lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b2e07601-80d9-4a6e-a60a-6667d679494c@suse.com>
Date: Wed, 1 Oct 2025 10:49:31 +0200
From: Juergen Gross <jgross@...e.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org, llvm@...ts.linux.dev,
 xin@...or.com, "H. Peter Anvin" <hpa@...or.com>,
 Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
 Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
 Nathan Chancellor <nathan@...nel.org>,
 Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
 Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>
Subject: Re: [PATCH v2 09/12] x86/msr: Use the alternatives mechanism for
 WRMSR

On 30.09.25 10:46, Jürgen Groß wrote:
> On 30.09.25 10:31, Peter Zijlstra wrote:
>> On Tue, Sep 30, 2025 at 09:03:53AM +0200, Juergen Gross wrote:
>>
>>> +static __always_inline bool __wrmsrq_constant(u32 msr, u64 val, int type)
>>> +{
>>> +    BUILD_BUG_ON(!__builtin_constant_p(msr));
>>> +
>>> +    asm_inline volatile goto(
>>> +        "1:\n"
>>> +        ALTERNATIVE_2(PREPARE_RCX_RDX_FOR_WRMSR
>>> +                  "2: ds wrmsr",
>>> +                  PREPARE_RCX_RDX_FOR_WRMSR
>>> +                  ASM_WRMSRNS,
>>> +                  X86_FEATURE_WRMSRNS,
>>> +                  ASM_WRMSRNS_IMM,
>>> +                  X86_FEATURE_MSR_IMM)
>>> +        _ASM_EXTABLE_TYPE(1b, %l[badmsr], %c[type])    /* For WRMSRNS 
>>> immediate */
>>> +        _ASM_EXTABLE_TYPE(2b, %l[badmsr], %c[type])    /* For WRMSR(NS) */
>>> +
>>> +        :
>>> +        : [val] "a" (val), [msr] "i" (msr), [type] "i" (type)
>>> +        : "memory", "ecx", "rdx"
>>> +        : badmsr);
>>> +
>>> +    return false;
>>> +
>>> +badmsr:
>>> +    return true;
>>> +}
>>
>> Just wondering, would something this work?
>>
>>     asm_inline volatile goto(
>>         "1:\n"
>>         ALTERNATIVE(PREPARE_RCX_RDX_FOR_WRMSR
>>                 "2:\n"
>>                 ALTERNATIVE("ds wrmsr",
>>                             ASM_WRMSRNS, X86_FEATURE_WRMSRNS),
>>                 ASM_WRMSRNS_IMM, X86_FEATURE_MSR_IMM);
>>         _ASM_EXTABLE_TYPE(1b, %l[badmsr], %c[type])    /* For WRMSRNS 
>> immediate */
>>         _ASM_EXTABLE_TYPE(2b, %l[badmsr], %c[type])    /* For WRMSR(NS) */
>>
>>         :
>>         : [val] "a" (val), [msr] "i" (msr), [type] "i" (type)
>>         : "memory", "ecx", "rdx"
>>         : badmsr);
>>
>> Its a bit weird because the nested alternative isn't for the exact same
>> position I suppose. But I find it a more readable form.
> 
> I don't think it would work. Nested ALTERNATIVE()s do work only with
> all of them starting at the same location. Have a look at the
> ALTERNATIVE() macro, which is defining the label "771" via OLDINSTR()
> and then referring to this label via ALTINSTR_ENTRY(). In your case
> the ALTINSTR_ENTRY() of the outer ALTERNATIVE() invocation would find
> the wrong "771" label (the one of the inner ALTERNATIVE()).
> 
> Allowing such constructs would probably require switching from preprocessor
> macros to assembler macros.

Thinking more about that I believe there are additional problems:

Having overlapping alternatives not starting at the same address will result
in problems with length padding of the outer alternative in case the inner
one starting later is extending past the end of the outer one. This might be
possible to handle, but it will be tedious.

A similar problem occurs with my recent series for merging nested alternative
patching into a temporary buffer. Currently the code relies on all nested
alternatives to start at the same location.

Using your idea with pv_ops could result in the inner alternative not being
at the start of the outer alternative AND being not the initial code. This
would result in patching in the .altinstructions area instead of the normal
.text site, resulting in possible loss of a patching action if the patched
area would have been used as a replacement before.

So in my opinion allowing alternatives to nest without all inner levels
starting at the same location as the outermost level would be a receipt for
failure.

I think I'll write another patch to BUG() in case such a situation is being
detected.


Juergen

Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