Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp1900312rdb; Thu, 7 Dec 2023 11:49:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IHYPyJmXZDEKsicqFni5BwCgNoWFN9nn9lMdo0gDiUklMSBnbga8Kj9Qa6dtZZrm1sPFJHa X-Received: by 2002:a05:6a20:12d1:b0:18f:97c:4f3d with SMTP id v17-20020a056a2012d100b0018f097c4f3dmr2674651pzg.73.1701978587306; Thu, 07 Dec 2023 11:49:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701978587; cv=none; d=google.com; s=arc-20160816; b=ZWpqt8htc+cLjOUpRuLdgW+6sVof+qLHQm3J1x/scDYCr5Zw+vECm2/zovG/4KLqNM 7HykjuTVZBxfRCBgION3dzIJAvmtRejfBNd8Rpen0c6OQHPHI55mo2JJBl8D00umXt6m tw4/q+JngwElx9GxN6apihPAw2u1Sy7pQ/Fet4ahNs4fl2CS0oWl3YubiPT+U4VnCfZ6 7A72PCd0qPxUGgzjw8468nV8UXDkwQ0WT9IPGsR+R6zuoDYKjUI+xz8LkixGAzdwOZSb IEPmW65b3PBzjqzAd/At0/LoujUFLfAdZIulFovWAQHN6+kalDhfOdtukGiOkb11Ix1Z qQmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:date:mime-version:references:subject:cc:to:from :dkim-signature:dkim-signature:message-id; bh=RL2aUGa/0fCGlOcvBTwpDBVET2p1h9g7vOOa31RMm2Y=; fh=iQBOC5HVyus0b41mc/Weh4hpK24C07Y2JSu5HNseJ0A=; b=mgXwBPD+Gtw2KUHv1e3qisbJuQ1c4dszgFRKFacSSjGh5P2nA2uUuFXANK0RcpAWJw /iMZoqEqBbUkHjAQ+zJTNfPpV65dLoVa0DpzX5cfsuTFgsA+5Hy05LlMkpfRCbMH433+ Wf0Sdn6ZuLyJB8EZ4LlWV7kNswaRwZ7I/zeMWU7jqB6bxWJYauWn2OOLO69YT+tc73fh VMGer9X8vltE6hbsZpcsSXPeeGPpyBvJ+rz8Risku0jpdvdPav3d3LagSg7kjQGxBcJp r7Jiyz1+KriSz7c+23/XUeqXtXSX/jINpg6oT5iWM8mmqrD2S1FTM5VLIrOvAvVcsZYU I3TQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=iMm66hHY; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id b12-20020a63eb4c000000b005be1ee5be76si196745pgk.373.2023.12.07.11.49.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Dec 2023 11:49:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=iMm66hHY; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id F33128026A23; Thu, 7 Dec 2023 11:49:43 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1443850AbjLGTtW (ORCPT + 99 others); Thu, 7 Dec 2023 14:49:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1443836AbjLGTtV (ORCPT ); Thu, 7 Dec 2023 14:49:21 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CFEF3A5 for ; Thu, 7 Dec 2023 11:49:27 -0800 (PST) Message-ID: <20231207194518.401797191@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1701978566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=RL2aUGa/0fCGlOcvBTwpDBVET2p1h9g7vOOa31RMm2Y=; b=iMm66hHYutaHMZyNgXhZ+NUJJ/Q84XYfn6Kdy3ZYQnR8hI70r+14JU6bBNynwg+T1HAehy Xjy+uX8uiTVEdDhc0IsVFTLYnKs+8QCKm5AAXVErIFz/f6pAL+UB7CkUv36lstLqMTNljO XDp4EdqqZHcson9iolfqCMn/jOQONsgXDqrQnihAAaKj7p5czEuyUJkdzLvQ7blDBWg8tt ej0/0NDse/jLOEzrerfH31NAYipIkJCWkuN3hVKQXHnutv4mSs9aP1rbLtgq3SC3QZ5ijA eBfLrvDUVZo0P2slpBUBq0V6UIb1ed6jJB68Zp9oRI0ucMF7yxvCsEt0T2O+Xg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1701978566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=RL2aUGa/0fCGlOcvBTwpDBVET2p1h9g7vOOa31RMm2Y=; b=910XjksgkcPwpDkvhFYaJHImSqHEk5thdypIC3+GOs+1Ypp17Be4ufGHHbhbLYiyqupVsa peopkJzCMCArp/Aw== From: Thomas Gleixner To: LKML Cc: paul.gortmaker@windriver.com, x86@kernel.org, regressions@leemhuis.info, richard.purdie@linuxfoundation.org, regressions@lists.linux.dev Subject: [patch 2/2] x86/alternatives: Disable interrupts and sync when optimizing NOPs in place References: <0adb772c-e8d2-4444-92b0-00cbfdaf1fac@leemhuis.info> <87r0k9ym0y.ffs@tglx> <20231207193859.961361261@linutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Date: Thu, 7 Dec 2023 20:49:26 +0100 (CET) X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 07 Dec 2023 11:49:44 -0800 (PST) apply_alternatives() treats alternatives with the ALT_FLAG_NOT flag set special as it optimizes the existing NOPs in place. Unfortunately this happens with interrupts enabled and does not provide any form of core synchronization. So an interrupt hitting in the middle of the update and using the affected code path will observe a half updated NOP and crash and burn. The following 3 NOP sequence was observed to expose this crash halfways reliably under QEMU 32bit: 0x90 0x90 0x90 which is replaced by the optimized 3 byte NOP: 0x8d 0x76 0x00 So an interrupt can observe: 1) 0x90 0x90 0x90 nop nop nop 2) 0x8d 0x90 0x90 undefined 3) 0x8d 0x76 0x90 lea -0x70(%esi),%esi 4) 0x8d 0x76 0x00 lea 0x0(%esi),%esi Where only #1 and #4 are true NOPs. The same problem exists for 64bit obviously. Disable interrupts around this NOP optimization and invoke sync_core() before reenabling them. Fixes: 270a69c4485d ("x86/alternative: Support relocations in alternatives") Reported-by: Paul Gortmaker Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org --- arch/x86/kernel/alternative.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -255,6 +255,16 @@ static void __init_or_module noinline op } } +static void __init_or_module noinline optimize_nops_inplace(u8 *instr, size_t len) +{ + unsigned long flags; + + local_irq_save(flags); + optimize_nops(instr, len); + sync_core(); + local_irq_restore(flags); +} + /* * In this context, "source" is where the instructions are placed in the * section .altinstr_replacement, for example during kernel build by the @@ -438,7 +448,7 @@ void __init_or_module noinline apply_alt * patch if feature is *NOT* present. */ if (!boot_cpu_has(a->cpuid) == !(a->flags & ALT_FLAG_NOT)) { - optimize_nops(instr, a->instrlen); + optimize_nops_inplace(instr, a->instrlen); continue; }