Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp2725784pxb; Mon, 19 Apr 2021 12:16:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzzYCf7dzGY/jsUt+zzBbZftGEKz7MKN7JPfEkW4BWxIWApIImbBimkb2FV2olqquT6Wbpy X-Received: by 2002:a05:6402:5111:: with SMTP id m17mr6839664edd.175.1618859818568; Mon, 19 Apr 2021 12:16:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618859818; cv=none; d=google.com; s=arc-20160816; b=wHpBSC1QaRZaflWphy/kr4smtevZDZ/3uHNldgpOGAW5BP9eg+NTPwbQ9fOfZGzuA/ XspbtS27EBzBOl7yUx/i7kFnN2ZigS+3kPat1AFcxwriISI1bjY0V/sQxEUz/73I9JYG VWBfVWN4ySXKmsv+WCjkKEBiq72XLiGMwsxHfuX0wDhPrfIC6IWZMWjrSQ4FO7pbiwfI /ALQ/JrXtTELcVlNMoYM9uzLxsM/6LcBj+m++cfJVhPHjvF/7CZy70J8dAUqYFLOA2S7 288DBw/E8YNxWYHcX7uNwXgN9ZlyiHjiRdwtp8Vdqeg06XFMpRm8wbpU1lnhAVovbYTB wFng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Tzb/+EbwYHLN4nxTuV4UKFwyv5D43rDbhLkuAljBUMc=; b=Xg25YPPlEmvKl3/vfeVxwEJ6q2soJ4I2M7ON2n3gfzZJaywsfjZCjIqEKssYkHke0c Di3cbRT5i7VSXiOydka8E/obSsKQmTJ1K4GNPIuVVWmGHO4MrbwqY8ImGtRRnGUfEnRw z22wGBVYQnuih1eCXnPRVCtm2qgVvz7Uwl/QMvRc0OFx+yZgO98Dwy6JAEfzEToDvu+X GuyLbmE62odFt/xDWPQI7vgEntMR/KJuVs3pTEr8ch8w8+fqU8lBT2nd8hh4NCMVM4mc vNJqvqBMn8yKVzK4NtRVIo5pJ2Hjh4bZ1cadxy9Aaz1dnFVjYUsvohha6AhMheGQlfvv Pf6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="r/yqG7pU"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z19si12823854edr.283.2021.04.19.12.16.33; Mon, 19 Apr 2021 12:16:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="r/yqG7pU"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240062AbhDSP1Y (ORCPT + 99 others); Mon, 19 Apr 2021 11:27:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59232 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233733AbhDSP1T (ORCPT ); Mon, 19 Apr 2021 11:27:19 -0400 Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C397C061761 for ; Mon, 19 Apr 2021 08:26:48 -0700 (PDT) Received: by mail-yb1-xb2d.google.com with SMTP id c195so39197455ybf.9 for ; Mon, 19 Apr 2021 08:26:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Tzb/+EbwYHLN4nxTuV4UKFwyv5D43rDbhLkuAljBUMc=; b=r/yqG7pUEvuWmvwcAN+ZsOp88DSLN5Szqm7c64htgXhv6NnxyzEj31HM+u8SeAPgxF Y3r8QWzKV85aBZzq3d4zwsejv01NJ980SfWWo93Znlm+wDcPHK4fYNHX8KG0tokTGDEq tsPfZCbSk4okWCvn7fvayQ9bXEk1NgKsAFzIrzSPQh/T3BEbPvrDgNgp9lZLYe5rW7cs AOtvee6E4GE6+V6CSsKklT8e8dt9F8gBjgl6iPN8D7of6i5t7/jI6tSrbQtkCBnbKR3m 6XYn7QLBY+xZo6fTmCigBgcZGIkuuYsB2gMPoIrVR3dlLslNjf8q2TiVtHmCRJ2i7D+E HjIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Tzb/+EbwYHLN4nxTuV4UKFwyv5D43rDbhLkuAljBUMc=; b=n2x6XLB5bSFyGz+Z1u3Sf3vzJF7LHypPmR5IrEDUlzNskq7/XGo74A2T4nJfo1MFzE nM3rf8g6yO9oRAuWUmigZfHV55Vz+tQw7hJEpDhJ99voOQ/HJebriWoCdzMA9Ee5XcFw f3CMLvxjIsDMkBopMOOAaiyOpDy8Xq9ljjfuPSdss3AAnQKBynEd06GFd8+6htslm3ME 05na9kYmGRgcLaWTUUs0en9AMptLPbgGOfwYfHuHP1G2rkTMxO8NUyv+5gwWrrsgeAEJ oWGQ5+AKc2M+VanskOLL8VlB+9c2BDaEZ8Jthzgy/aI3LNKBP1BsjQ9DPuUu2d/DzlRb oA2Q== X-Gm-Message-State: