| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<DS0PR12MB9273D987B842D9E80081261A94E9A@DS0PR12MB9273.namprd12.prod.outlook.com>
Date: Thu, 16 Oct 2025 14:40:51 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Peter Zijlstra <peterz@...radead.org>
CC: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Josh
Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta
<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
Peter Anvin" <hpa@...or.com>, Alexander Graf <graf@...zon.com>, Boris
Ostrovsky <boris.ostrovsky@...cle.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH 40/56] x86/alternative: Use sync_core_nmi_safe()
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Peter Zijlstra <peterz@...radead.org>
> Sent: Thursday, October 16, 2025 5:36 AM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>; Borislav Petkov <bp@...en8.de>; Josh
> Poimboeuf <jpoimboe@...nel.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>; Alexander Graf <graf@...zon.com>; Boris Ostrovsky
> <boris.ostrovsky@...cle.com>; linux-kernel@...r.kernel.org
> Subject: Re: [RFC PATCH 40/56] x86/alternative: Use sync_core_nmi_safe()
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Oct 13, 2025 at 09:34:28AM -0500, David Kaplan wrote:
> > Re-patching is done under NMI context so the NMI-safe version of
> > sync_core() must be used.
> >
> > Signed-off-by: David Kaplan <david.kaplan@....com>
> > ---
> > arch/x86/kernel/alternative.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
> > index b67116ae883c..2d48d750d4d9 100644
> > --- a/arch/x86/kernel/alternative.c
> > +++ b/arch/x86/kernel/alternative.c
> > @@ -2585,7 +2585,11 @@ void __init_or_module text_poke_early(void *addr,
> const void *opcode,
> > } else {
> > local_irq_save(flags);
> > memcpy(addr, opcode, len);
> > - sync_core();
> > + /* Re-patching occurs in NMI context so we can't do IRET. */
> > + if (repatch_in_progress)
> > + sync_core_nmi_safe();
> > + else
> > + sync_core();
> > local_irq_restore(flags);
> >
>
> Can we please keep this in sync_core()? Something like:
>
> static __always_inline void sync_core(void)
> {
> if (static_cpu_has(X86_FEATURE_SERIALIZE)) {
> serialize();
> return;
> }
>
> + if (repatch_in_progress) {
> + sync_core_nmi_safe();
> + return;
> + }
> +
> iret_to_self();
> }
>
> That way all the modern stuff that has SERIALIZE will still use that.
Hmm, I can't quite do that because sync_core() is used in a number of other places too (unless we make repatch_in_progress a true global).
I wonder though if it'd be ok to have sync_core() check IS_ENABLED(CONFIG_DYNAMIC_MITIGATIONS) and then always use the mov-cr2 version? It might also have to check X86_FEATURE_XENPV and use IRET in that case but otherwise I'd think it's safe for machines that could support dynamic mitigations.
--David Kaplan
Powered by blists - more mailing lists