[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/6] x86/alternative: Intend the relocation logic

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Tue, 23 Apr 2024 17:01:38 +0200
Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL
Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 23 Apr 2024 15:01:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22.04.2024 20:14, Andrew Cooper wrote:
> ... to make subsequent patches legible.
> 
> No functional change.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
even if (perhaps due to changes in the "real" patch) some of this re-
indenting wants doing differently, just with ...

> --- a/xen/arch/x86/alternative.c
> +++ b/xen/arch/x86/alternative.c
> @@ -244,78 +244,80 @@ static void init_or_livepatch 
> _apply_alternatives(struct alt_instr *start,
>  
>          memcpy(buf, repl, a->repl_len);
>  
> -        /* 0xe8/0xe9 are relative branches; fix the offset. */
> -        if ( a->repl_len >= 5 && (*buf & 0xfe) == 0xe8 )
>          {
> -            /*
> -             * Detect the special case of indirect-to-direct branch patching:
> -             * - replacement is a direct CALL/JMP (opcodes 0xE8/0xE9; already
> -             *   checked above),
> -             * - replacement's displacement is -5 (pointing back at the very
> -             *   insn, which makes no sense in a real replacement insn),
> -             * - original is an indirect CALL/JMP (opcodes 0xFF/2 or 0xFF/4)
> -             *   using RIP-relative addressing.
> -             * Some branch destinations may still be NULL when we come here
> -             * the first time. Defer patching of those until the post-presmp-
> -             * initcalls re-invocation (with force set to true). If at that
> -             * point the branch destination is still NULL, insert "UD2; UD0"
> -             * (for ease of recognition) instead of CALL/JMP.
> -             */
> -            if ( a->cpuid == X86_FEATURE_ALWAYS &&
> -                 *(int32_t *)(buf + 1) == -5 &&
> -                 a->orig_len >= 6 &&
> -                 orig[0] == 0xff &&
> -                 orig[1] == (*buf & 1 ? 0x25 : 0x15) )
> +            /* 0xe8/0xe9 are relative branches; fix the offset. */
> +            if ( a->repl_len >= 5 && (*buf & 0xfe) == 0xe8 )
>              {
> -                long disp = *(int32_t *)(orig + 2);
> -                const uint8_t *dest = *(void **)(orig + 6 + disp);
> -
> -                if ( dest )
> +                /*
> +                 * Detect the special case of indirect-to-direct branch 
> patching:
> +                 * - replacement is a direct CALL/JMP (opcodes 0xE8/0xE9; 
> already
> +                 *   checked above),
> +                 * - replacement's displacement is -5 (pointing back at the 
> very
> +                 *   insn, which makes no sense in a real replacement insn),
> +                 * - original is an indirect CALL/JMP (opcodes 0xFF/2 or 
> 0xFF/4)
> +                 *   using RIP-relative addressing.
> +                 * Some branch destinations may still be NULL when we come 
> here
> +                 * the first time. Defer patching of those until the 
> post-presmp-
> +                 * initcalls re-invocation (with force set to true). If at 
> that
> +                 * point the branch destination is still NULL, insert "UD2; 
> UD0"
> +                 * (for ease of recognition) instead of CALL/JMP.
> +                 */
> +                if ( a->cpuid == X86_FEATURE_ALWAYS &&
> +                     *(int32_t *)(buf + 1) == -5 &&
> +                     a->orig_len >= 6 &&
> +                     orig[0] == 0xff &&
> +                     orig[1] == (*buf & 1 ? 0x25 : 0x15) )
>                  {
> -                    /*
> -                     * When building for CET-IBT, all function pointer 
> targets
> -                     * should have an endbr64 instruction.
> -                     *
> -                     * If this is not the case, leave a warning because
> -                     * something is probably wrong with the build.  A CET-IBT
> -                     * enabled system might have exploded already.
> -                     *
> -                     * Otherwise, skip the endbr64 instruction.  This is a
> -                     * marginal perf improvement which saves on instruction
> -                     * decode bandwidth.
> -                     */
> -                    if ( IS_ENABLED(CONFIG_XEN_IBT) )
> +                    long disp = *(int32_t *)(orig + 2);
> +                    const uint8_t *dest = *(void **)(orig + 6 + disp);
> +
> +                    if ( dest )
>                      {
> -                        if ( is_endbr64(dest) )
> -                            dest += ENDBR64_LEN;
> -                        else
> -                            printk(XENLOG_WARNING
> -                                   "altcall %ps dest %ps has no endbr64\n",
> -                                   orig, dest);
> +                        /*
> +                         * When building for CET-IBT, all function pointer 
> targets
> +                         * should have an endbr64 instruction.
> +                         *
> +                         * If this is not the case, leave a warning because
> +                         * something is probably wrong with the build.  A 
> CET-IBT
> +                         * enabled system might have exploded already.
> +                         *
> +                         * Otherwise, skip the endbr64 instruction.  This is 
> a
> +                         * marginal perf improvement which saves on 
> instruction
> +                         * decode bandwidth.
> +                         */
> +                        if ( IS_ENABLED(CONFIG_XEN_IBT) )
> +                        {
> +                            if ( is_endbr64(dest) )
> +                                dest += ENDBR64_LEN;
> +                            else
> +                                printk(XENLOG_WARNING
> +                                       "altcall %ps dest %ps has no 
> endbr64\n",
> +                                       orig, dest);
> +                        }
> +
> +                        disp = dest - (orig + 5);
> +                        ASSERT(disp == (int32_t)disp);
> +                        *(int32_t *)(buf + 1) = disp;
>                      }
> -
> -                    disp = dest - (orig + 5);
> -                    ASSERT(disp == (int32_t)disp);
> -                    *(int32_t *)(buf + 1) = disp;
> -                }
> -                else if ( force )
> -                {
> -                    buf[0] = 0x0f;
> -                    buf[1] = 0x0b;
> -                    buf[2] = 0x0f;
> -                    buf[3] = 0xff;
> -                    buf[4] = 0xff;
> +                    else if ( force )
> +                    {
> +                        buf[0] = 0x0f;
> +                        buf[1] = 0x0b;
> +                        buf[2] = 0x0f;
> +                        buf[3] = 0xff;
> +                        buf[4] = 0xff;
> +                    }
> +                    else
> +                        continue;
>                  }
> +                else if ( force && system_state < SYS_STATE_active )
> +                    ASSERT_UNREACHABLE();
>                  else
> -                    continue;
> +                    *(int32_t *)(buf + 1) += repl - orig;
>              }
> -            else if ( force && system_state < SYS_STATE_active )
> +            else if ( force && system_state < SYS_STATE_active  )

... this undone.

Jan

References:
- [PATCH 0/6] x86/alternatives: Adjust all insn-relative fields
  - From: Andrew Cooper
- [PATCH 3/6] x86/alternative: Intend the relocation logic
  - From: Andrew Cooper

Prev by Date: Re: [PATCH v2 1/5] x86: Update x86 low level version check of microcode
Next by Date: Re: [PATCH 4/6] x86/alternative: Replace a continue with a goto
Previous by thread: Re: [PATCH 3/6] x86/alternative: Intend the relocation logic
Next by thread: [PATCH 4/6] x86/alternative: Replace a continue with a goto
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.