Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp8123lqz; Fri, 29 Mar 2024 07:04:31 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWg6niIwbLkTPJn+h7ZRcDBdXESvGLGKtHPNrcSDvaCu/yxk6vykbGCyTlPTLZwVR59jxY8As65djkm4MR0FzLpnjcER7mGACWZ6jIsbg== X-Google-Smtp-Source: AGHT+IFDqTaqSD+mnLavYJvUOW9DJSaKRz5VdmWgnTorcy3hN++liBhjSRFYIW3NbIDh0qeK1t2I X-Received: by 2002:a05:6a20:2d89:b0:1a3:dc86:40b1 with SMTP id bf9-20020a056a202d8900b001a3dc8640b1mr1622010pzb.36.1711721070904; Fri, 29 Mar 2024 07:04:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711721070; cv=pass; d=google.com; s=arc-20160816; b=Wi5HL8W580adf5OPTQhAhsso0RrVjYWIQcBKq9HEPbveqG4j8PvD2GW9FXXcgP8vV/ Tpq+xw2/kvVrsIvkzQO14u82e0QW22jJGVP/8UgDLJf+goKrAZeel0qTOINMjSAwMl7p fgH9YDg4pqy74wSopGWGqxElVhlvRBiE/um7QZO3E9Lj1jRpWHVFGnNBRj/eQc+XAv0P kFtFxRju1JrhuMjkQNtnJyQDp0tSV1cqeNLj0rN/xskyf4rdyxvaV98/QzzJYe/nVtzW 66nP3tqUVc+Bb+rx91LtPm6VI2oCki1s3FX0K0z2qMd51rJSQc+84doy4KuKYRboS3cr zSGw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=0AHxgyEYIURkwVwNm9aKYViZWvybp8hCnBifPGyTqGg=; fh=rmNuHXsHfs5AdCIymxUjwI6zX0qRMbO9rIKXEsL1QUo=; b=wLNaZvSZDVN278ZNUJQ7aBwdH9TDkWBtW/7qY+mY6viWzfLjFfHqMrD4W8TZXbLsTZ isR73ksSPunr64/V8vMC+ZddXPBqv4gZQ32XA+Jgd513OCmVBwr0izGnHTLF9gkPcZGd PMUuVrGZeR1lu/04yDsHg8EEVIhs4zSpK2+fDcLK4umq9/03mb8ghCUsVNKSpsAW/hgE 9s9135IiFC/tiue7xC9O5gaqGwfne3BQw/yGyDUkA2u/ae49PaXMuETWv+CZq+gNnlKF r4kRtBJe/7A8j3lJyCOBZW7XTji5+Q3dr16zMPLanhfnTil8lMh9nrR2q4duj+xhzi5/ ln+A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Xn+lR7Xd; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-124756-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-124756-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id s4-20020a62e704000000b006e6a6d5846dsi3641817pfh.12.2024.03.29.07.04.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Mar 2024 07:04:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-124756-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Xn+lR7Xd; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-124756-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-124756-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 47467B26098 for ; Fri, 29 Mar 2024 13:43:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9073F17F367; Fri, 29 Mar 2024 12:41:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Xn+lR7Xd" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B4F2517EB95; Fri, 29 Mar 2024 12:41:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711716086; cv=none; b=ikSo7M+SsGU+u5p01xIFeUNilhlM7ajiP98AEuYORJKZw9r/fE9zFWkgi1FngShnzCUgR7/uaCzubP9/PEK+7yNp9r2iCzjLWwsZgYxbeQIsxhP+4WwWsjLXiH12AhV7wUUkhqESHY7PAAoYjozNjFg78ZZOb7WaB1iWuH9OlEE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711716086; c=relaxed/simple; bh=XWkniX1skEKP4mTzuIar8LWCn5vxSw8q1Y8+BUx3AOw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uHtwrIBwI47zo2vZFlhHH8Y6Vdr9f38cMBFHB7u8rJVlsc4B/ivW6adsJqxMJqXMt4b5BdNyKlfpVn3uVh6bLRybpTyl5rtm6aNmMHWeqeHkYhbODJ/PhMAO97wpS5as8RNIZqLfw+pXLvXdTuL0IQlXFj3Wqb8lWPQacl8auJo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Xn+lR7Xd; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37733C433F1; Fri, 29 Mar 2024 12:41:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711716085; bh=XWkniX1skEKP4mTzuIar8LWCn5vxSw8q1Y8+BUx3AOw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Xn+lR7XdOMIfZzF73TgsTx+TluFItbtHp5rT6A5DC7TRUCPNqz2OljcoqI3Y+QNr0 TuqIr2R/Hp5Bh868pJnGMB6h51YuLZt5TkA1kHgj9OgILJloeukFZr8P9GQsJr73jf opzQW21Aq7iXXC2QyPpi0H/E9oiEPd4Y0KYfBNd3LQdbQ9+Et+D4GbexkI6Twz5iot n1xvpWTyWDZgC/d369ayWcWoiD7z9ZyzG8gcLSkpwLfur5/cX6zxxDKQZmEYSFr4Uc