Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp3228959lqo;
        Wed, 15 May 2024 03:48:21 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVcERNRUGu31xkRL0TxZmfW+Ryph90l/WvK51wgYDLSYhZCcxpaCQXU0jdR+QMl7L+BAaHOr4QgLxM2z39zAhyJIe4hMBpkTU8Ja8uPVQ==
X-Google-Smtp-Source: AGHT+IFi6K2o7l1faKEF9MtwLAWtjJrnrSJtY2h27goBLj3TAsmylyrQK64eOKqZpXyLElVRpjOa
X-Received: by 2002:a25:744d:0:b0:de5:ad49:3e2b with SMTP id 3f1490d57ef6-dee4f36322fmr19002907276.37.1715770101373;
        Wed, 15 May 2024 03:48:21 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715770101; cv=pass;
        d=google.com; s=arc-20160816;
        b=F8ZSSPnQmDZ3t31H84kIV/AQDnx4SVanc3O04Wbrua9aB+SskzTxKRTZnlZ+snLj5Q
         vw6e3gf2izFDZbCpyIrvRw+19kBzviKjycGyw6QOyue6hU1y59aWibjsBkwENyIwFemD
         F3ByISMT817B1pQQiho30DqMPvV3VhsiwDSHzz4+uSMOifIOIbzpFmkVvMBIrdZUpPwZ
         ZFMznzuKDDPtpdqBYK7xKiqjfRdelgTZP68h/AwIgYX1z8X4Lx+XLvj0eczLz0e+rpY2
         8N12i0M+1Jxyd6P60eN3AET3DjxrVZfR/pyo2v5c4Lf1xN8KywPm5+knrLTIUHhhfnwk
         GjYg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=2Lqkav7XMqTy6nvNC4DkG2VGjWW36r/2wHNthCuTJtM=;
        fh=b+GcvI4Pcayc3mqYGvUYD/O2AEP50jeeZwnwIXNAGVQ=;
        b=SR4WVT21HxqGyLhUtNiP35Cj4bmVCWQ0ZXSl9AJYT0ZlmyfIXT4Hz/DHlZRCfmUhBb
         VPr2kGRlY31A0AnxBlRumrejTb3vp+08KrAM7kllBmEj1IxemD4k2YZq7XM7+VGInyL/
         tdjAsMhWmS9i35gMww0NnUWKwCc4CRgKkU0MbwNlOJ27EP/dwEqiJvpwkEPCvdysbtmo
         3XnIkgDVz7G2kC5jcTJhuER27hfnbWR/a87v7xm/fKWE3mseDLC5bS/HpK4LYV4NUbFb
         QCYzokqOn+LLWgXc1YbrWCRorQ82gp5WuLIiTuqnb1DHCoqhmvyPuPh7TKCAp1ABUnDH
         mXqw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sQT08CTq;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-179775-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179775-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-179775-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id 6a1803df08f44-6a15f2f6e39si142894806d6.526.2024.05.15.03.48.21
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 15 May 2024 03:48:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-179775-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sQT08CTq;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-179775-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179775-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 1F3041C22018
	for <linux.lists.archive@gmail.com>; Wed, 15 May 2024 10:48:21 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 2E733604DD;
	Wed, 15 May 2024 10:48:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="sQT08CTq"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 584E45EE82
	for <linux-kernel@vger.kernel.org>; Wed, 15 May 2024 10:48:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715770090; cv=none; b=DeoA1zeJDBJQ4CL9b2PDJekZz5XYirMjW0wKUX/b8PZP/ftMWKxpelLoSgo2QyzwbS6mYGFBr7q0uSDTuxAKyvxvwUs1DDDlUjB7amNAGhFrxcpFg4/l7Rr/MRkE3cKXF/fTUM9VvcrD0Jfqi+7RnBKfYWfAfKH3UJHm3O1jgsA=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715770090; c=relaxed/simple;
	bh=cJsCowm24pHU8O1Fj+KfzZ3M0w4ZHFAvFQxKmt/ilis=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=XAqtuhrKlWliaZ6wsLPlxFretAbuEJV//ca58VbRLyf/D4y3TLjuUtnkBHUMYUnfryg/5uTD1gZUDMnJt/WXorHnjOLS4XFLJs17cEWNmpSNK3DSjeCGxlknQCI8Bn53zeeK8EqMtaQ2GTw9ermuuUngYLlY8+ydnoZRxkJ54ZY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=sQT08CTq; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0A841C116B1;
	Wed, 15 May 2024 10:48:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1715770089;
	bh=cJsCowm24pHU8O1Fj+KfzZ3M0w4ZHFAvFQxKmt/ilis=;
	h=From:To:Cc:Subject:Date:From;
	b=sQT08CTqIYH+H4EsDlEn0mNKQDSEKAS/oLggFTe8dzi3ll/zUsyfBoJ7HRJzVsbfD
	 mf5xiwoh0ROAJlpJOyNOqK9di8Q4olb4pdssrlJE0J7Ok7DL8m4ZJh2qDPcLPOhg9b
	 CUNgh9GOS6jNxkwSiGeAS4GvBH5Qzb9Z+3jJclGlPY1DEwiawHYaNtvcI3bWjZifUg
	 OoSuzETViJWo0Lawk8pdY+ZGasMdBP8jQxoSOhM9eCYVwPaVUyMCRsabMwD8uKR3Yb
	 B+saqmtTtLzqsJkDjdUFijKsUitAxLgcYit/A5ftD7A3y1HBP06ltfscmD3e8O5nXu
	 nMM5VSwOa8jug==
From: Borislav Petkov <bp@kernel.org>
To: X86 ML <x86@kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
	"Borislav Petkov (AMD)" <bp@alien8.de>
Subject: [PATCH] x86/alternative: Use the correct length when optimizing NOPs
Date: Wed, 15 May 2024 12:48:04 +0200
Message-ID: <20240515104804.32004-1-bp@kernel.org>
X-Mailer: git-send-email 2.43.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: "Borislav Petkov (AMD)" <bp@alien8.de>

