| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251209124700.GF3707837@noisy.programming.kicks-ass.net>
Date: Tue, 9 Dec 2025 13:47:00 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Heiko Carstens <hca@...ux.ibm.com>
Cc: Alexander Gordeev <agordeev@...ux.ibm.com>,
Sven Schnelle <svens@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Mark Rutland <mark.rutland@....com>, Arnd Bergmann <arnd@...db.de>,
Jens Remus <jremus@...ux.ibm.com>,
Stefan Schulze Frielinghaus <stefansf@...ux.ibm.com>,
Juergen Christ <jchrist@...ux.ibm.com>,
linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org
Subject: Re: [PATCH 9/9] s390/bug: Prevent tail-call optimization
On Tue, Dec 09, 2025 at 01:17:01PM +0100, Heiko Carstens wrote:
> For the exception based __WARN_trap() implementation it is technically not
> necessary to prevent tail-call optimization, however it may be confusing to
> see warning messages like:
>
> WARNING: arch/s390/kernel/setup.c:1017 at foobar+0x2c/0x50, CPU#0: swapper/0/0
>
> together with a disassembly of a different function caused by tail-call
> optimaziation for the __WARN_trap() call. Prevent that by adding an empty
> asm statement. This generates slightly worse code, but should hopefully
> avoid confusion.
Aah, because:
bar()
foo()
__WARN_trap()
when foo() does a tail-call, your link reg points to bar() and not the
expected foo().
And at this point you don't have enough clues to conditionally do that
psw/r14 fixup either.
Oh well.
> With this the output looks like:
>
> WARNING: arch/s390/kernel/setup.c:1017 at foobar+0x2c/0x50, CPU#0: swapper/0/0
> ...
> Krnl PSW : 0704c00180000000 000003ffe0119788 (foobar+0x38/0x50)
> ...
> Krnl Code: 000003ffe0119776: e3e0f0980024 stg %r14,152(%r15)
> 000003ffe011977c: c02000b8992a larl %r2,000003ffe182c9d0
> *000003ffe0119782: c0e5007270b7 brasl %r14,000003ffe0f678f0
> >000003ffe0119788: ebeff0a00004 lmg %r14,%r15,160(%r15)
> 000003ffe011978e: 07fe bcr 15,%r14
> 000003ffe0119790: 47000700 bc 0,1792
> 000003ffe0119794: 0707 bcr 0,%r7
> 000003ffe0119796: 0707 bcr 0,%r7
> Call Trace:
> [<000003ffe0119788>] foobar+0x38/0x50
> [<000003ffe185bc2e>] arch_cpu_finalize_init+0x26/0x60
> [<000003ffe185654c>] start_kernel+0x53c/0x5d8
> [<000003ffe010002e>] startup_continue+0x2e/0x40
>
> A better solution would be to replace or patch the branch instruction to
> __WARN_trap() with the monitor call instruction, similar to what is done
> for x86 [1]. However s390 does not support static_cond_calls(). Therefore
> use the simple approach for the time being.
Right, and no objtool for you either :/ Because all you need is
something to find all the __WARN_trap() callsites and stick them in a
section.
> [1] commit 860238af7a33 ("x86_64/bug: Inline the UD1")
>
> Signed-off-by: Heiko Carstens <hca@...ux.ibm.com>
> ---
> arch/s390/include/asm/bug.h | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/s390/include/asm/bug.h b/arch/s390/include/asm/bug.h
> index e6e8b492c0e7..89187ec6f6b0 100644
> --- a/arch/s390/include/asm/bug.h
> +++ b/arch/s390/include/asm/bug.h
> @@ -99,6 +99,8 @@ do { \
> int __flags = (flags) | BUGFLAG_WARNING | BUGFLAG_ARGS; \
> \
> __WARN_trap(__WARN_bug_entry(__flags, format), ## arg); \
> + /* prevent tail-call optimization */ \
> + asm(""); \
> } while (0)
>
> #define __WARN_printf(taint, fmt, arg...) \
> --
> 2.51.0
>
Powered by blists - more mailing lists