Re: CET/IBT support and live-patches

Live Patching
 help / color / mirror / Atom feed

From: Peter Zijlstra <peterz@infradead.org>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Miroslav Benes <mbenes@suse.cz>,
	joao@overdrivepizza.com, nstange@suse.de, pmladek@suse.cz,
	jpoimboe@redhat.com, joe.lawrence@redhat.com,
	live-patching@vger.kernel.org, alexei.starovoitov@gmail.com
Subject: Re: CET/IBT support and live-patches
Date: Tue, 23 Nov 2021 21:40:39 +0100	[thread overview]
Message-ID: <20211123204039.GC721624@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20211123110320.75990e0b@gandalf.local.home>

On Tue, Nov 23, 2021 at 11:03:20AM -0500, Steven Rostedt wrote:
> On Tue, 23 Nov 2021 12:39:15 +0100 (CET)
> Miroslav Benes <mbenes@suse.cz> wrote:
> 
> > +++ b/kernel/livepatch/patch.c
> > @@ -127,15 +127,18 @@ static void notrace klp_ftrace_handler(unsigned long ip,
> >  /*
> >   * Convert a function address into the appropriate ftrace location.
> >   *
> > - * Usually this is just the address of the function, but on some architectures
> > - * it's more complicated so allow them to provide a custom behaviour.
> > + * Usually this is just the address of the function, but there are some
> > + * exceptions.
> > + *
> > + *   * PPC - live patch works only with -mprofile-kernel. In this case,
> > + *     the ftrace location is always within the first 16 bytes.
> > + *   * x86_64 with CET/IBT enabled - there is ENDBR instruction at +0 offset.
> > + *     __fentry__ follows it.
> >   */
> > -#ifndef klp_get_ftrace_location
> > -static unsigned long klp_get_ftrace_location(unsigned long faddr)
> > +static inline unsigned long klp_get_ftrace_location(unsigned long faddr)
> 
> Why make this the default function? It should only do this for powerpc and
> x86 *if* CET/IBT is enabled.

Well, only this variant of IBT. Once Joao gets his clang patches
together we'll probably have it back at +0.

Something like the below would be more robust, it also gets us something
grep-able for when the IBT code-gen changes yet again.

diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h
index 7c5cc6660e4b..4e683a1aa411 100644
--- a/arch/x86/include/asm/livepatch.h
+++ b/arch/x86/include/asm/livepatch.h
@@ -17,4 +17,13 @@ static inline void klp_arch_set_pc(struct ftrace_regs *fregs, unsigned long ip)
 	ftrace_instruction_pointer_set(fregs, ip);
 }
 
+#define klp_get_ftrace_location klp_get_ftrace_location
+static inline unsigned long klp_get_ftrace_location(unsigned long faddr)
+{
+	unsigned long addr = faddr_location(faddr);
+	if (!addr && IS_ENABLED(CONFIG_X86_IBT))
+		addr = faddr_location(faddr + 4);
+	return addr;
+}
+
 #endif /* _ASM_X86_LIVEPATCH_H */
diff --git a/kernel/livepatch/patch.c b/kernel/livepatch/patch.c
index fe316c021d73..fd295bbbcbc7 100644
--- a/kernel/livepatch/patch.c
+++ b/kernel/livepatch/patch.c
@@ -133,7 +133,7 @@ static void notrace klp_ftrace_handler(unsigned long ip,
 #ifndef klp_get_ftrace_location
 static unsigned long klp_get_ftrace_location(unsigned long faddr)
 {
-	return faddr;
+	return ftrace_location(faddr);
 }
 #endif

next prev parent reply	other threads:[~2021-11-23 20:41 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <70828ca9f840960c7a3f66cd8dc141f5@overdrivepizza.com>
2021-11-23  9:58 ` CET/IBT support and live-patches Miroslav Benes
2021-11-23 10:48   ` Peter Zijlstra
2021-11-23 11:39     ` Miroslav Benes
2021-11-23 14:10       ` Peter Zijlstra
2021-11-23 16:03       ` Steven Rostedt
2021-11-23 20:40         ` Peter Zijlstra [this message]
2021-11-24 10:02           ` Miroslav Benes
2021-11-23 20:58   ` Joe Lawrence
2021-11-23 21:16     ` Peter Zijlstra
2021-12-01 18:57       ` Joe Lawrence
2021-12-06  6:12         ` Josh Poimboeuf
2021-11-24 10:16     ` Miroslav Benes

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7c5cc6660e4 dfblob:4e683a1aa41 dfblob:fe316c021d7
dfblob:fd295bbbcbc )
 OR (
bs:"Re: CET/IBT support and live-patches" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211123204039.GC721624@worktop.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=alexei.starovoitov@gmail.com \
    --cc=joao@overdrivepizza.com \
    --cc=joe.lawrence@redhat.com \
    --cc=jpoimboe@redhat.com \
    --cc=live-patching@vger.kernel.org \
    --cc=mbenes@suse.cz \
    --cc=nstange@suse.de \
    --cc=pmladek@suse.cz \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox