lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251021114546.GCaPdyaobVuEDvt_yi@fat_crate.local>
Date: Tue, 21 Oct 2025 13:45:46 +0200
From: Borislav Petkov <bp@...en8.de>
To: Juergen Gross <jgross@...e.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: Re: [PATCH v2] x86/alternative: Patch a single alternative location
 only once

On Wed, Oct 15, 2025 at 11:30:01AM +0200, Juergen Gross wrote:
> diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
> index 4f3ea50e41e8..b6b2fa59eaa9 100644
> --- a/arch/x86/kernel/alternative.c
> +++ b/arch/x86/kernel/alternative.c
> @@ -642,57 +642,62 @@ void __init_or_module noinline apply_alternatives(struct alt_instr *start,
>  	 * So be careful if you want to change the scan order to any other
>  	 * order.
>  	 */
> -	for (a = start; a < end; a++) {
> +	for (a = start; a < end; a = b) {
				^^^^^^^


>  		unsigned int insn_buff_sz = 0;
> +		struct alt_instr *p = NULL;
> +		u8 len = 0;
>  
>  		/*
>  		 * In case of nested ALTERNATIVE()s the outer alternative might
>  		 * add more padding. To ensure consistent patching find the max
>  		 * padding for all alt_instr entries for this site (nested
>  		 * alternatives result in consecutive entries).
> +		 * Find the last alt_instr eligible for patching at the site.
>  		 */
> -		for (b = a+1; b < end && instr_va(b) == instr_va(a); b++) {
		     ^^^^^^^^^^^

No,  this is not a contest in how to make an already obfuscated code more
obfucated.

And I already told you to use helper functions...

The intent is to separate this loop logically into helper functions so that it
is easily extendable and understandable. What it is becoming now, is
unreadable mess.

And piling up more and more hackery ontop doesn't make it better.

Here's what I mean below.

- you carve out the logic which analyzes the patch sites into a separate
  function and you do all the analysis there

- The struct patch_site is there to carry results which we copy back to the
  loop variables for easier review so that the diff doesn't become unwieldy.
  There's no problem to switch to using a patch_site everywhere in the loop as
  the actual info collecting structure which controls the patching on each
  iteration

- In other patches, you can carve out the actual patching into a separate
  function. There you can add the patch_one_site function to make it even more
  clear

Can it be made even simpler? 

Sure, this was my first attempt.

Just don't make an already complex dance even more complex.

Thx.

---
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index e377b06e70e3..f8e4679b7638 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -586,6 +586,34 @@ static inline u8 * instr_va(struct alt_instr *i)
 	return (u8 *)&i->instr_offset + i->instr_offset;
 }
 
+struct patch_site {
+	u8 len;
+	u8 *instr_va;
+	u8 *repl_va;
+};
+
+/*
+ * In case of nested ALTERNATIVE()s the outer alternative might add more
+ * padding. To ensure consistent patching find the max padding for all
+ * alt_instr entries for this site (nested alternatives result in
+ * consecutive entries).
+ */
+static void __init_or_module analyze_patch_site(struct patch_site *ps, struct alt_instr *p,
+						struct alt_instr *end)
+{
+	struct alt_instr *tmp;
+
+	ps->len = p->instrlen;
+
+	for (tmp = p+1; tmp < end && instr_va(tmp) == instr_va(p); tmp++)
+		ps->len = max(p->instrlen, tmp->instrlen);
+
+	BUG_ON(ps->len > MAX_PATCH_LEN);
+
+	ps->instr_va = instr_va(p);
+	ps->repl_va  = (u8 *)&p->repl_offset + p->repl_offset;
+}
+
 /*
  * Replace instructions with better alternatives for this CPU type. This runs
  * before SMP is initialized to avoid SMP problems with self modifying code.
@@ -601,7 +629,7 @@ void __init_or_module noinline apply_alternatives(struct alt_instr *start,
 {
 	u8 insn_buff[MAX_PATCH_LEN];
 	u8 *instr, *replacement;
-	struct alt_instr *a, *b;
+	struct alt_instr *a;
 
 	DPRINTK(ALT, "alt table %px, -> %px", start, end);
 
@@ -626,23 +654,17 @@ void __init_or_module noinline apply_alternatives(struct alt_instr *start,
 	 */
 	for (a = start; a < end; a++) {
 		unsigned int insn_buff_sz = 0;
+		struct patch_site ps = {};
+		u8 len;
 
-		/*
-		 * In case of nested ALTERNATIVE()s the outer alternative might
-		 * add more padding. To ensure consistent patching find the max
-		 * padding for all alt_instr entries for this site (nested
-		 * alternatives result in consecutive entries).
-		 */
-		for (b = a+1; b < end && instr_va(b) == instr_va(a); b++) {
-			u8 len = max(a->instrlen, b->instrlen);
-			a->instrlen = b->instrlen = len;
-		}
-
-		instr = instr_va(a);
-		replacement = (u8 *)&a->repl_offset + a->repl_offset;
-		BUG_ON(a->instrlen > sizeof(insn_buff));
 		BUG_ON(a->cpuid >= (NCAPINTS + NBUGINTS) * 32);
 
+		analyze_patch_site(&ps, a, end);
+
+		instr = ps.instr_va;
+		len = ps.len;
+		replacement = ps.repl_va;
+
 		/*
 		 * Patch if either:
 		 * - feature is present
@@ -650,16 +672,16 @@ void __init_or_module noinline apply_alternatives(struct alt_instr *start,
 		 *   patch if feature is *NOT* present.
 		 */
 		if (!boot_cpu_has(a->cpuid) == !(a->flags & ALT_FLAG_NOT)) {
-			memcpy(insn_buff, instr, a->instrlen);
-			optimize_nops(instr, insn_buff, a->instrlen);
-			text_poke_early(instr, insn_buff, a->instrlen);
+			memcpy(insn_buff, instr, len);
+			optimize_nops(instr, insn_buff, len);
+			text_poke_early(instr, insn_buff, len);
 			continue;
 		}
 
 		DPRINTK(ALT, "feat: %d*32+%d, old: (%pS (%px) len: %d), repl: (%px, len: %d) flags: 0x%x",
 			a->cpuid >> 5,
 			a->cpuid & 0x1f,
-			instr, instr, a->instrlen,
+			instr, instr, len,
 			replacement, a->replacementlen, a->flags);
 
 		memcpy(insn_buff, replacement, a->replacementlen);
@@ -668,12 +690,12 @@ void __init_or_module noinline apply_alternatives(struct alt_instr *start,
 		if (a->flags & ALT_FLAG_DIRECT_CALL)
 			insn_buff_sz = alt_replace_call(instr, insn_buff, a);
 
-		for (; insn_buff_sz < a->instrlen; insn_buff_sz++)
+		for (; insn_buff_sz < len; insn_buff_sz++)
 			insn_buff[insn_buff_sz] = 0x90;
 
-		text_poke_apply_relocation(insn_buff, instr, a->instrlen, replacement, a->replacementlen);
+		text_poke_apply_relocation(insn_buff, instr, len, replacement, a->replacementlen);
 
-		DUMP_BYTES(ALT, instr, a->instrlen, "%px:   old_insn: ", instr);
+		DUMP_BYTES(ALT, instr, len, "%px:   old_insn: ", instr);
 		DUMP_BYTES(ALT, replacement, a->replacementlen, "%px:   rpl_insn: ", replacement);
 		DUMP_BYTES(ALT, insn_buff, insn_buff_sz, "%px: final_insn: ", instr);
 

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