From: Peter Zijlstra <peterz@infradead.org>
To: jpoimboe@kernel.org, x86@kernel.org
Cc: baron@akamai.com, rostedt@goodmis.org, ardb@kernel.org,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, hpa@zytor.com,
linux-kernel@vger.kernel.org, christian@bricart.de,
song@kernel.org, mcgrof@kernel.org
Subject: [PATCH v2] x86/static_call: Fix __static_call_fixup()
Date: Wed, 16 Aug 2023 12:44:19 +0200 [thread overview]
Message-ID: <20230816104419.GA982867@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20230815230809.GA973560@hirez.programming.kicks-ass.net>
Christian reported spurious module load crashes after some of Song's
module memory layout patches.
Turns out that if the very last instruction on the very last page of the
module is a 'JMP __x86_return_thunk' then __static_call_fixup() will
trip a fault and die.
And while the module rework made this slightly more likely to happen,
it's always been possible.
Fixes: ee88d363d156 ("x86,static_call: Use alternative RET encoding")
Reported-by: Christian Bricart <christian@bricart.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
arch/x86/kernel/static_call.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/arch/x86/kernel/static_call.c
+++ b/arch/x86/kernel/static_call.c
@@ -186,6 +186,19 @@ EXPORT_SYMBOL_GPL(arch_static_call_trans
*/
bool __static_call_fixup(void *tramp, u8 op, void *dest)
{
+ unsigned long addr = (unsigned long)tramp;
+ /*
+ * Not all .return_sites are a static_call trampoline (most are not).
+ * Check if the 3 bytes after the return are still kernel text, if not,
+ * then this definitely is not a trampoline and we need not worry
+ * further.
+ *
+ * This avoids the memcmp() below tripping over pagefaults etc..
+ */
+ if (((addr >> PAGE_SHIFT) != ((addr + 7) >> PAGE_SHIFT)) &&
+ !kernel_text_address(addr + 7))
+ return false;
+
if (memcmp(tramp+5, tramp_ud, 3)) {
/* Not a trampoline site, not our problem. */
return false;
next prev parent reply other threads:[~2023-08-16 10:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-15 23:08 [PATCH] x86/static_call: Fix __static_call_fixup() Peter Zijlstra
2023-08-15 23:14 ` Peter Zijlstra
2023-08-16 0:10 ` Josh Poimboeuf
2023-08-16 9:39 ` Peter Zijlstra
2023-08-16 0:41 ` Steven Rostedt
2023-08-16 9:39 ` Peter Zijlstra
2023-08-16 10:44 ` Peter Zijlstra [this message]
2023-08-16 21:02 ` [PATCH v2] " Josh Poimboeuf
2023-08-17 11:47 ` [tip: x86/urgent] " tip-bot2 for Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230816104419.GA982867@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=ardb@kernel.org \
--cc=baron@akamai.com \
--cc=bp@alien8.de \
--cc=christian@bricart.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mingo@redhat.com \
--cc=rostedt@goodmis.org \
--cc=song@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox