Received: by 2002:ab2:69cc:0:b0:1f4:be93:e15a with SMTP id n12csp1939696lqp; Tue, 16 Apr 2024 02:28:02 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWLTXesszURNdac9ij0k6zR+udxPvcFpLzV9enOzWOPtERKQ93ICAUiG5qqeK3oF5FrGuJ9ETERESTcpG421OFlgPu1Xp5CGAZ4i28cZA== X-Google-Smtp-Source: AGHT+IHxPaHomhDfdqobf8Bd6uc8FC3dYs3RhFxeGqJCy9n63UJy2DdicxsFK6ufF0GiF0g1azn6 X-Received: by 2002:a25:bf91:0:b0:dcd:26a8:7f84 with SMTP id l17-20020a25bf91000000b00dcd26a87f84mr11476903ybk.47.1713259682121; Tue, 16 Apr 2024 02:28:02 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713259682; cv=pass; d=google.com; s=arc-20160816; b=pBoQXwMk5StxfzcXUpWpdSw0K8GkwR7WQnJVC9Q8eRx2aVgN/beHuJc103U1JUm0q/ D43/MRYe/MjQOcWK88B/XV3yE4QmFjvzR0zLH8c71HlSesl1PAilMYKUHGeGrMBCXFsP pqjq4RDmJ+TwHwLuarTJt8ggEAQIEEaGwFtinDMaj+fN+kCkPbrEkwNOOw62AuiIHZqH eEdrAG8tlNkgJEBRXSoVtPcGW7cxSRTsBzHbMz2r7hgcHQMZnxLxEZu/m7zEX92IBrdQ 0ir9JabGN7hwJc8lhz/AWcZ+RK9a8UcNPRFMosSy87RseqL7+4VLxX8I3RxIBQjHK9+8 hv+A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=8Y8uKenNOZxlmm/X8snl55S6k/AV5BXbWcjDiM5WdoU=; fh=Cp35t7Uv5sB6SszipJIMbWknPoRZr+EMk8msccMwrX0=; b=Lcm6UuIwRwVzxyIrk9xH0MNOVsFsRrRfqg+omjCMNMfrlsrJg5cu0mv9o6gjAvJ4ko wTjgakJaLcGJYOX8OD0QLCJyn2FNGQVsoJokpPASxq5ETwbiYnwzG7RF7rOur1KSNyzt 1iPm0U343/H1qyt0y8T4aU3ne+j0EWgAWj4mf7C3aeMGL2980Odj92DqnDiv1+dJO/xQ 122DXPEC5l2Jeb8H9yNG8hrbPBagdfKizGg2857mCppPY1XvxqN41T7imTrj8uhrfv4O +vG6FhQXWHoe3qr8vYxSr3aJSW59Aj09d3fze1AcicY6Bkq1KhmvkGhCYf13MTgu3k1+ IaDQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=alien8.de dmarc=pass fromdomain=alien8.de); spf=pass (google.com: domain of linux-kernel+bounces-146554-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-146554-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id y7-20020ad457c7000000b006993d828d7fsi2349726qvx.259.2024.04.16.02.28.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 02:28:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-146554-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=alien8.de dmarc=pass fromdomain=alien8.de); spf=pass (google.com: domain of linux-kernel+bounces-146554-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-146554-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D495A1C2280C for ; Tue, 16 Apr 2024 09:27:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9AD138529D; Tue, 16 Apr 2024 09:27:47 +0000 (UTC) Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D429B85272; Tue, 16 Apr 2024 09:27:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713259667; cv=none; b=Z7Lqhx06CAIYPH3v7E6DPE6B5nPCLd57Fwe29SNXLrdFMYJt8umWe4uD4tLvv+bSMqKOh2JCIT/KBEIue4m7vZYCq4T0J5RoFXIp+SV6nPICv4Hk55bxL6vFGRlzp0SZnH47vFAIg7Fi7eRkHWPHWEzFSk0QOSbcpzaC3LEMc/Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713259667; c=relaxed/simple; bh=rl7/49N7v30krDSKR0so/zjNywMJUo2Pd9g6g4AOMFM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=gHOemicuxIqa+SgqFkj9X92mv18UbTTxDyQGjrNE7cXK8L5zDIm3tEbKdqZXG0SXVPWyehIfMMKvMhI1A1+h+mbwrDBcMx2GuDlooPd6o6ot/C8CQM+GB7asCbhsmxropoD4SVN2HMbO6ha6aL8o9LZ5JQRUnTmjhWm2rwPAUXc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 85AC540E024C; Tue, 16 Apr 2024 09:27:42 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UUDF4TFEKb9T; Tue, 16 Apr 2024 09:27:37 +0000 (UTC) Received: from zn.tnic (pd953020b.dip0.t-ipconnect.de [217.83.2.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 577B740E0177; Tue, 16 Apr 2024 09:27:27 +0000 (UTC) Date: Tue, 16 Apr 2024 11:27:20 +0200 From: Borislav Petkov To: Klara Modin Cc: Josh Poimboeuf , "Kaplan, David" , Ingo Molnar , "linux-kernel@vger.kernel.org" , "linux-tip-commits@vger.kernel.org" , "Peter Zijlstra (Intel)" , "x86@kernel.org" , David Howells Subject: Re: [PATCH -v2] x86/retpoline: Ensure default return thunk isn't used at runtime Message-ID: <20240416092720.GCZh5EeB3bPWVDBMoV@fat_crate.local> References: <20231024201913.GHZTgmwf6QMkX8BGbo@fat_crate.local> <20240103184656.GEZZWroPmHLJuP6y5H@fat_crate.local> <20240104131210.GDZZauqoeKoZGpYwDd@fat_crate.local> <20240104132446.GEZZaxnrIgIyat0pqf@fat_crate.local> <20240104132623.GFZZax/wyf5Y3rMX5G@fat_crate.local> <20240207175010.nrr34b2pp3ewe3ga@treble> <20240207185328.GEZcPRqPsNInRXyNMj@fat_crate.local> <20240207194919.qw4jk2ykadjn5d4e@treble> <20240212104348.GCZcn2ZPr445KUyQ7k@fat_crate.local> <78e0d19c-b77a-4169-a80f-2eef91f4a1d6@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <78e0d19c-b77a-4169-a80f-2eef91f4a1d6@gmail.com> On Wed, Apr 03, 2024 at 07:10:17PM +0200, Klara Modin wrote: > With this patch/commit, one of my machines (older P4 Xeon, 32-bit only) > hangs on boot with CONFIG_RETHUNK=y / CONFIG_MITIGATION_RETHUNK=y. Ok, this should fix it: --- From: "Borislav Petkov (AMD)" Date: Mon, 15 Apr 2024 18:15:43 +0200 Subject: [PATCH] x86/retpolines: Enable the default thunk warning only on relevant configs The using-default-thunk warning check makes sense only with configurations which actually enable the special return thunks. Otherwise, it fires on unrelated 32-bit configs on which the special return thunks won't even work (they're 64-bit only) and, what is more, those configs even go off into the weeds when booting in the alternatives patching code, leading to a dead machine. Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/78e0d19c-b77a-4169-a80f-2eef91f4a1d6@gmail.com Link: https://lore.kernel.org/r/20240413024956.488d474e@yea --- arch/x86/lib/retpoline.S | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index e674ccf720b9..391059b2c6fb 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -382,8 +382,15 @@ SYM_FUNC_END(call_depth_return_thunk) SYM_CODE_START(__x86_return_thunk) UNWIND_HINT_FUNC ANNOTATE_NOENDBR +#if defined(CONFIG_MITIGATION_UNRET_ENTRY) || \ + defined(CONFIG_MITIGATION_SRSO) || \ + defined(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) ALTERNATIVE __stringify(ANNOTATE_UNRET_SAFE; ret), \ "jmp warn_thunk_thunk", X86_FEATURE_ALWAYS +#else + ANNOTATE_UNRET_SAFE + ret +#endif int3 SYM_CODE_END(__x86_return_thunk) EXPORT_SYMBOL(__x86_return_thunk) -- 2.43.0 -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette