Re: CET/IBT support and live-patches

Live Patching
 help / color / mirror / Atom feed

From: Peter Zijlstra <peterz@infradead.org>
To: Miroslav Benes <mbenes@suse.cz>
Cc: joao@overdrivepizza.com, nstange@suse.de, pmladek@suse.cz,
	jpoimboe@redhat.com, joe.lawrence@redhat.com,
	live-patching@vger.kernel.org,
	Steven Rostedt <rostedt@goodmis.org>,
	alexei.starovoitov@gmail.com
Subject: Re: CET/IBT support and live-patches
Date: Tue, 23 Nov 2021 15:10:46 +0100	[thread overview]
Message-ID: <YZz2ZvfxoLbxL8r6@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <alpine.LSU.2.21.2111231237090.15177@pobox.suse.cz>

On Tue, Nov 23, 2021 at 12:39:15PM +0100, Miroslav Benes wrote:

> Ok. And we would need something like the following for the livepatch (not 
> even compile tested).
> 
> ---
> 
> diff --git a/arch/powerpc/include/asm/livepatch.h b/arch/powerpc/include/asm/livepatch.h
> index 4fe018cc207b..7b9dcd51af32 100644
> --- a/arch/powerpc/include/asm/livepatch.h
> +++ b/arch/powerpc/include/asm/livepatch.h
> @@ -19,16 +19,6 @@ static inline void klp_arch_set_pc(struct ftrace_regs *fregs, unsigned long ip)
>  	regs_set_return_ip(regs, ip);
>  }
>  
> -#define klp_get_ftrace_location klp_get_ftrace_location
> -static inline unsigned long klp_get_ftrace_location(unsigned long faddr)
> -{
> -	/*
> -	 * Live patch works only with -mprofile-kernel on PPC. In this case,
> -	 * the ftrace location is always within the first 16 bytes.
> -	 */
> -	return ftrace_location_range(faddr, faddr + 16);
> -}
> -
>  static inline void klp_init_thread_info(struct task_struct *p)
>  {
>  	/* + 1 to account for STACK_END_MAGIC */
> diff --git a/kernel/livepatch/patch.c b/kernel/livepatch/patch.c
> index fe316c021d73..81cd9235e160 100644
> --- a/kernel/livepatch/patch.c
> +++ b/kernel/livepatch/patch.c
> @@ -127,15 +127,18 @@ static void notrace klp_ftrace_handler(unsigned long ip,
>  /*
>   * Convert a function address into the appropriate ftrace location.
>   *
> - * Usually this is just the address of the function, but on some architectures
> - * it's more complicated so allow them to provide a custom behaviour.
> + * Usually this is just the address of the function, but there are some
> + * exceptions.
> + *
> + *   * PPC - live patch works only with -mprofile-kernel. In this case,
> + *     the ftrace location is always within the first 16 bytes.
> + *   * x86_64 with CET/IBT enabled - there is ENDBR instruction at +0 offset.
> + *     __fentry__ follows it.
>   */
> -#ifndef klp_get_ftrace_location
> -static unsigned long klp_get_ftrace_location(unsigned long faddr)
> +static inline unsigned long klp_get_ftrace_location(unsigned long faddr)
>  {
> -	return faddr;
> +	return ftrace_location_range(faddr, faddr + 16);
>  }
> -#endif

Agreed, in fact, it should have called at least ftrace_location()
before, as a sanity check the address is in fact a listed fentry site.

I wonder though, given ftrace_cmp_recs() what the behaviour is if
there's two fentry sites within those 16 bytes... I don't think it will
uniquely return the leftmost one, so that might need some thinking.

Consider:

foo:
	endbr
	call __fentry__
	ret;
bar:
	endbr
	call __fentry__
	...

then both sites are within 16 bytes of one another.

next prev parent reply	other threads:[~2021-11-23 14:11 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <70828ca9f840960c7a3f66cd8dc141f5@overdrivepizza.com>
2021-11-23  9:58 ` CET/IBT support and live-patches Miroslav Benes
2021-11-23 10:48   ` Peter Zijlstra
2021-11-23 11:39     ` Miroslav Benes
2021-11-23 14:10       ` Peter Zijlstra [this message]
2021-11-23 16:03       ` Steven Rostedt
2021-11-23 20:40         ` Peter Zijlstra
2021-11-24 10:02           ` Miroslav Benes
2021-11-23 20:58   ` Joe Lawrence
2021-11-23 21:16     ` Peter Zijlstra
2021-12-01 18:57       ` Joe Lawrence
2021-12-06  6:12         ` Josh Poimboeuf
2021-11-24 10:16     ` Miroslav Benes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YZz2ZvfxoLbxL8r6@hirez.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=alexei.starovoitov@gmail.com \
    --cc=joao@overdrivepizza.com \
    --cc=joe.lawrence@redhat.com \
    --cc=jpoimboe@redhat.com \
    --cc=live-patching@vger.kernel.org \
    --cc=mbenes@suse.cz \
    --cc=nstange@suse.de \
    --cc=pmladek@suse.cz \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox