Received: by 2002:a05:7412:2a8a:b0:fc:a2b0:25d7 with SMTP id u10csp469166rdh; Wed, 7 Feb 2024 09:50:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IE6Oo++Zua/Nt4RRi7G06bSV378juR92TkN78al2j8JtqLssyzXT+GtFYJqnw2PKxOw+EJt X-Received: by 2002:a25:dc12:0:b0:dc6:bbeb:d889 with SMTP id y18-20020a25dc12000000b00dc6bbebd889mr5335205ybe.52.1707328251845; Wed, 07 Feb 2024 09:50:51 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707328251; cv=pass; d=google.com; s=arc-20160816; b=eQTX5dgy8KaP5lgZfn3hJqpyLlO/wpuCGOJY5eWIIL1kE9JXUGq0K9ZknogF+HEVA2 Y18xEaplbAWhh2XgBLzxhk/jkVepNwOx+2+xN8xSDh/0xM9ynvGgVw1gxWM6WcytxzFo 01KPSsFENjUzotyilZ0GyR8qvUsNrhULun7WNgUXq0jUN8mI8k16fXChZ+fQDXCo0oIN 0VlJuR9P0OOr+FHEhjeOCH/Atg1hq89nmORzHWdN7IPaax95t95AMsekGf/71jIi1+yi 7TKgoZMxGzm6DuVhpUheblxpiQ+Y6b76xtSxncu/bjYmBlkE5dvslGoQMj0BRJEwS//f DtxQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=uA4tYk8lGdIbIjql7BpAuuKnNlgnuIusL7kKDVh5p7I=; fh=5tr/CdAZ+DzN83vUOoerTChpIwyk7QVW2ui2qA7GR5A=; b=ht1ghfpX8jvqqrATWMR3QgutIg5VI1WV06B9374jl1+Zy6jjmtmECtpnIwJQgwWwXf h/Olgh4KyGbE4AHDC44GluTVWqumqjyfgjnL6zu8bLqqK6SbHCsGjrej/wPWhpXbsHzs kU7oTMbWxTnQB0oVySglI5tg7PGX6kqGomqIamWWHrvLuk9akKdVJ/BeY4yYbHMCIGaq 7pkHmItUF3FFTzcEDTPK/YCJMIO7p9wjh8OWNJsWXd6j0+D6kcitEm/F057MAcOINFl/ Q6CTGOVnALuJbsMKbzfK+jGlVOnL0+50t3ZnLGLXf5j9kryFNY8gTsBL+4ZiVLw+EVhm yRUw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KdFmysLt; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-56847-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56847-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=2; AJvYcCWP7qyQ5p9UIJDIwSL8gvX1uZTbtlxeNdhTGxjPkkbSliJRheQ6dg0YVeI052U3phlvwDxRFWMA2aA0wDu8rWxwEXExCSh8nNAY2y8R4Q== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id k3-20020a05620a414300b00783ff74583bsi1731821qko.123.2024.02.07.09.50.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 09:50:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56847-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KdFmysLt; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-56847-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56847-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 8C2A21C26A46 for ; Wed, 7 Feb 2024 17:50:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9AF678289F; Wed, 7 Feb 2024 17:50:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KdFmysLt" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B9BDD8289E; Wed, 7 Feb 2024 17:50:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328212; cv=none; b=Jv19meBGRiTpdAOCwW2X+6J+kQyIhKREPnXi09u2GToq+ymxegFG5QqtjqyKKuX/Je/1UV+L73k77FP3PDAQ9jk/tdnBVO41nU2Ld0BF8RaY4krfqJsyWXp9RBvP30uV9Fk9ZcOUulHwByCv5zw63wra0QowT3PYZXuZ+Qu2vnc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328212; c=relaxed/simple; bh=e4OieDXugUbycX0Ukl/FK2SvO3wPox5ygphY9IQdy/4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=blNZlXRwM2/DiD7hydoab/BmbCrOiQCLDl+NFw7ckHvK2F5wKeafK/7cP7eeTIS6plDS98O6kQTuYLiidbwKW7AgTXzkoI2e6D7t70J/FoEuUgk4pgQyn5W6A+KVTssKc9vcSJLaGBfuUqfqIWVV/mi8BNfheWJa7JiTdMWDCXY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=KdFmysLt; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id