Received: by 2002:a05:6358:701b:b0:131:369:b2a3 with SMTP id 27csp334045rwo; Fri, 21 Jul 2023 12:37:05 -0700 (PDT) X-Google-Smtp-Source: APBJJlE4h25I+yju7Rd6jNg4Wp6XP4BhsOz1f3oZQ7b/Eo8zVX+1t9CF1ZeE4T4eSVABwF4IRl6b X-Received: by 2002:aa7:c2c4:0:b0:51e:227c:9492 with SMTP id m4-20020aa7c2c4000000b0051e227c9492mr2775084edp.20.1689968225508; Fri, 21 Jul 2023 12:37:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689968225; cv=none; d=google.com; s=arc-20160816; b=h8nweSWgUlT5toH2y03eqt28gT2pA805dPvelk3o1xqVysZwhcwhv/4eHjfLxznyPe OCok35md+gu75FJh0S1fgXPbVNexY73NMlnFqi5WHDIEREODwD6vNqZ955/xR4qHCpH4 eixC+eAj/LLMB6LIATER/VqEaDSgQpMtLIUYv2usHO5PmTshDQDlHnItjBG+ChnkHEa3 JoHBUrz6jLs179qjcXU+I3jzSg7IbSE9Rbus7EbKuVbqqVYn2gbiHNZfIvX9JXRb+u4n n42Wq/eHy6NMQ/5BHTS6CAkEQPIsyt9coD+rUTUbBjA0jLL0+10MHM2GMvoGlrecjo5K RwrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=dRVad3AdlNBuQFcE3VkpuVa4kjKo5sqvv2omBkEJAhk=; fh=TeqORPLm3FGc0vqPNkGoY2SLfJ7gW9rfduGlPJ+BCJA=; b=IHCargSBKZaqiDUa+nEkGH+j2OzBC2QhQJ3c19lN3ESCMcrNA2fcSV+zGCr8BjBCu1 bHtbR5x+mVr74Lj1l9Byqw3rV94eWGR/0ijR5pp+y5bsgwBopax/jp/PwInrSclkir93 /Q2dyJVvK+1R3mdnIXcMYYraAdYnGzJem9jvY1GkNAWUNy7Gheg0+nXwxZD0TfnZ6g8e O8RrgGi6Yd6q0LU8FgIK4Qw6AqlcIyNE44adLxDPxoJAsgD66Fjq52jf4Mwiq38hP0bA oC/+85WVIfxB63mb3e/CAFDCD5BqVwT0IwGx4jpoiDN8lfqcpKGEJpDrO8+NJg/MNtwu 0X7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=RICVyA8m; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dy25-20020a05640231f900b0051e26617526si2582894edb.347.2023.07.21.12.36.41; Fri, 21 Jul 2023 12:37:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=RICVyA8m; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231151AbjGUSuF (ORCPT + 99 others); Fri, 21 Jul 2023 14:50:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230149AbjGUSuD (ORCPT ); Fri, 21 Jul 2023 14:50:03 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3035530DB; Fri, 21 Jul 2023 11:50:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=dRVad3AdlNBuQFcE3VkpuVa4kjKo5sqvv2omBkEJAhk=; b=RICVyA8m/ElTSsoZyZAcWPzqpg NltaEFXLBwX3vHwLI8klmtRcEBIV3YKouDLDORAqNIIca4Jyb7P7ZytuVs60AnkRxThqqNXX3aMrS T71Jkwq5a4R3HNeABMHrJpHykLhSKEb/BA4ARSsvSppepe++3Bxo8eSKqMxPwFwKGpQlCCWTtYFF5 viu65DcntLnT/dEbnzS6xpQccS2ndNSkPwMXNg4RSvo0YvShFkHqt1JsKXgDn0utjMIr5tUSBy5ts OtU6jkC+cU94Ype7/Ju+8qEf67NRDJGjpQHtCZGY2ikiKJvWqbca01VreLYPpygwpGNlkFA95B8HD j4GodREg==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1qMvCD-001N7w-8w; Fri, 21 Jul 2023 18:49:45 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 47790300095; Fri, 21 Jul 2023 20:49:44 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 27EBD3157E621; Fri, 21 Jul 2023 20:49:44 +0200 (CEST) Date: Fri, 21 Jul 2023 20:49:44 +0200 From: Peter Zijlstra To: "Michael Kelley (LINUX)" Cc: KY Srinivasan , Haiyang Zhang , "wei.liu@kernel.org" , Dexuan Cui , "tglx@linutronix.de" , "mingo@redhat.com" , "bp@alien8.de" , "dave.hansen@linux.intel.com" , "hpa@zytor.com" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , "linux-hyperv@vger.kernel.org" , "stable@vger.kernel.org" Subject: Re: [PATCH 1/1] x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction Message-ID: <20230721184944.GP4253@hirez.programming.kicks-ass.net> References: <1689885237-32662-1-git-send-email-mikelley@microsoft.com> <20230720211553.GA3615208@hirez.programming.kicks-ass.net> <20230721075848.GA3630545@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 21, 2023 at 02:00:35PM +0000, Michael Kelley (LINUX) wrote: > > Well, we have a lot of infrastructure for this already. Specifically > > this is very like the paravirt patching. > > > > Also, direct calls are both faster and have less speculation issues, so > > it might still be worth looking at. > > > > The way to do something like this would be: > > > > > > asm volatile (" ANNOTATE_RETPOLINE_SAFE \n\t" > > "1: call *hv_hypercall_page \n\t" > > ".pushsection .hv_call_sites \n\t" > > ".long 1b - . \n\t" > > ".popsection \n\t"); > > > > > > And then (see alternative.c for many other examples): > > > > > > patch_hypercalls() > > { > > s32 *s; > > > > for (s = __hv_call_sites_begin; s < __hv_call_sites_end; s++) { > > void *addr = (void *)s + *s; > > struct insn insn; > > > > ret = insn_decode_kernel(&insn, addr); > > if (WARN_ON_ONCE(ret < 0)) > > continue; > > > > /* > > * indirect call: ff 15 disp32 > > * direct call: 2e e8 disp32 > > */ > > if (insn.length == 6 && > > insn.opcode.bytes[0] == 0xFF && > > X86_MODRM_REG(insn.modrm.bytes[0]) == 2) { > > > > /* verify it was calling hy_hypercall_page */ > > if (WARN_ON_ONCE(addr + 6 + insn.displacement.value != &hv_hypercall_page)) > > continue; > > > > /* > > * write a CS padded direct call -- assumes the > > * hypercall page is in the 2G immediate range > > * of the kernel text > > Probably not true -- the hypercall page has a vmalloc address. See module_alloc(), that uses vmalloc but constrains the address to stay within the 2G immediate address limit. > > */ > > addr[0] = 0x2e; /* CS prefix */ > > addr[1] = CALL_INSN_OPCODE; > > (s32 *)&Addr[2] = *hv_hypercall_page - (addr + 6); *(s32 *)... > > } > > } > > } > > > > > > See, easy :-) > > OK, worth looking into. This is a corner of the Linux kernel code that > I've never looked at before. I appreciate the pointers. No problem, I've been doing too much of this the past few years :-) > Hypercall sites also exist in loadable modules, so would need to hook > into module_finalize() as well. Processing a new section type looks > straightforward. Yep, > But altogether, this feels like more change than should go as a bug > fix to be backported to stable kernels. It's something to look at for a > future kernel release. Agreed!