From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC760EE49BF for ; Thu, 24 Aug 2023 15:04:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242070AbjHXPDu (ORCPT ); Thu, 24 Aug 2023 11:03:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54512 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235098AbjHXPDj (ORCPT ); Thu, 24 Aug 2023 11:03:39 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C90E19AE for ; Thu, 24 Aug 2023 08:03:37 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3ADF064FAC for ; Thu, 24 Aug 2023 15:03:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4E77DC433C9; Thu, 24 Aug 2023 15:03:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1692889416; bh=KWXE3rG7FUVxRF1eXFarCPavJl+dVLYH3IiTNSujLgk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2eZhfjx83sEmhWh9kObpnMVL656EAuPY/nhXgv+RC9Ok1a8d+TvkvAZoYqczY/oXr 4Q2ZU1zShwClufhvxyx3KUYLzYmRm/sFNwNHsxZ5Q/LynKG1Ddm5nQVy/JDNu+P8LF 9Aklw9hQWtwyLr37abG6EGgGaTV98/rIRBv4FE2I= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Christian Bricart , "Peter Zijlstra (Intel)" , Josh Poimboeuf , Sasha Levin Subject: [PATCH 5.10 129/135] x86/static_call: Fix __static_call_fixup() Date: Thu, 24 Aug 2023 16:51:12 +0200 Message-ID: <20230824145032.623305421@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230824145027.008282920@linuxfoundation.org> References: <20230824145027.008282920@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Peter Zijlstra commit 54097309620ef0dc2d7083783dc521c6a5fef957 upstream. Christian reported spurious module load crashes after some of Song's module memory layout patches. Turns out that if the very last instruction on the very last page of the module is a 'JMP __x86_return_thunk' then __static_call_fixup() will trip a fault and die. And while the module rework made this slightly more likely to happen, it's always been possible. Fixes: ee88d363d156 ("x86,static_call: Use alternative RET encoding") Reported-by: Christian Bricart Signed-off-by: Peter Zijlstra (Intel) Acked-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20230816104419.GA982867@hirez.programming.kicks-ass.net Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/static_call.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/arch/x86/kernel/static_call.c +++ b/arch/x86/kernel/static_call.c @@ -123,6 +123,19 @@ EXPORT_SYMBOL_GPL(arch_static_call_trans */ bool __static_call_fixup(void *tramp, u8 op, void *dest) { + unsigned long addr = (unsigned long)tramp; + /* + * Not all .return_sites are a static_call trampoline (most are not). + * Check if the 3 bytes after the return are still kernel text, if not, + * then this definitely is not a trampoline and we need not worry + * further. + * + * This avoids the memcmp() below tripping over pagefaults etc.. + */ + if (((addr >> PAGE_SHIFT) != ((addr + 7) >> PAGE_SHIFT)) && + !kernel_text_address(addr + 7)) + return false; + if (memcmp(tramp+5, tramp_ud, 3)) { /* Not a trampoline site, not our problem. */ return false;