address space. Relax LASS enforcement when accessing the poking address.
+ */
 static void text_poke_memcpy(void *dst, const void *src, size_t len)
 {
-	memcpy(dst, src, len);
+	lass_stac();
+	__inline_memcpy(dst, src, len);
+	lass_clac();
 }
 
 static void text_poke_memset(void *dst, const void *src, size_t len)
 {
 	int c = *(const int *)src;
 
-	memset(dst, c, len);
+	lass_stac();
+	__inline_memset(dst, c, len);
+	lass_clac();
 }
 
 typedef void text_poke_f(void *dst, const void *src, size_t len);
-- 
2.45.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