From: Greg KH <gregkh@linuxfoundation.org>
To: Rui Qi <qirui.001@bytedance.com>
Cc: bp@alien8.de, mingo@redhat.com, tglx@linutronix.de,
hpa@zytor.com, jpoimboe@redhat.com, peterz@infradead.org,
mbenes@suse.cz, stable@vger.kernel.org,
alexandre.chartre@oracle.com, x86@kernel.org,
linux-kernel@vger.kernel.org, sashal@kernel.org
Subject: Re: [PATCH V3 RESEND 0/3] Support intra-function call validation
Date: Fri, 29 Mar 2024 11:16:38 +0100 [thread overview]
Message-ID: <2024032928-slit-tricky-cdd2@gregkh> (raw)
In-Reply-To: <20240327094447.47375-1-qirui.001@bytedance.com>
On Wed, Mar 27, 2024 at 05:44:44PM +0800, Rui Qi wrote:
> Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable.
> When compiling the sample code for kernel live patching, the following message is displayed when enabled:
>
> livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
>
> Reproduction steps:
> 1.git checkout v5.4.269 -b v5.4.269
> 2.make defconfig
> 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m
> 4. make -j bzImage
> 5. make samples/livepatch/livepatch-sample.ko
> 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
> 7. insmod livepatch-sample.ko
>
> Kernel live patch cannot complete successfully.
>
> After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
> [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
> [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
> [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
> [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
> [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> ......
>
> BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269
>
> After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
> which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally.
> It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.
>
> Based on commit 24489321d0cd5339f9c2da01eb8bf2bccbac7956 (Linux 5.4.273), This patchset adds stack validation support for intra-function calls,
> allowing the kernel live patching feature to work correctly.
Sorry for the delay, all now queued up.
greg k-h
prev parent reply other threads:[~2024-03-29 10:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-27 9:44 [PATCH V3 RESEND 0/3] Support intra-function call validation Rui Qi
2024-03-27 9:44 ` [PATCH V3 RESEND 1/3] objtool: is_fentry_call() crashes if call has no destination Rui Qi
2024-03-27 9:44 ` [PATCH V3 RESEND 2/3] objtool: Add support for intra-function calls Rui Qi
2024-03-27 9:44 ` [PATCH V3 RESEND 3/3] x86/speculation: Support intra-function call validation Rui Qi
2024-03-29 10:16 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024032928-slit-tricky-cdd2@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=alexandre.chartre@oracle.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=qirui.001@bytedance.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.