Re: [PATCH] x86/alternatives: check int3 breakpoint physical addresses

From: Alexandre Chartre
Date: Thu Feb 21 2019 - 05:15:28 EST

Next message: Marc Zyngier: "Re: [PATCH] irqchip: brcmstb-l2: use _irqsave variants in non-interrupt code"
Previous message: Michal Kubecek: "Re: [RFC PATCH net-next v3 15/21] ethtool: provide link settings and link modes in GET_SETTINGS request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/11/2019 10:57 AM, Alexandre Chartre wrote:

On 02/11/2019 10:15 AM, Thomas Gleixner wrote:

On Mon, 11 Feb 2019, Alexandre Chartre wrote:

On 02/10/2019 10:23 PM, Thomas Gleixner wrote:

On Fri, 25 Jan 2019, Alexandre Chartre wrote:

Note that this issue has been observed and reproduced with a custom kernel
with some code mapped to different virtual addresses and using jump labels
As jump labels use text_poke_bp(), crashes were sometimes observed when
updating jump labels.

Rightfully so. text_poke_bp() pokes at the kernels text mapping which is
very well defined and unique. Why would you map the same text to different
virtual addresses and then use a randomly chosen one to poke at it?

As an example, we used to have per-CPU SYSCALL entry trampoline [1] where the
entry_SYSCALL_64_trampoline function was mapped to a different virtual address
for each CPU. So, a syscall would execute entry_SYSCALL_64_trampoline() from a
different virtual address depending on the CPU being used. With that code,
adding a jump label in entry_SYSCALL_64_trampoline() causes the described
issue.

Right, but we knew that and there was no reason to put a jump label into
that. AFAICT we don't have anything like this in the kernel.

In our particular case, we have introduced a jump label in JMP_NOSPEC (which
is used by entry_SYSCALL_64_trampoline()) to have the option to dynamically
enable/disable retpoline at runtime. So that's when we faced this issue.

That said, I'm not opposed to apply the patch as is, I just wanted to get a
better understanding about the background.

Sure. I am aware this is a corner case, and I was precisely looking for feedback
to check if it is worth fixing that issue. So I appreciate your reply, and I would
understand if the patch is rejected because that's a case that we are just not
expecting to happen.

Hi Thomas,

Do you have any final thought about this patch? Should we drop it or apply it?
As the patch is small and simple, I think it's worth applying it to prevent
any such (future?) issue.

Thanks,

alex.

Next message: Marc Zyngier: "Re: [PATCH] irqchip: brcmstb-l2: use _irqsave variants in non-interrupt code"
Previous message: Michal Kubecek: "Re: [RFC PATCH net-next v3 15/21] ethtool: provide link settings and link modes in GET_SETTINGS request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]