From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BAF931A58C for ; Mon, 16 Oct 2023 09:05:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="WrJf2BRW" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 05294C433C8; Mon, 16 Oct 2023 09:05:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1697447149; bh=KV56/v03mOyEUbTqVpTBIwMFvnfLe+QuUSHyfbm+1ZE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WrJf2BRWwC2UiIF0ahVghdRD4uvB/tb7E6+GxB2JWtiG0eWZ7YK4mb2wNZpmwd9JU r0mQ+wMb+joloVPuAh9X76iMOPd0kZ51HIHXNZVOGxQGTNLzN/YD7Kfk0LWUVj1N2S 05In1SVzWnWlxUcNl9EaLlrPH6Wlt3MFTwYzQnUE= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Fei Yang , "Kirill A. Shutemov" , Ingo Molnar , "Peter Zijlstra (Intel)" , Linus Torvalds Subject: [PATCH 6.1 126/131] x86/alternatives: Disable KASAN in apply_alternatives() Date: Mon, 16 Oct 2023 10:41:49 +0200 Message-ID: <20231016084003.199413956@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231016084000.050926073@linuxfoundation.org> References: <20231016084000.050926073@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.1-stable review patch. If anyone has any objections, please let me know. ------------------ From: Kirill A. Shutemov commit d35652a5fc9944784f6f50a5c979518ff8dacf61 upstream. Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled(). KASAN gets confused when apply_alternatives() patches the KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue. Fix it for real by disabling KASAN while the kernel is patching alternatives. [ mingo: updated the changelog ] Fixes: 6657fca06e3f ("x86/mm: Allow to boot without LA57 if CONFIG_X86_5LEVEL=y") Reported-by: Fei Yang Signed-off-by: Kirill A. Shutemov Signed-off-by: Ingo Molnar Acked-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20231012100424.1456-1-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/alternative.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -270,6 +270,17 @@ void __init_or_module noinline apply_alt u8 insn_buff[MAX_PATCH_LEN]; DPRINTK("alt table %px, -> %px", start, end); + + /* + * In the case CONFIG_X86_5LEVEL=y, KASAN_SHADOW_START is defined using + * cpu_feature_enabled(X86_FEATURE_LA57) and is therefore patched here. + * During the process, KASAN becomes confused seeing partial LA57 + * conversion and triggers a false-positive out-of-bound report. + * + * Disable KASAN until the patching is complete. + */ + kasan_disable_current(); + /* * The scan order should be from start to end. A later scanned * alternative code can overwrite previously scanned alternative code. @@ -337,6 +348,8 @@ void __init_or_module noinline apply_alt next: optimize_nops(instr, a->instrlen); } + + kasan_enable_current(); } static inline bool is_jcc32(struct insn *insn)