On 14.09.22 18:21, Bill Wendling wrote:
The ZERO_CALL_USED_REGS feature may zero out caller-saved registers before returning. However, alternate code may call this function without first saving %[re]di, because the proper clobbers aren't taken into account.This shows up in spurious_kernel_fault() where the "pte_offset_kernel()" call results in this assembly code: .Ltmp151: #APP # ALT: oldnstr .Ltmp152: .Ltmp153: .Ltmp154: .section .discard.retpoline_safe,"",@progbits .quad .Ltmp154 .text callq *pv_ops+536(%rip) .Ltmp155: .section .parainstructions,"a",@progbits .p2align 3, 0x0 .quad .Ltmp153 .byte 67 .byte .Ltmp155-.Ltmp153 .short 1 .text .Ltmp156: # ALT: padding .zero (-(((.Ltmp157-.Ltmp158)-(.Ltmp156-.Ltmp152))>0))*((.Ltmp157-.Ltmp158)-(.Ltmp156-.Ltmp152)),144 .Ltmp159: .section .altinstructions,"a",@progbits .Ltmp160: .long .Ltmp152-.Ltmp160 .Ltmp161: .long .Ltmp158-.Ltmp161 .short 33040 .byte .Ltmp159-.Ltmp152 .byte .Ltmp157-.Ltmp158 .text .section .altinstr_replacement,"ax",@progbits # ALT: replacement 1 .Ltmp158: movq %rdi, %rax .Ltmp157: .text #NO_APP .Ltmp162: testb $-128, %dil The %dil register was zeroed out by the call to "*pv_ops+536(%rip)". In general, the _paravirt_ident_64() function appears like it shouldn't have any instrumentation or other modifications applied to it. Thus just write it in assembly to avoid having to continually modify it whenever a new feature comes along. Link: https://github.com/KSPP/linux/issues/192 Cc: Kees Cook <keesc...@chromium.org> Cc: Nick Desaulniers <ndesaulni...@google.com> Cc: Juergen Gross <jgr...@suse.com> Cc: "Srivatsa S. Bhat (VMware)" <sriva...@csail.mit.edu> Cc: Alexey Makhalov <amakha...@vmware.com> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: Borislav Petkov <b...@alien8.de> Cc: Dave Hansen <dave.han...@linux.intel.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: VMware PV-Drivers Reviewers <pv-driv...@vmware.com> Cc: x...@kernel.org Cc: virtualization@lists.linux-foundation.org Cc: linux-ker...@vger.kernel.org Cc: l...@lists.linux.dev Signed-off-by: Bill Wendling <mo...@google.com> Suggested-by: Peter Zijlstra <pet...@infradead.org> Reported-and-tested-by: Nathan Chancellor <nat...@kernel.org>
Reviewed-by: Juergen Gross <jgr...@suse.com> Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
