Re: [PATCH] x86/alternatives: Disable KASAN on text_poke_early() in apply_alternatives()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Zijlstra <peterz@infradead.org>
To: Borislav Petkov <bp@alien8.de>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
	Andrey Ryabinin <ryabinin.a.a@gmail.com>,
	Alexander Potapenko <glider@google.com>,
	Andrey Konovalov <andreyknvl@gmail.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Vincenzo Frascino <vincenzo.frascino@arm.com>,
	kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
	Fei Yang <fei.yang@intel.com>,
	stable@vger.kernel.org
Subject: Re: [PATCH] x86/alternatives: Disable KASAN on text_poke_early() in apply_alternatives()
Date: Tue, 10 Oct 2023 12:10:56 +0200	[thread overview]
Message-ID: <20231010101056.GF377@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20231010081938.GBZSUJGlSvEkFIDnES@fat_crate.local>

On Tue, Oct 10, 2023 at 10:19:38AM +0200, Borislav Petkov wrote:
> On Tue, Oct 10, 2023 at 08:37:16AM +0300, Kirill A. Shutemov wrote:
> > On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)
> > got patched. It includes KASAN code, where KASAN_SHADOW_START depends on
> > __VIRTUAL_MASK_SHIFT, which is defined with the cpu_feature_enabled().
> 
> So use boot_cpu_has(X86_FEATURE_LA57).
> 
> > It seems that KASAN gets confused when apply_alternatives() patches the
> 
> It seems?
> 
> > KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START
> > static, by replacing __VIRTUAL_MASK_SHIFT with 56, fixes the issue.
> > 
> > During text_poke_early() in apply_alternatives(), KASAN should be
> > disabled. KASAN is already disabled in non-_early() text_poke().
> > 
> > It is unclear why the issue was not reported earlier. Bisecting does not
> > help. Older kernels trigger the issue less frequently, but it still
> > occurs. In the absence of any other clear offenders, the initial dynamic
> > 5-level paging support is to blame.
> 
> This whole thing sounds like it is still not really clear what is
> actually happening...

somewhere along the line __asan_loadN() gets tripped, this then ends up
in kasan_check_range() -> check_region_inline() -> addr_has_metadata().

This latter has: kasan_shadow_to_mem() which is compared against
KASAN_SHADOW_START, which includes, as Kirill says __VIRTUAL_MASK_SHIFT.

Now, obviously you really don't want boot_cpu_has() in
__VIRTUAL_MASK_SHIFT, that would be really bad (Linus recently
complained about how horrible the code-gen is around this already, must
not make it far worse).


Anyway, being half-way through patching X86_FEATURE_LA57 thing *are*
inconsistent and I really can't blame things for going sideways.

That said, I don't particularly like the patch, I think it should, at
the veyr least, cover all of apply_alternatives, not just
text_poke_early().

next prev parent reply	other threads:[~2023-10-10 10:11 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-10  5:37 [PATCH] x86/alternatives: Disable KASAN on text_poke_early() in apply_alternatives() Kirill A. Shutemov
2023-10-10  8:19 ` Borislav Petkov
2023-10-10  8:40   ` Kirill A. Shutemov
2023-10-10  9:12     ` Borislav Petkov
2023-10-10 10:24       ` Kirill A. Shutemov
2023-10-10 10:10   ` Peter Zijlstra [this message]
2023-10-10 10:16     ` Peter Zijlstra
2023-10-10 10:30       ` Kirill A. Shutemov
2023-10-10 10:25     ` Kirill A. Shutemov
2023-10-10 11:24       ` Peter Zijlstra
2023-10-10 13:10     ` Borislav Petkov
2023-10-10 13:54       ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231010101056.GF377@noisy.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=andreyknvl@gmail.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=dvyukov@google.com \
    --cc=fei.yang@intel.com \
    --cc=glider@google.com \
    --cc=hpa@zytor.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=ryabinin.a.a@gmail.com \
    --cc=stable@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=vincenzo.frascino@arm.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.