From: sashiko-bot@kernel.org
To: "Wang Han" <wanghan@linux.alibaba.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v3 8/8] selftests/livepatch: Add RISC-V syscall wrapper prefix
Date: Tue, 09 Jun 2026 06:45:51 +0000 [thread overview]
Message-ID: <20260609064551.E2F6C1F00898@smtp.kernel.org> (raw)
In-Reply-To: <20260609063002.3943001-8-wanghan@linux.alibaba.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [High] The module initialization function `livepatch_init()` leaks `klp_kobj` and its associated sysfs directory if `klp_enable_patch()` fails, leading to a kernel use-after-free.
--
commit 35d6758515b1de6295d7ae1a97c70e768cac9dfc
Author: Wang Han <wanghan@linux.alibaba.com>
selftests/livepatch: Add RISC-V syscall wrapper prefix
The syscall livepatch selftest resolves and patches a syscall wrapper
symbol. To use that test for RISC-V livepatch validation, add the
RISC-V FN_PREFIX definition for ARCH_HAS_SYSCALL_WRAPPER.
> diff --git a/tools/testing/selftests/livepatch/test_modules/test_klp_syscall.c b/tools/testing/selftests/livepatch/test_modules/test_klp_syscall.c
> index dd802783ea849..275e4b10cf595 100644
> --- a/tools/testing/selftests/livepatch/test_modules/test_klp_syscall.c
> +++ b/tools/testing/selftests/livepatch/test_modules/test_klp_syscall.c
> @@ -18,6 +18,8 @@
> #define FN_PREFIX __s390x_
> #elif defined(__aarch64__)
> #define FN_PREFIX __arm64_
> +#elif defined(__riscv)
> +#define FN_PREFIX __riscv_
> #else
> /* powerpc does not select ARCH_HAS_SYSCALL_WRAPPER */
> #define FN_PREFIX
[Severity: High]
This isn't a bug introduced by this patch, but does livepatch_init() leak
klp_kobj and its associated sysfs directory if klp_enable_patch() fails?
If klp_enable_patch() returns an error code, livepatch_init() returns this
error directly without calling kobject_put(klp_kobj):
tools/testing/selftests/livepatch/test_modules/test_klp_syscall.c:livepatch_init() {
...
klp_kobj = kobject_create_and_add("test_klp_syscall", kernel_kobj);
if (!klp_kobj)
return -ENOMEM;
ret = sysfs_create_file(klp_kobj, &klp_attr.attr);
if (ret) {
kobject_put(klp_kobj);
return ret;
}
...
return klp_enable_patch(&patch);
}
Because the initialization fails, the module loader frees the module memory,
but the sysfs file /sys/kernel/test_klp_syscall/npids remains registered.
A subsequent user-space access to this sysfs file could dereference a pointer
to the now-freed module data (klp_attr) and execute a freed function pointer
(npids_show), resulting in a use-after-free.
--
Sashiko AI review · https://sashiko.dev/#/patchset/cover.194d76e3a15b.v3.riscv-livepatch.wanghan@linux.alibaba.com?part=8
next prev parent reply other threads:[~2026-06-09 6:45 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-27 12:35 [PATCH 0/8] riscv: Add reliable stack unwinding for livepatch Wang Han
2026-05-27 12:35 ` [PATCH 1/8] scripts/sorttable: Handle RISC-V patchable ftrace entries Wang Han
2026-05-27 15:30 ` Steven Rostedt
2026-05-28 5:38 ` Wang Han
2026-06-03 7:14 ` Chen Pei
2026-05-27 12:35 ` [PATCH 2/8] riscv: stacktrace: Add frame record metadata Wang Han
2026-05-27 12:35 ` [PATCH 3/8] riscv: stacktrace: disable KASAN instrumentation for stacktrace.o Wang Han
2026-05-27 12:35 ` [PATCH 4/8] riscv: ftrace: always preserve s0 in dynamic ftrace register frame Wang Han
2026-05-27 12:35 ` [PATCH 5/8] riscv: stacktrace: introduce stack-bound tracking helpers Wang Han
2026-05-27 12:35 ` [PATCH 6/8] riscv: stacktrace: switch to frame-pointer based unwinder Wang Han
2026-05-27 12:35 ` [PATCH 7/8] riscv: Kconfig: enable HAVE_RELIABLE_STACKTRACE and HAVE_LIVEPATCH Wang Han
2026-05-27 12:35 ` [PATCH 8/8] selftests/livepatch: Add RISC-V syscall wrapper prefix Wang Han
2026-05-28 8:23 ` [PATCH v2 0/8] riscv: Add reliable stack unwinding for livepatch Wang Han
2026-06-09 6:29 ` [PATCH v3 " Wang Han
2026-06-09 6:29 ` [PATCH v3 1/8] scripts/sorttable: Handle RISC-V patchable ftrace entries Wang Han
2026-06-09 7:27 ` Martin Kaiser
2026-06-09 6:29 ` [PATCH v3 2/8] riscv: stacktrace: Add frame record metadata Wang Han
2026-06-09 6:29 ` [PATCH v3 3/8] riscv: stacktrace: disable KASAN and KCOV instrumentation for stacktrace.o Wang Han
2026-06-09 6:29 ` [PATCH v3 4/8] riscv: ftrace: always preserve s0 in dynamic ftrace register frame Wang Han
2026-06-09 6:29 ` [PATCH v3 5/8] riscv: stacktrace: introduce stack-bound tracking helpers Wang Han
2026-06-09 6:41 ` sashiko-bot
2026-06-09 6:29 ` [PATCH v3 6/8] riscv: stacktrace: switch to frame-pointer based unwinder Wang Han
2026-06-09 8:44 ` sashiko-bot
2026-06-09 6:29 ` [PATCH v3 7/8] riscv: Kconfig: enable HAVE_RELIABLE_STACKTRACE and HAVE_LIVEPATCH Wang Han
2026-06-09 6:29 ` [PATCH v3 8/8] selftests/livepatch: Add RISC-V syscall wrapper prefix Wang Han
2026-06-09 6:45 ` sashiko-bot [this message]
2026-05-28 8:23 ` [PATCH v2 1/8] scripts/sorttable: Handle RISC-V patchable ftrace entries Wang Han
2026-05-28 13:21 ` Steven Rostedt
2026-06-01 6:17 ` Shuai Xue
2026-06-01 13:57 ` Steven Rostedt
2026-06-03 2:10 ` Shuai Xue
2026-05-28 8:23 ` [PATCH v2 2/8] riscv: stacktrace: Add frame record metadata Wang Han
2026-06-02 11:18 ` Shuai Xue
2026-05-28 8:23 ` [PATCH v2 3/8] riscv: stacktrace: disable KASAN instrumentation for stacktrace.o Wang Han
2026-06-02 11:22 ` Shuai Xue
2026-05-28 8:23 ` [PATCH v2 4/8] riscv: ftrace: always preserve s0 in dynamic ftrace register frame Wang Han
2026-06-02 11:37 ` Shuai Xue
2026-05-28 8:23 ` [PATCH v2 5/8] riscv: stacktrace: introduce stack-bound tracking helpers Wang Han
2026-06-03 1:23 ` Shuai Xue
2026-05-28 8:23 ` [PATCH v2 6/8] riscv: stacktrace: switch to frame-pointer based unwinder Wang Han
2026-06-03 1:35 ` Shuai Xue
2026-05-28 8:23 ` [PATCH v2 7/8] riscv: Kconfig: enable HAVE_RELIABLE_STACKTRACE and HAVE_LIVEPATCH Wang Han
2026-06-03 1:49 ` Shuai Xue
2026-05-28 8:23 ` [PATCH v2 8/8] selftests/livepatch: Add RISC-V syscall wrapper prefix Wang Han
2026-05-28 13:33 ` Marcos Paulo de Souza
2026-06-03 1:54 ` Shuai Xue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260609064551.E2F6C1F00898@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=wanghan@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox