Re: [tip: x86/bugs] x86/retpoline: Ensure default return thunk isn't used at runtime

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 15.02.24 г. 5:20 ч., Nathan Chancellor wrote:

On Mon, Feb 12, 2024 at 02:13:39PM -0000, tip-bot2 for Josh Poimboeuf wrote:

The following commit has been merged into the x86/bugs branch of tip:

Commit-ID:     4461438a8405e800f90e0e40409e5f3d07eed381
Gitweb:        https://git.kernel.org/tip/4461438a8405e800f90e0e40409e5f3d07eed381
Author:        Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
AuthorDate:    Wed, 03 Jan 2024 19:36:26 +01:00
Committer:     Borislav Petkov (AMD) <bp@xxxxxxxxx>
CommitterDate: Mon, 12 Feb 2024 11:42:15 +01:00

x86/retpoline: Ensure default return thunk isn't used at runtime

Make sure the default return thunk is not used after all return
instructions have been patched by the alternatives because the default
return thunk is insufficient when it comes to mitigating Retbleed or
SRSO.

Fix based on an earlier version by David Kaplan <david.kaplan@xxxxxxx>.

   [ bp: Fix the compilation error of warn_thunk_thunk being an invisible
         symbol, hoist thunk macro into calling.h ]

Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Co-developed-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
Link: https://lore.kernel.org/r/20231010171020.462211-4-david.kaplan@xxxxxxx
Link: https://lore.kernel.org/r/20240104132446.GEZZaxnrIgIyat0pqf@fat_crate.local


This warning is now getting triggered for me in some of my builds,
specifically from Alpine Linux's configuration. A minimal reproducer on
top of defconfig:

$ echo 'CONFIG_X86_KERNEL_IBT=n
CONFIG_UNWINDER_ORC=n
CONFIG_UNWINDER_FRAME_POINTER=y' >arch/x86/configs/repro.config
I was able to reproduce this and it seems to go away if KERNEL_IBT=y. When looking at the disassembly of do_one_initcall it seems the 2 return sites are not patched at all, I see:
0xffffffff81001284 <+84>: call 0xffffffff81f2d000 <__x86_indirect_thunk_array+96>
0xffffffff810012e7 <+183>: jmp 0xffffffff81f2d760 <__x86_return_thunk>
The former should be rewritten to an indirect call as per patch_retpoline and the latter should be rewritten altogether. I wonder if objtool ignores the function for some reason ...
[Index of Archives]     [Linux Stable Commits]     [Linux Stable Kernel]     [Linux Kernel]     [Linux USB Devel]     [Linux Video &Media]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux