Received: by 2002:ac0:a591:0:0:0:0:0 with SMTP id m17-v6csp342165imm; Thu, 5 Jul 2018 00:59:16 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcgIGQcyfJGKjjaN4o9XXTBH+uMW0vuhX5hpVSAzBvU3qKtdzbrLp12l2beJiKvXBb3vVN8 X-Received: by 2002:a62:2785:: with SMTP id n127-v6mr5306918pfn.129.1530777556126; Thu, 05 Jul 2018 00:59:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530777556; cv=none; d=google.com; s=arc-20160816; b=YGFKqXprpR6i03QlRospnQph713QKbNNkzKssrxgvMi5wt4N1XHeH2Mo34kxJ0CaZJ l81oRgWEAedncqS57TFd8/fi95Vp8hYnnOfhGmzhxO76QxXEiShFN/VMvF7hfj71AqGw QqqworzF1bQf9UO+eaVzR+9SqVcdJbl5lr0nSLzJvEpyIutvsYZ7wveCKNCk+tVOjXqz 0HilFUbn+yGer25+Hq34RLWReDFr4OwcuqwOiwPKoC+XWzkrS80XU5JGqMveMzev9XR7 kDD00oByqilUFA5KmLmi1+1BQurQ0QidlQ8/t/CQDHmlU3FtaCLwZCfhVXtzEhX31zah RUXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=wIMVKDcKmn9q5ut++JsrEmvxXXw2vPlHNgRjmBOmZyw=; b=VwZN+BQFq8PWsd+w9OaF+Cx3bjLIrTmcu927p40tFDZHdNn/Kwkx5SLiRwrBSN5qPc x+ZteVigZj+QfW6frwvYc+j+RXwq2GfQDmN3DGLlts0DAQs6O4nqbKfS61q69T10YUgb PSz/62OQ0SQTh7hPS8+6YV7US7cGq64Sq4EH41RBBFVNayPz5ldZ51ji5HP7gdVziVg+ fkzcHffkT9cEl+FayfWWWagUltLXS3+Gd8q4VRr5j+N9jeWtcfKwGdk6PMfedvhkCdlq Y3Qn1H/A80V0GIFZNVcvkiNQgz5srpuFD1Q/kMNPkS0NfolWvpDa/JZw5qNEMNGmA87J 0fiA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=YNjoAjrd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d7-v6si4961785pgc.445.2018.07.05.00.59.01; Thu, 05 Jul 2018 00:59:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=YNjoAjrd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753349AbeGEH6W (ORCPT + 99 others); Thu, 5 Jul 2018 03:58:22 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:38299 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753041AbeGEH6U (ORCPT ); Thu, 5 Jul 2018 03:58:20 -0400 Received: by mail-wr1-f66.google.com with SMTP id j33-v6so679800wrj.5; Thu, 05 Jul 2018 00:58:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=wIMVKDcKmn9q5ut++JsrEmvxXXw2vPlHNgRjmBOmZyw=; b=YNjoAjrdQrrt+F1K+Ad/I7Xix6GNJg1AlwClRC4BPw+MmqjO5xHzC4n471Xhe276TY CR+bG9Na1zK8W9opCX02s44PzR2Qoc1YDKLE2CTORiXam4QYMGqmTPKLgte1ZFMiTTVl V8SrpC0EwLMJ56pwO0OOWWKU8RJy/NBH08LmbefWe+f/hCo/UfzTS97eDarjVjGHhTzS zJr4iTcwknjbIfsAX51kVEd/ExzAm6f7u/OquImtA3qxHmtyfULKlDvmNR5a49hmdpLY AgEA7dYOED4yTjmSOxxKHqt3Ten1/yagc6TMKPyjHqbWoNiyuYnZt1h1BpOWI7iQeNqO IRlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=wIMVKDcKmn9q5ut++JsrEmvxXXw2vPlHNgRjmBOmZyw=; b=O5DGI+2xUnWbko8JTWhlFsxzHhvXG4bjX9qGIoBLYI7hdCsGufSpQt2Upr/AsAPxVP OhrtC+ZjYFsHVbIjY7/2UA12KFtoNJqnLBzHIYoT5SbHC5o9YAxmb6xaR9YsZoUJY1Od hdEQZMSImMgitMfoujX3dRII8PEPmWkxn1y+orFVmHTluWh5j5JoXHTvuORpgOI7XDGF PLJBK0+o0eMIgTw5aWngCenC9VdLATNwwFycl6lUWSgPj7x91qFVrH5XsZsM/XDWsN/X l+iRd+oPcgQ0cfrmSl22YJ/x6L2odRdZ8Kc9NGSr79NjXLoiAQJpYVnXIsjJK9Chhx8d FkEA== X-Gm-Message-State: APt69E1ODo3R4njriasi0XhomA4tXmFtDvPXHVkhKYxGWk2kWnKQ9BmE WKdtvzCMIf5OdPVxJmyGVxc= X-Received: by 2002:adf:9883:: with SMTP id w3-v6mr4035400wrb.9.1530777498681; Thu, 05 Jul 2018 00:58:18 -0700 (PDT) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id 189-v6sm11227952wmy.25.2018.07.05.00.58.17 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Jul 2018 00:58:17 -0700 (PDT) Date: Thu, 5 Jul 2018 09:58:15 +0200 From: Ingo Molnar To: Josh Poimboeuf Cc: Alexey Dobriyan , Borislav Petkov , linux-crypto@vger.kernel.org, Mike Galbraith , torvalds@linux-foundation.org, tglx@linutronix.de, luto@kernel.org, peterz@infradead.org, brgerst@gmail.com, hpa@zytor.com, linux-kernel@vger.kernel.org, dvlasenk@redhat.com, h.peter.anvin@intel.com, linux-tip-commits , Herbert Xu , Peter Zijlstra Subject: Re: [PATCH] x86/crypto: Add missing RETs Message-ID: <20180705075815.GA20903@gmail.com> References: <1529244178.4674.1.camel@gmx.de> <20180617194747.GA21160@zn.tnic> <1529289279.31745.3.camel@gmx.de> <20180623103622.GA2760@zn.tnic> <20180624071105.GA29407@gmail.com> <20180624104449.GA20159@avx2> <20180625072438.GA19063@gmail.com> <20180625131932.sge43esxdb5ejoxg@treble> <20180626064930.GB25879@gmail.com> <20180626123154.unjji5glpokedwal@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180626123154.unjji5glpokedwal@treble> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Josh Poimboeuf wrote: > > So that's still incomplete in that doesn't analyze the 32-bit build yet, right? > > We could do INT3s on 64-bit and NOPs on 32-bit. > > Or, possibly even better, we could just keep NOPs everywhere and instead > make objtool smart enough to detect function fallthroughs. That should > be pretty easy, actually. It already does it for C files. > > Something like the below should work, though it's still got a few > issues: > > a) objtool is currently disabled for crypto code because it doesn't > yet understand crypto stack re-alignments (which really needs > fixing anyway); and > > b) it complains about the blank xen hypercalls falling through. Those > aren't actual functions anyway, so we should probably annotate > those somehow so that objtool ignores them anyway. > > I'm a bit swamped at the moment but I can fix those once I get a little > more bandwidth. I at least verified that this patch caught the crypto > missing RETs. Great, I'd be perfectly fine with such an approach. Also, if we have that then we could re-apply Alexey's patch and switch to INT3 (only on 64-bit kernels) without any trouble, because objtool should detect any execution flow bugs before the INT3 could trigger, right? I.e. any INT3 fault would show a combination of *both* an objtool bug and a probable code flow bug - which I suspect would warrant crashing the box ... Thanks, Ingo