E368EC433C7; Wed, 7 Feb 2024 17:50:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707328212; bh=e4OieDXugUbycX0Ukl/FK2SvO3wPox5ygphY9IQdy/4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=KdFmysLtNzkVSD8/E229C6W3BqAH5WboXvD96/8v0jsedBQZr102argp5QPRMjahr b17lBPt368dUPwiqTjoWl1rFoxOqx7dRoABFCifJmdrooCoIvmEXHII2wdo62JTKwo wavUmgfp8nR6zMhSH3gswUsfLPZkwLk/gRwA0wuGpKRvfjRXSc0AlqpV97uLO5hLkT ZSWWCOKVvStHIVBRl0IKv1XVOEE6Dt6EJH2me95p54P52vrmetKPIO8niywgIz2O/f u+GlpwOyyzlYVISMI29/ihAhfaJM2elSfmn6DeUkg19OyQ/JpT11c/anp3KIEeyTzs NQw/U52wn+bLQ== Date: Wed, 7 Feb 2024 09:50:10 -0800 From: Josh Poimboeuf To: Borislav Petkov Cc: "Kaplan, David" , Ingo Molnar , "linux-kernel@vger.kernel.org" , "linux-tip-commits@vger.kernel.org" , "Peter Zijlstra (Intel)" , "x86@kernel.org" , David Howells Subject: Re: [PATCH -v2] x86/retpoline: Ensure default return thunk isn't used at runtime Message-ID: <20240207175010.nrr34b2pp3ewe3ga@treble> References: <20231019065928.mrvhtfaya22p2uzw@treble> <20231019141514.GCZTE58qPOvcJCiBp3@fat_crate.local> <20231019143951.GEZTE/t/wECKBxMSjl@fat_crate.local> <20231019152051.4u5xwhopbdisy6zl@treble> <20231024201913.GHZTgmwf6QMkX8BGbo@fat_crate.local> <20240103184656.GEZZWroPmHLJuP6y5H@fat_crate.local> <20240104131210.GDZZauqoeKoZGpYwDd@fat_crate.local> <20240104132446.GEZZaxnrIgIyat0pqf@fat_crate.local> <20240104132623.GFZZax/wyf5Y3rMX5G@fat_crate.local> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20240104132623.GFZZax/wyf5Y3rMX5G@fat_crate.local> On Thu, Jan 04, 2024 at 02:26:23PM +0100, Borislav Petkov wrote: > On Thu, Jan 04, 2024 at 02:24:46PM +0100, Borislav Petkov wrote: > > +void __warn_thunk(void) > > +{ > > + pr_warn_once("\n"); > > + pr_warn_once("**********************************************************\n"); > > + pr_warn_once("** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **\n"); > > + pr_warn_once("** **\n"); > > + pr_warn_once("** Unpatched return thunk in use. This should not **\n"); > > + pr_warn_once("** happen on a production kernel. Please report this **\n"); > > + pr_warn_once("** to x86@kernel.org. **\n"); > > I'm not yet sure here whether this should say "upstream kernels" because > otherwise we'll get a bunch of distro or whatnot downstream kernels > reports where we can't really do anything about... > > Hmmm. At the very least, the dump_stack() should be a WARN_ON_ONCE(). Otherwise this is actually *more* likely to be ignored since automated tools don't have a way to catch it: no taint, no "WARNING" string, no panic_on_warn, etc. But also, I'm not a fan of the banner. A warning is enough IMO. Many/most warnings can be "security" issues. A production server which ignores warnings/taints/etc would be a much bigger problem. And as you say, there are many frankenkernels out there and upstream doesn't want to be in the business of debugging them. -- Josh