AOAM532AqgVh6T2xM51cOjcEcxN4nWewCDqNhjEkedYl5BGkLUKVK3is m/WMRcBjB7+gxs9h0MKS0ONlOMAa3nnzXYk+gjZ110rw6XM= X-Received: by 2002:a25:ba06:: with SMTP id t6mr10459679ybg.459.1618846007267; Mon, 19 Apr 2021 08:26:47 -0700 (PDT) MIME-Version: 1.0 References: <20210416203844.3803177-1-samitolvanen@google.com> <20210416203844.3803177-10-samitolvanen@google.com> In-Reply-To: From: Sami Tolvanen Date: Mon, 19 Apr 2021 08:26:36 -0700 Message-ID: Subject: Re: [PATCH 09/15] x86/alternatives: Use C int3 selftest but disable KASAN To: Peter Zijlstra Cc: X86 ML , Kees Cook , Josh Poimboeuf , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , linux-hardening@vger.kernel.org, LKML , clang-built-linux Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 17, 2021 at 4:37 AM Peter Zijlstra wrote: > > On Fri, Apr 16, 2021 at 01:38:38PM -0700, Sami Tolvanen wrote: > > From: Kees Cook > > > > Instead of using inline asm for the int3 selftest (which confuses the > > Clang's ThinLTO pass), this restores the C function but disables KASAN > > (and tracing for good measure) to keep the things simple and avoid > > unexpected side-effects. This attempts to keep the fix from commit > > ecc606103837 ("x86/alternatives: Fix int3_emulate_call() selftest stack > > corruption") without using inline asm. > > > > Signed-off-by: Kees Cook > > Signed-off-by: Sami Tolvanen > > --- > > arch/x86/kernel/alternative.c | 21 ++++----------------- > > 1 file changed, 4 insertions(+), 17 deletions(-) > > > > diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c > > index 6974b5174495..669a23454c09 100644 > > --- a/arch/x86/kernel/alternative.c > > +++ b/arch/x86/kernel/alternative.c > > @@ -496,23 +496,10 @@ extern struct paravirt_patch_site __start_parainstructions[], > > * > > * See entry_{32,64}.S for more details. > > */ > > - > > -/* > > - * We define the int3_magic() function in assembly to control the calling > > - * convention such that we can 'call' it from assembly. > > - */ > > - > > -extern void int3_magic(unsigned int *ptr); /* defined in asm */ > > - > > -asm ( > > -" .pushsection .init.text, \"ax\", @progbits\n" > > -" .type int3_magic, @function\n" > > -"int3_magic:\n" > > -" movl $1, (%" _ASM_ARG1 ")\n" > > -" ret\n" > > -" .size int3_magic, .-int3_magic\n" > > -" .popsection\n" > > -); > > +static void __init __no_sanitize_address notrace int3_magic(unsigned int *ptr) > > +{ > > + *ptr = 1; > > +} > > I really don't like this. the compiler is free to mess this up in all > sorts of ways. > > The problem is that the call-site does not respect the regular calling > convention, so calling a regular C function is just asking for trouble, > which is why it ended up being asm, then we fully control the calling > convention. Ack. The problem here is that we can't declare an extern static function in C. How would you feel about making int3_magic a global instead to match the C declaration? Sami