lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c0fb45d5-c4a0-498d-8378-dd96ec261c8c@suse.com>
Date: Tue, 14 Oct 2025 16:22:09 +0200
From: Jürgen Groß <jgross@...e.com>
To: Borislav Petkov <bp@...en8.de>
Cc: linux-kernel@...r.kernel.org, linux-tip-commits@...r.kernel.org,
 "Peter Zijlstra (Intel)" <peterz@...radead.org>, x86@...nel.org
Subject: Re: [tip: x86/core] x86/alternative: Patch a single alternative
 location only once

On 14.10.25 16:12, Borislav Petkov wrote:
> On Tue, Oct 14, 2025 at 04:08:47PM +0200, Jürgen Groß wrote:
>> And just for the record: NMI handling is using ALTERNATIVE_2, so you
>> can't just "disable interrupts" and be sure it will work.
> 
> Are you fixing anything you're actually hitting while patching alternatives or
> are you talking hypothetically here?

I really ran into issues while writing my paravirt MSR series, as I had
an ALTERNATIVE3() invocation modifying the original instruction (the
indirect paravirt call) with an WRMSR and then trying to turn the no
longer existing indirect call into a direct one.

So I didn't have the intermediate issue in interrupt handling, but the
issue with rules how to place indirect call replacements in ALTERNATIVEn()
invocations.

The interrupt handling still might be a thing, while NMI is for sure rather
unlikely.

> 
> Because I can't think of an easy way to trigger NMIs that early during boot,
> when not even SMP is up.
> 

NMIs are probably really a more theoretical issue. And even if NMIs are
affected, they will still be affected in case they happen just when half of
the new instruction bytes have been written.


Juergen

Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