LB1V4heYDyfj0ZostI8SUGshV7/bKNc8O49DtLWO6FKW2durZyU6Um1aSWtqcGf1Hg y2/LboB0Q64DA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Josh Poimboeuf , Nathan Chancellor , Borislav Petkov , Sasha Levin , luto@kernel.org, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org Subject: [PATCH AUTOSEL 6.8 47/98] x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o Date: Fri, 29 Mar 2024 08:37:18 -0400 Message-ID: <20240329123919.3087149-47-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240329123919.3087149-1-sashal@kernel.org> References: <20240329123919.3087149-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.8.2 Content-Transfer-Encoding: 8bit From: Josh Poimboeuf [ Upstream commit b388e57d4628eb22782bdad4cd5b83ca87a1b7c9 ] For CONFIG_RETHUNK kernels, objtool annotates all the function return sites so they can be patched during boot. By design, after apply_returns() is called, all tail-calls to the compiler-generated default return thunk (__x86_return_thunk) should be patched out and replaced with whatever's needed for any mitigations (or lack thereof). The commit 4461438a8405 ("x86/retpoline: Ensure default return thunk isn't used at runtime") adds a runtime check and a WARN_ONCE() if the default return thunk ever gets executed after alternatives have been applied. This warning is a sanity check to make sure objtool and apply_returns() are doing their job. As Nathan reported, that check found something: Unpatched return thunk in use. This should not happen! WARNING: CPU: 0 PID: 1 at arch/x86/kernel/cpu/bugs.c:2856 __warn_thunk+0x27/0x40 RIP: 0010:__warn_thunk+0x27/0x40 Call Trace: ? show_regs ? __warn ? __warn_thunk ? report_bug ? console_unlock ? handle_bug ? exc_invalid_op ? asm_exc_invalid_op ? ia32_binfmt_init ? __warn_thunk warn_thunk_thunk do_one_initcall kernel_init_freeable ? __pfx_kernel_init kernel_init ret_from_fork ? __pfx_kernel_init ret_from_fork_asm Boris debugged to find that the unpatched return site was in init_vdso_image_64(), and its translation unit wasn't being analyzed by objtool, so it never got annotated. So it got ignored by apply_returns(). This is only a minor issue, as this function is only called during boot. Still, objtool needs full visibility to the kernel. Fix it by enabling objtool on vdso-image-{32,64}.o. Note this problem can only be seen with !CONFIG_X86_KERNEL_IBT, as that requires objtool to run individually on all translation units rather on vmlinux.o. [ bp: Massage commit message. ] Reported-by: Nathan Chancellor Signed-off-by: Josh Poimboeuf Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20240215032049.GA3944823@dev-arch.thelio-3990X Signed-off-by: Sasha Levin --- arch/x86/entry/vdso/Makefile | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index b1b8dd1608f7e..4ee59121b9053 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -34,8 +34,12 @@ obj-y += vma.o extable.o KASAN_SANITIZE_vma.o := y UBSAN_SANITIZE_vma.o := y KCSAN_SANITIZE_vma.o := y -OBJECT_FILES_NON_STANDARD_vma.o := n -OBJECT_FILES_NON_STANDARD_extable.o := n + +OBJECT_FILES_NON_STANDARD_extable.o := n +OBJECT_FILES_NON_STANDARD_vdso-image-32.o := n +OBJECT_FILES_NON_STANDARD_vdso-image-64.o := n +OBJECT_FILES_NON_STANDARD_vdso32-setup.o := n +OBJECT_FILES_NON_STANDARD_vma.o := n # vDSO images to build vdso_img-$(VDSO64-y) += 64 @@ -43,7 +47,6 @@ vdso_img-$(VDSOX32-y) += x32 vdso_img-$(VDSO32-y) += 32 obj-$(VDSO32-y) += vdso32-setup.o -OBJECT_FILES_NON_STANDARD_vdso32-setup.o := n vobjs := $(foreach F,$(vobjs-y),$(obj)/$F) vobjs32 := $(foreach F,$(vobjs32-y),$(obj)/$F) -- 2.43.0