Commit in Fixes moved the optimize_nops() call inside apply_relocation()
and made it a second optimization pass after the relocations have been
done.

Since optimize_nops() works only on NOPs, that is fine and it'll simply
jump over instructions which are not NOPs.

However, it made that call with repl_len as the buffer length to
optimize.

However, it can happen that there are alternatives calls like this one:

  alternative("mfence; lfence", "", ALT_NOT(X86_FEATURE_APIC_MSRS_FENCE));

where the replacement length is 0. And using repl_len is wrong because
apply_alternatives() expands the buffer size to the length of the source
insn that is being patched, by padding it with one-byte NOPs:

	for (; insn_buff_sz < a->instrlen; insn_buff_sz++)
		insn_buff[insn_buff_sz] = 0x90;

Long story short: pass the length of the original instruction(s) as the
length of the temporary buffer which to optimize.

Result:

  SMP alternatives: feat: 11*32+27, old: (lapic_next_deadline+0x9/0x50 (ffffffff81061829) len: 6), repl: (ffffffff89b1cc60, len: 0) flags: 0x1
  SMP alternatives: ffffffff81061829:   old_insn: 0f ae f0 0f ae e8
  SMP alternatives: ffffffff81061829: final_insn: 90 90 90 90 90 90

=>

  SMP alternatives: feat: 11*32+27, old: (lapic_next_deadline+0x9/0x50 (ffffffff81061839) len: 6), repl: (ffffffff89b1cc60, len: 0) flags: 0x1
  SMP alternatives: ffffffff81061839: [0:6) optimized NOPs: 66 0f 1f 44 00 00
  SMP alternatives: ffffffff81061839:   old_insn: 0f ae f0 0f ae e8
  SMP alternatives: ffffffff81061839: final_insn: 66 0f 1f 44 00 00

Fixes: da8f9cf7e721 ("x86/alternatives: Get rid of __optimize_nops()")
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
---
 arch/x86/kernel/alternative.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 7555c15b7183..89de61243272 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -372,7 +372,7 @@ static void __apply_relocation(u8 *buf, const u8 * const instr, size_t instrlen,
 void apply_relocation(u8 *buf, const u8 * const instr, size_t instrlen, u8 *repl, size_t repl_len)
 {
 	__apply_relocation(buf, instr, instrlen, repl, repl_len);
-	optimize_nops(instr, buf, repl_len);
+	optimize_nops(instr, buf, instrlen);
 }
 
 /* Low-level backend functions usable from alternative code replacements. */
-- 
2.43.0